CVE-2003-0018
CVSS3.6
发布时间 :2003-02-19 00:00:00
修订时间 :2008-09-10 20:05:23
NMCOS    

[原文]Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption.


[CNNVD]Linux O_DIRECT定向输入/输出信息泄露漏洞(CNNVD-200302-037)

        
        Linux是开放内核源代码的操作系统。
        某些Linux内核不正确处理O_DIRECT标记,任意拥有系统写权限的本地攻击者可以利用这个漏洞读取其他文件中受限信息。
        Linux kernels 2.4.10及之后的版本在处理O_DIRECT标记上存在漏洞,可以使的任何对文件系统有写权限的用户读取部分文件信息(从以前删除过的文件中),及产生较小的文件系统破坏(可以方便的通过fsck修复)。REDHAT LINUX使用ext3文件系统不支持O_DIRECT功能,因此不存在此问题,但是RedHat发行的2.4.18版本却存在这个漏洞。
        

- CVSS (基础分值)

CVSS分值: 3.6 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.4.16Linux Kernel 2.4.16
cpe:/o:linux:linux_kernel:2.4.13Linux Kernel 2.4.13
cpe:/o:linux:linux_kernel:2.4.19Linux Kernel 2.4.19
cpe:/o:linux:linux_kernel:2.4.17Linux Kernel 2.4.17
cpe:/o:linux:linux_kernel:2.4.14Linux Kernel 2.4.14
cpe:/o:linux:linux_kernel:2.4.15Linux Kernel 2.4.15
cpe:/o:linux:linux_kernel:2.4.10Linux Kernel 2.4.10
cpe:/o:linux:linux_kernel:2.4.18Linux Kernel 2.4.18
cpe:/o:linux:linux_kernel:2.4.11Linux Kernel 2.4.11
cpe:/o:linux:linux_kernel:2.4.12Linux Kernel 2.4.12

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0018
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0018
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200302-037
(官方数据源) CNNVD

- 其它链接及资源

http://www.redhat.com/support/errata/RHSA-2003-025.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2003:025
http://www.debian.org/security/2004/dsa-423
(VENDOR_ADVISORY)  DEBIAN  DSA-423
http://www.iss.net/security_center/static/11249.php
(VENDOR_ADVISORY)  XF  linux-odirect-information-leak(11249)
http://www.securityfocus.com/bid/6763
(UNKNOWN)  BID  6763
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:014
(UNKNOWN)  MANDRAKE  MDKSA-2003:014
http://www.debian.org/security/2003/dsa-358
(UNKNOWN)  DEBIAN  DSA-358
http://linux.bkbits.net:8080/linux-2.4/cset@3e2f193drGJDBg9SG6JwaDQwCBnAMQ
(UNKNOWN)  CONFIRM  http://linux.bkbits.net:8080/linux-2.4/cset@3e2f193drGJDBg9SG6JwaDQwCBnAMQ

- 漏洞信息

Linux O_DIRECT定向输入/输出信息泄露漏洞
低危 其他
2003-02-19 00:00:00 2005-05-13 00:00:00
本地  
        
        Linux是开放内核源代码的操作系统。
        某些Linux内核不正确处理O_DIRECT标记,任意拥有系统写权限的本地攻击者可以利用这个漏洞读取其他文件中受限信息。
        Linux kernels 2.4.10及之后的版本在处理O_DIRECT标记上存在漏洞,可以使的任何对文件系统有写权限的用户读取部分文件信息(从以前删除过的文件中),及产生较小的文件系统破坏(可以方便的通过fsck修复)。REDHAT LINUX使用ext3文件系统不支持O_DIRECT功能,因此不存在此问题,但是RedHat发行的2.4.18版本却存在这个漏洞。
        

- 公告与补丁

        厂商补丁:
        MandrakeSoft
        ------------
        MandrakeSoft已经为此发布了一个安全公告(MDKSA-2003:014)以及相应补丁:
        MDKSA-2003:014:Updated kernel packages fix a number of bugs
        链接:
        http://www.linux-mandrake.com/en/security/2003/MDKSA-2003-014.php

        补丁下载:
        Updated Packages:
        Mandrake Linux 9.0:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/kernel-2.4.19.24mdk-1-1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/kernel-BOOT-2.4.19.24mdk-1-1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/kernel-doc-2.4.19-24mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/kernel-enterprise-2.4.19.24mdk-1-1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/kernel-secure-2.4.19.24mdk-1-1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/kernel-smp-2.4.19.24mdk-1-1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/kernel-source-2.4.19-24mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/SRPMS/kernel-2.4.19.24mdk-1-1mdk.src.rpm
        上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:
        
        http://www.mandrakesecure.net/en/ftp.php

        RedHat
        ------
        RedHat已经为此发布了一个安全公告(RHSA-2003:025-20)以及相应补丁:
        RHSA-2003:025-20:Updated 2.4 kernel fixes various vulnerabilities
        链接:https://www.redhat.com/support/errata/RHSA-2003-025.html
        补丁下载:
        Red Hat Linux 7.1:
        SRPMS:
        ftp://updates.redhat.com/7.1/en/os/SRPMS/kernel-2.4.18-24.7.x.src.rpm
        athlon:
        ftp://updates.redhat.com/7.1/en/os/athlon/kernel-2.4.18-24.7.x.athlon.rpm
        ftp://updates.redhat.com/7.1/en/os/athlon/kernel-smp-2.4.18-24.7.x.athlon.rpm
        i386:
        ftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.18-24.7.x.i386.rpm
        ftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.18-24.7.x.i386.rpm
        ftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.18-24.7.x.i386.rpm
        ftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.18-24.7.x.i386.rpm
        i586:
        ftp://updates.redhat.com/7.1/en/os/i586/kernel-2.4.18-24.7.x.i586.rpm
        ftp://updates.redhat.com/7.1/en/os/i586/kernel-smp-2.4.18-24.7.x.i586.rpm
        i686:
        ftp://updates.redhat.com/7.1/en/os/i686/kernel-2.4.18-24.7.x.i686.rpm
        ftp://updates.redhat.com/7.1/en/os/i686/kernel-smp-2.4.18-24.7.x.i686.rpm
        ftp://updates.redhat.com/7.1/en/os/i686/kernel-bigmem-2.4.18-24.7.x.i686.rpm
        ftp://updates.redhat.com/7.1/en/os/i686/kernel-debug-2.4.18-24.7.x.i686.rpm
        Red Hat Linux 7.2:
        SRPMS:
        ftp://updates.redhat.com/7.2/en/os/SRPMS/kernel-2.4.18-24.7.x.src.rpm
        athlon:
        ftp://updates.redhat.com/7.2/en/os/athlon/kernel-2.4.18-24.7.x.athlon.rpm
        ftp://updates.redhat.com/7.2/en/os/athlon/kernel-smp-2.4.18-24.7.x.athlon.rpm
        i386:
        ftp://updates.redhat.com/7.2/en/os/i386/kernel-2.4.18-24.7.x.i386.rpm
        ftp://updates.redhat.com/7.2/en/os/i386/kernel-source-2.4.18-24.7.x.i386.rpm
        ftp://updates.redhat.com/7.2/en/os/i386/kernel-doc-2.4.18-24.7.x.i386.rpm
        ftp://updates.redhat.com/7.2/en/os/i386/kernel-BOOT-2.4.18-24.7.x.i386.rpm
        i586:
        ftp://updates.redhat.com/7.2/en/os/i586/kernel-2.4.18-24.7.x.i586.rpm
        ftp://updates.redhat.com/7.2/en/os/i586/kernel-smp-2.4.18-24.7.x.i586.rpm
        i686:
        ftp://updates.redhat.com/7.2/en/os/i686/kernel-2.4.18-24.7.x.i686.rpm
        ftp://updates.redhat.com/7.2/en/os/i686/kernel-smp-2.4.18-24.7.x.i686.rpm
        ftp://updates.redhat.com/7.2/en/os/i686/kernel-bigmem-2.4.18-24.7.x.i686.rpm
        ftp://updates.redhat.com/7.2/en/os/i686/kernel-debug-2.4.18-24.7.x.i686.rpm
        Red Hat Linux 7.3:
        SRPMS:
        ftp://updates.redhat.com/7.3/en/os/SRPMS/kernel-2.4.18-24.7.x.src.rpm
        athlon:
        ftp://updates.redhat.com/7.3/en/os/athlon/kernel-2.4.18-24.7.x.athlon.rpm
        ftp://updates.redhat.com/7.3/en/os/athlon/kernel-smp-2.4.18-24.7.x.athlon.rpm
        i386:
        

- 漏洞信息

4457
Linux Kernel O_DIRECT Deleted File Retrieval or File System Corruption

- 漏洞描述

Unknown or Incomplete

- 时间线

2003-02-04 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux O_DIRECT Direct Input/Output Information Leak Vulnerability
Failure to Handle Exceptional Conditions 6763
No Yes
2003-02-04 12:00:00 2009-07-11 08:06:00
Vulnerability announced by Red Hat.

- 受影响的程序版本

Linux kernel 2.4.19
+ Conectiva Linux 8.0
+ Conectiva Linux Enterprise Edition 1.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux 8.1
+ Slackware Linux -current
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7
Linux kernel 2.4.18
+ Astaro Security Linux 2.0 23
+ Astaro Security Linux 2.0 16
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
+ Red Hat Enterprise Linux AS 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Linux 8.0
+ RedHat Linux 7.3
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. Linux Office Server
+ S.u.S.E. Linux Openexchange Server
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. SuSE eMail Server 3.1
+ S.u.S.E. SuSE eMail Server III
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
Linux kernel 2.4.17
Linux kernel 2.4.16
+ Sun Cobalt RaQ 550
Linux kernel 2.4.15
Linux kernel 2.4.14
Linux kernel 2.4.13
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
Linux kernel 2.4.12
+ Conectiva Linux 7.0
Linux kernel 2.4.11
Linux kernel 2.4.10
+ S.u.S.E. Linux 7.3

- 漏洞讨论

It has been reported that some Linux Kernels do not properly handle the O_DIRECT flag, which is used for direct input and output. Any user with system write privileges may be able to read limited information from other files.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Debian has released an advisory (DSA 423-1) that addresses the issue that is described in this BID for the IA-64 architecture. Further details regarding obtaining and applying fixes can be found in the referenced advisory.

SuSE has released an advisory (SuSE-SA:2003:049) to address this issue. Users are advised to apply appropriate fixes as soon as possible. Please see referenced advisory for further details regarding obtaining and applying fixes.

RedHat has released an advisory (RHSA-2003:025-20) containing fixes.

Mandrake Linux has released a new security advisory (MDKSA-2003:014) which contains fixes. Mandrake 9.0 users are advised to upgrade there kernel has soon as possible.

Debian has released advisory DSA 358-4 to address this issue.

Fixes:


Linux kernel 2.4.18

Linux kernel 2.4.19

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站