CVE-2000-0461
CVSS2.1
发布时间 :2000-05-29 00:00:00
修订时间 :2008-09-10 15:04:43
NMCO    

[原文]The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.


[CNNVD]多个供应商BSD Semaphore IPC拒绝服务漏洞(CNNVD-200005-102)

        BSD冻结状态信号的无证semconfig系统存在漏洞。本地用户借助semconfig调用导致信号系统拒绝服务。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:netbsd:netbsd:1.4.1::arm32
cpe:/o:netbsd:netbsd:1.4.2::sparc
cpe:/o:freebsd:freebsd:2.1.7.1FreeBSD 2.1.7.1
cpe:/o:freebsd:freebsd:2.2.5FreeBSD 2.2.5
cpe:/o:netbsd:netbsd:1.4.2::alpha
cpe:/o:freebsd:freebsd:2.1.6FreeBSD 2.1.6
cpe:/o:netbsd:netbsd:1.4.1::alpha
cpe:/o:freebsd:freebsd:5.0FreeBSD 5.0
cpe:/o:freebsd:freebsd:2.2.4FreeBSD 2.2.4
cpe:/o:freebsd:freebsd:3.2FreeBSD 3.2
cpe:/o:freebsd:freebsd:3.4FreeBSD 3.4
cpe:/o:netbsd:netbsd:1.4.2::arm32
cpe:/o:netbsd:netbsd:1.4.1::sparc
cpe:/o:freebsd:freebsd:2.0.5FreeBSD 2.0.5
cpe:/o:freebsd:freebsd:2.1.0FreeBSD 2.1.0
cpe:/o:freebsd:freebsd:2.2FreeBSD 2.2
cpe:/o:freebsd:freebsd:5.0:alpha
cpe:/o:freebsd:freebsd:2.2.8FreeBSD 2.2.8
cpe:/o:freebsd:freebsd:3.1FreeBSD 3.1
cpe:/o:freebsd:freebsd:2.2.6FreeBSD 2.2.6
cpe:/o:freebsd:freebsd:3.0FreeBSD 3.0
cpe:/o:freebsd:freebsd:2.2.3FreeBSD 2.2.3
cpe:/o:freebsd:freebsd:2.1.5FreeBSD 2.1.5
cpe:/o:freebsd:freebsd:2.0FreeBSD 2.0
cpe:/o:freebsd:freebsd:2.1.6.1FreeBSD 2.1.6.1
cpe:/o:netbsd:netbsd:1.4.2::x86
cpe:/o:freebsd:freebsd:2.2.2FreeBSD 2.2.2
cpe:/o:freebsd:freebsd:3.3FreeBSD 3.3
cpe:/o:freebsd:freebsd:4.0:alpha
cpe:/o:freebsd:freebsd:1.1.5.1FreeBSD 1.1.5.1
cpe:/o:freebsd:freebsd:4.0FreeBSD 4.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0461
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0461
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200005-102
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/1270
(UNKNOWN)  BID  1270
http://www.openbsd.org/errata26.html#semconfig
(UNKNOWN)  OPENBSD  20000526
ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-004.txt.asc
(UNKNOWN)  NETBSD  NetBSD-SA2000-004
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:19.semconfig.asc
(UNKNOWN)  FREEBSD  FreeBSD-SA-00:19

- 漏洞信息

多个供应商BSD Semaphore IPC拒绝服务漏洞
低危 设计错误
2000-05-29 00:00:00 2005-05-02 00:00:00
本地  
        BSD冻结状态信号的无证semconfig系统存在漏洞。本地用户借助semconfig调用导致信号系统拒绝服务。

- 公告与补丁

        A patch is available for OpenBSD at
        http://www.openbsd.org/errata26.html#semconfig
        From the NetBSD advisory:
        For NetBSD 1.4, 1.4.1, and 1.4.2:
         A patch is available in
        ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/20000527-sysvsem
        For NetBSD-current:
        NetBSD-current since 20000527 contains all the fixes, and is not
         vulnerable. Users of NetBSD-current should upgrade to a source tree
         dated 20000527 or later.
        ----
        From the FreeBSD Advisory:
        Upgrade to FreeBSD 2.1.7.1-STABLE, 2.2.8-STABLE, 3.4-STABLE,
        4.0-STABLE or 5.0-CURRENT after the correction date.
        A patch is also available. See FreeBSD Advisory SA-00:19

- 漏洞信息

1364
Multiple BSD Semaphore IPC DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2000-05-26 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站