发布时间 :1998-07-29 00:00:00
修订时间 :2016-10-17 22:04:08

[原文]dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which allows local users to cause a denial of service (crash) by redirecting fd 1 (stdout) to the kernel.

[CNNVD]RedHat 5.1 dumpreg漏洞(CNNVD-199807-030)

        Red Hat Linux 5.1版本中的dumpreg打开带有O_RDWR使用权的/dev/mem,本地用户通过将fd 1 (stdout)重定向到内核导致服务拒绝(崩溃)。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  19980729 Crash a redhat 5.1 linux box
(UNKNOWN)  BUGTRAQ  19980730 FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux box)

- 漏洞信息

RedHat 5.1 dumpreg漏洞
低危 设计错误
1998-07-29 00:00:00 2005-10-20 00:00:00
        Red Hat Linux 5.1版本中的dumpreg打开带有O_RDWR使用权的/dev/mem,本地用户通过将fd 1 (stdout)重定向到内核导致服务拒绝(崩溃)。

- 公告与补丁

        Remove the setuid bit from the dumpreg program and upgrade to a newer version of RedHat Linux 5.0.

- 漏洞信息

Red Hat Linux dumpreg /dev/mem fd Redirect DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

1998-07-29 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

RedHat 5.1 dumpreg Vulnerability
Design Error 372
No Yes
1998-07-29 12:00:00 2009-07-11 12:16:00
This bug was posted to the Bugtraq mailing list on July 29, 1998 by Zachary Amsden<amsdenz@AAVID.COM>. The Discussion and Exploit sections of this vulnerability were almost wholly based on those posts.

- 受影响的程序版本

RedHat Linux 5.1
- Standard & Poors ComStock 4.2.4
RedHat Linux 5.2 i386

- 不受影响的程序版本

RedHat Linux 5.2 i386

- 漏洞讨论

The dumpreg utility included with redhat 5.1 can cause kernel crashes. The reasons is that it opens /dev/mem with O_RDWR access and blindly prints its output to fd 1. This can be trivially exploited with a simple program and run by any local user to corrupt kernel memory. Results may vary, but a crash is pretty much inevitable given enough time. A quick fix would be to remove setuid privs from the dumpreg program, as this is not needed for normal use.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at:

- 解决方案

Remove the setuid bit from the dumpreg program and upgrade to a newer version of RedHat Linux 5.0.

- 相关参考