CVE-2002-1125
CVSS2.1
发布时间 :2002-09-24 00:00:00
修订时间 :2016-10-17 22:23:54
NMCOES    

[原文]FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory.


[CNNVD]BubbleMon核心内存文件描述符泄露漏洞(CNNVD-200209-040)

        使用libkvm的FreeBSD 4.6.2-RELEASE及其早期版本的包含(1)asmon,(2)ascpu,(3)bubblemon,(4)wmmon,and (5)wmnet2的FreeBSD端口程序让文件描述符对/dev/mem和/dev/kmem开放。本地用户读取核心内存。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:freebsd:freebsd:4.4FreeBSD 4.4
cpe:/o:freebsd:freebsd:4.5FreeBSD 4.5
cpe:/o:freebsd:freebsd:4.2FreeBSD 4.2
cpe:/o:freebsd:freebsd:4.3FreeBSD 4.3
cpe:/o:freebsd:freebsd:4.6FreeBSD 4.6

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1125
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1125
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200209-040
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:39.libkvm.asc
(UNKNOWN)  FREEBSD  FreeBSD-SA-02:39
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0115.html
(UNKNOWN)  VULNWATCH  20020916 iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities
http://marc.info/?l=bugtraq&m=103228135413310&w=2
(UNKNOWN)  BUGTRAQ  20020916 iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities
http://www.iss.net/security_center/static/10109.php
(UNKNOWN)  XF  bsd-libkvm-descriptor-leak(10109)
http://www.securityfocus.com/bid/5714
(UNKNOWN)  BID  5714
http://www.securityfocus.com/bid/5716
(UNKNOWN)  BID  5716
http://www.securityfocus.com/bid/5718
(UNKNOWN)  BID  5718
http://www.securityfocus.com/bid/5719
(UNKNOWN)  BID  5719
http://www.securityfocus.com/bid/5720
(UNKNOWN)  BID  5720

- 漏洞信息

BubbleMon核心内存文件描述符泄露漏洞
低危 访问验证错误
2002-09-24 00:00:00 2005-10-20 00:00:00
本地  
        使用libkvm的FreeBSD 4.6.2-RELEASE及其早期版本的包含(1)asmon,(2)ascpu,(3)bubblemon,(4)wmmon,and (5)wmnet2的FreeBSD端口程序让文件描述符对/dev/mem和/dev/kmem开放。本地用户读取核心内存。

- 公告与补丁

        FreeBSD has made a patch available:
        FreeBSD FreeBSD 4.2
        
        FreeBSD FreeBSD 4.3
        
        FreeBSD FreeBSD 4.4
        
        FreeBSD FreeBSD 4.5
        
        FreeBSD FreeBSD 4.6
        

- 漏洞信息 (21796)

BubbleMon 1.x Kernel Memory File Descriptor Leakage Vulnerability (EDBID:21796)
unix local
2002-09-16 Verified
0 badc0ded
N/A [点击下载]
source: http://www.securityfocus.com/bid/5714/info

It has been reported that BubbleMon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/kmem by executing a malicious program through BubbleMon. The program that is executed can be specified by the attacker at the command line.

bubblemon "dummy&/usr/local/sbin/lsof|grep dummy|grep mem"		

- 漏洞信息 (21797)

ASCPU 0.60 Kernel Memory File Descriptor Leakage Vulnerability (EDBID:21797)
unix local
2002-09-16 Verified
0 badc0ded
N/A [点击下载]
source: http://www.securityfocus.com/bid/5716/info

It has been reported that ascpu is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/kmem by executing a malicious program through ascpu. The program that is executed can be specified by the attacker at the command line.

ascpu -exe "dummy&/usr/local/sbin/lsof|grep dummy|grep mem"		

- 漏洞信息 (21798)

WMMon 1.0 b2 Memory Character File Open File Descriptor Read Vulnerability (EDBID:21798)
freebsd local
2002-09-16 Verified
0 badc0ded
N/A [点击下载]
source: http://www.securityfocus.com/bid/5718/info

It has been reported that wmmon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/kmem by executing a malicious program through wmmon. The program that is executed can be specified by the attacker at the command line.

bash-2.05a$ cat .wmmonrc
left "/home/dim/dummy"
bash-2.05a$ wmmon &
[1] 793
bash-2.05a$ Monitoring 5 devices for activity.
current stat is :1

bash-2.05a$ /usr/local/sbin/lsof |grep dummy|grep mem
dummy 797 dim 3r VCHR 2,0 0t0 21146 /dev/mem
dummy 797 dim 4r VCHR 2,1 0xc040f54c 21145 /dev/kmem		

- 漏洞信息 (21799)

WMNet2 1.0 6 Kernel Memory File Descriptor Leakage Vulnerability (EDBID:21799)
freebsd local
2002-09-16 Verified
0 badc0ded
N/A [点击下载]
source: http://www.securityfocus.com/bid/5719/info

It has been reported that wmnet2 is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/kmem by executing a malicious program through wmnet2. The program that is executed can be specified by the attacker at the command line.

bash-2.05a$ wmnet2 -e "dummy&/usr/local/sbin/lsof|grep
dummy|grep mem"
wmnet: using kmem driver to monitor ec0
dummy 584 dim 3r VCHR 2,0 0t0 21146 /dev/mem
dummy 584 dim 4r VCHR 2,1 0xc037cb8f 21145 /dev/kmem		

- 漏洞信息

6097
FreeBSD libkvm Open File Descriptor Memory Read
Local Access Required Information Disclosure
Loss of Confidentiality

- 漏洞描述

FreeBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user runs a program that uses the kvm(3) library to start other applications and cause these applications to leak /dev/mem and /dev/kmem file descriptors, which will disclose kernel memory information resulting in a loss of confidentiality.

- 时间线

2002-09-16 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 4.6-STABLE; or to the RELENG_4_6, RELENG_4_5, or RELENG_4_4 security branch dated after the correction date, as it has been reported to fix this vulnerability. Also, FreeBSD has released a patch.

- 相关参考

- 漏洞作者

- 漏洞信息

ASMon Kernel Memory File Descriptor Leakage Vulnerability
Access Validation Error 5720
No Yes
2002-09-16 12:00:00 2009-07-11 05:06:00
Vulnerability discovery credited to <badc0ded@badc0ded.com>.

- 受影响的程序版本

FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.5
FreeBSD FreeBSD 4.4
FreeBSD FreeBSD 4.3
FreeBSD FreeBSD 4.2
asmon asmon 0.60

- 漏洞讨论

It has been reported that asmon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/kmem by executing a malicious program through asmon. The program that is executed can be specified by the attacker at the command line.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Patch available:


FreeBSD FreeBSD 4.2

FreeBSD FreeBSD 4.3

FreeBSD FreeBSD 4.4

FreeBSD FreeBSD 4.5

FreeBSD FreeBSD 4.6

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站