libxslt RC4加密/解密函数堆溢出漏洞
BUGTRAQ ID: 30467 CVE(CAN) ID: CVE-2008-2935 Libxslt是为GNOME项目开发的XSLT C库,XSLT本身是用于定义XML转换的XML语言。 Libxslt库的crypto.c文件中crypto:rc4_encrypt函数错误的信任了密钥字符串的长度: static void exsltCryptoRc4EncryptFunction (xmlXPathParserContextPtr ctxt, int nargs) { ... key = xmlXPathPopString (ctxt); key_len = xmlUTF8Strlen (str); ... padkey = xmlMallocAtomic (RC4_KEY_LENGTH); key_size = xmlUTF8Strsize (key, key_len); memcpy (padkey, key, key_size); memset (padkey + key_size, '\0', sizeof (padkey)); ... padkey堆分配是固定的128位(RC4_KEY_LENGTH),但却从XSL函数参数拷贝了任意长度的字符串,带有超长输入的XML文件就可以触发堆溢出,导致执行任意指令。 XMLSoft libxslt 1.1.24 Debian ------ Debian已经为此发布了一个安全公告(DSA-1624-1)以及相应补丁: DSA-1624-1:New libxslt packages fix arbitrary code execution 链接:<a href=http://www.debian.org/security/2008/dsa-1624 target=_blank>http://www.debian.org/security/2008/dsa-1624</a> 补丁下载: Source archives: <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19.orig.tar.gz...
BUGTRAQ ID: 30467 CVE(CAN) ID: CVE-2008-2935 Libxslt是为GNOME项目开发的XSLT C库,XSLT本身是用于定义XML转换的XML语言。 Libxslt库的crypto.c文件中crypto:rc4_encrypt函数错误的信任了密钥字符串的长度: static void exsltCryptoRc4EncryptFunction (xmlXPathParserContextPtr ctxt, int nargs) { ... key = xmlXPathPopString (ctxt); key_len = xmlUTF8Strlen (str); ... padkey = xmlMallocAtomic (RC4_KEY_LENGTH); key_size = xmlUTF8Strsize (key, key_len); memcpy (padkey, key, key_size); memset (padkey + key_size, '\0', sizeof (padkey)); ... padkey堆分配是固定的128位(RC4_KEY_LENGTH),但却从XSL函数参数拷贝了任意长度的字符串,带有超长输入的XML文件就可以触发堆溢出,导致执行任意指令。 XMLSoft libxslt 1.1.24 Debian ------ Debian已经为此发布了一个安全公告(DSA-1624-1)以及相应补丁: DSA-1624-1:New libxslt packages fix arbitrary code execution 链接:<a href=http://www.debian.org/security/2008/dsa-1624 target=_blank>http://www.debian.org/security/2008/dsa-1624</a> 补丁下载: Source archives: <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19.orig.tar.gz</a> Size/MD5 checksum: 2799906 622e5843167593c8ea39bf86c66b8fcf <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-3.diff.gz target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-3.diff.gz</a> Size/MD5 checksum: 149686 b62a7dd0aa648576a266cd20d634c216 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-3.dsc target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-3.dsc</a> Size/MD5 checksum: 849 7d98fdda0079574b360d4a6e2a12e2be alpha architecture (DEC Alpha) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_alpha.deb</a> Size/MD5 checksum: 107264 4aac707640a9fcf9aabcd42336b38be3 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_alpha.deb</a> Size/MD5 checksum: 365058 0e966c67dfbc374141960789fcbe96ab <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_alpha.deb</a> Size/MD5 checksum: 690408 a431dcc2f32428677e7b737b971e0f9e <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_alpha.deb</a> Size/MD5 checksum: 230788 55d88a4f39eeccf4a21cd2b335c35ae5 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_alpha.deb</a> Size/MD5 checksum: 131312 ce983f9b6de55027f803e39d1dda2a25 amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_amd64.deb</a> Size/MD5 checksum: 362484 c91d2d5458f6de4002b4401f5675b742 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_amd64.deb</a> Size/MD5 checksum: 225658 6d4a52da7c2ca5a4280b06bdf03875e0 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_amd64.deb</a> Size/MD5 checksum: 630884 06616b7e52d2fc80530302c7d3acd540 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_amd64.deb</a> Size/MD5 checksum: 106562 7782d3653528b848ce1d98455f790196 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_amd64.deb</a> Size/MD5 checksum: 131782 8e9ed3c7418725e1853ae5ccbd082c9b arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_arm.deb</a> Size/MD5 checksum: 106452 9ef81b83e04979147310ec62d2682550 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_arm.deb</a> Size/MD5 checksum: 346610 29566f2276ff440e778dac5fb667f346 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_arm.deb</a> Size/MD5 checksum: 613436 a9a4ebc76beb7ca67f9a7e92e8029ca7 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_arm.deb</a> Size/MD5 checksum: 213438 2c16e6911e26b8fb360aabd16281c0f6 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_arm.deb</a> Size/MD5 checksum: 126468 b97c69ae48a06fd09a41fadc7c00366c hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_hppa.deb</a> Size/MD5 checksum: 659318 c0f64453ca8cb8dbe9f3970cf157b3ab <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_hppa.deb</a> Size/MD5 checksum: 238420 a7c8f14314bdb82fc51ec1578f4efad3 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_hppa.deb</a> Size/MD5 checksum: 107274 3fc49ac897c34e339b3f496700bdfd5e <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_hppa.deb</a> Size/MD5 checksum: 132222 3f4dc4e5f1162e819bc534c610fad3dc <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_hppa.deb</a> Size/MD5 checksum: 360748 a8c4ae1c8f2e8c348c852a0931f762c5 i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_i386.deb</a> Size/MD5 checksum: 105974 ea524e8b733c0aa52b797692ee2619b6 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_i386.deb</a> Size/MD5 checksum: 216014 27edcf6172b7d9b5b304bf2265ce6e48 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_i386.deb</a> Size/MD5 checksum: 128718 3bb1df547e3b5312a382bda417a23bc6 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_i386.deb</a> Size/MD5 checksum: 352132 a7707c2b2a1014f61b79383d639c734f <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_i386.deb</a> Size/MD5 checksum: 589190 ea9dbf9647d07f026c6b1fd40c0a2546 ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_ia64.deb</a> Size/MD5 checksum: 364096 277f76958053137cd94f84d3543bfd75 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_ia64.deb</a> Size/MD5 checksum: 110406 2636a094ea4494abb2d972c6a7911689 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_ia64.deb</a> Size/MD5 checksum: 688406 f8a2642f68f1afb6c2fe980acaef4db5 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_ia64.deb</a> Size/MD5 checksum: 135214 69e26e4d34a753112f8b4101f7c39812 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_ia64.deb</a> Size/MD5 checksum: 286960 5e0ade1cf276e946cfd1a7f12160c7a0 mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_mips.deb</a> Size/MD5 checksum: 650964 68b73cf1d94f9e3df9bb5673270a3e4d <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_mips.deb</a> Size/MD5 checksum: 128984 334fcd884357833ef1ba40e9753d856b <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_mips.deb</a> Size/MD5 checksum: 106670 d93d383465f3c7943c82dcd65d1ac560 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_mips.deb</a> Size/MD5 checksum: 213704 9f9fce502a07f2466b39ff4bf7ef58b0 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_mips.deb</a> Size/MD5 checksum: 374008 12305da936211d86b13a7c98090391cb mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_mipsel.deb</a> Size/MD5 checksum: 625304 53e74fce7300247478e318878b06a863 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_mipsel.deb</a> Size/MD5 checksum: 365834 48789b75049ec966939982fafa7fa83e <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_mipsel.deb</a> Size/MD5 checksum: 106716 d99ec4062b95d872f66a4a68cbd4bb60 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_mipsel.deb</a> Size/MD5 checksum: 128606 3ec247d95450b7091ffef7df0adad247 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_mipsel.deb</a> Size/MD5 checksum: 213946 5ebc6eb3e75d70a0c093b2e9d65884d7 powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_powerpc.deb</a> Size/MD5 checksum: 223150 195bcb8c18c3024d4dbf15ad06d3d96c <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_powerpc.deb</a> Size/MD5 checksum: 108146 332071c2aabb087b7ee3e6a12e6d2633 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_powerpc.deb</a> Size/MD5 checksum: 130170 1f2348ff3cb769eb72bb5a941afc1124 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_powerpc.deb</a> Size/MD5 checksum: 612084 76ca146446c6470fab227e5cf4b91445 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_powerpc.deb</a> Size/MD5 checksum: 367182 ec6a577956bedc887267bc6185abcedd s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_s390.deb</a> Size/MD5 checksum: 601870 11a81ef5cf32bb11102b43b62c1d1371 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_s390.deb</a> Size/MD5 checksum: 106834 f3ed9fc6410f2f78de38348736116eee <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_s390.deb</a> Size/MD5 checksum: 131760 1d7705741271ea0227cdf15eae46f846 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_s390.deb</a> Size/MD5 checksum: 226842 7700a4e49d319d5726074de70ff9a68f <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_s390.deb</a> Size/MD5 checksum: 359430 f11c56a8baaa1bd61ef074324aea9068 sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_sparc.deb</a> Size/MD5 checksum: 599292 568ee2c44a15e4d5b1d27abb5f3f80ad <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_sparc.deb</a> Size/MD5 checksum: 218166 953db53eba1934c6279875e4ff8b6834 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_sparc.deb</a> Size/MD5 checksum: 106372 c9eae6bbdde15ada4613922ab216c6ed <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_sparc.deb</a> Size/MD5 checksum: 129172 8a97bb6cd74fe353383be290ea14298b <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_sparc.deb</a> Size/MD5 checksum: 337986 2f869f832a7ecdcb7a6ae50b12d0e916 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2008:0649-01)以及相应补丁: RHSA-2008:0649-01:Moderate: libxslt security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2008-0649.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0649.html</a> XMLSoft ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.ocert.org/patches/exslt_crypt.patch target=_blank>http://www.ocert.org/patches/exslt_crypt.patch</a>
漏洞利用/PoC
受影响的平台与产品
消息提示
- 添加资源
- 收藏资源
- 问题反馈
贡献用户
- 暂无贡献用户
相关漏洞清单
- 暂无相关漏洞