CVE-2003-0246
CVSS3.6
发布时间 :2003-06-16 00:00:00
修订时间 :2016-10-17 22:31:14
NMCOS    

[原文]The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.


[CNNVD]Linux Kernel IOPERM系统调用I/O端口访问漏洞(CNNVD-200306-073)

        
        Linux Kernel是开放源代码的Linux内核系统。
        Linux的ioperm系统调用存在程序设计错误,本地攻击者可以利用这个漏洞读/写访问系统的I/O端口。
        ioperm由于设计问题可允许非特权用户获得对系统I/O端口的读和写访问。当特权进程使用时,ioperm系统调用也会不正确地限制权限。
        

- CVSS (基础分值)

CVSS分值: 3.6 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.5.9Linux Kernel 2.5.9
cpe:/o:linux:linux_kernel:2.5.45Linux Kernel 2.5.45
cpe:/o:linux:linux_kernel:2.5.46Linux Kernel 2.5.46
cpe:/o:linux:linux_kernel:2.5.40Linux Kernel 2.5.40
cpe:/o:linux:linux_kernel:2.5.41Linux Kernel 2.5.41
cpe:/o:linux:linux_kernel:2.5.42Linux Kernel 2.5.42
cpe:/o:linux:linux_kernel:2.4.1Linux Kernel 2.4.1
cpe:/o:linux:linux_kernel:2.4.0Linux Kernel 2.4.0
cpe:/o:linux:linux_kernel:2.5.47Linux Kernel 2.5.47
cpe:/o:linux:linux_kernel:2.5.48Linux Kernel 2.5.48
cpe:/o:linux:linux_kernel:2.4.5Linux Kernel 2.4.5
cpe:/o:linux:linux_kernel:2.5.49Linux Kernel 2.5.49
cpe:/o:linux:linux_kernel:2.4.4Linux Kernel 2.4.4
cpe:/o:linux:linux_kernel:2.5.43Linux Kernel 2.5.43
cpe:/o:linux:linux_kernel:2.5.44Linux Kernel 2.5.44
cpe:/o:linux:linux_kernel:2.4.3Linux Kernel 2.4.3
cpe:/o:linux:linux_kernel:2.4.2Linux Kernel 2.4.2
cpe:/o:linux:linux_kernel:2.5.12Linux Kernel 2.5.12
cpe:/o:linux:linux_kernel:2.5.56Linux Kernel 2.5.56
cpe:/o:linux:linux_kernel:2.5.13Linux Kernel 2.5.13
cpe:/o:linux:linux_kernel:2.5.57Linux Kernel 2.5.57
cpe:/o:linux:linux_kernel:2.5.50Linux Kernel 2.5.50
cpe:/o:linux:linux_kernel:2.5.51Linux Kernel 2.5.51
cpe:/o:linux:linux_kernel:2.5.52Linux Kernel 2.5.52
cpe:/o:linux:linux_kernel:2.5.53Linux Kernel 2.5.53
cpe:/o:linux:linux_kernel:2.5.14Linux Kernel 2.5.14
cpe:/o:linux:linux_kernel:2.5.58Linux Kernel 2.5.58
cpe:/o:linux:linux_kernel:2.5.15Linux Kernel 2.5.15
cpe:/o:linux:linux_kernel:2.5.59Linux Kernel 2.5.59
cpe:/o:linux:linux_kernel:2.5.16Linux Kernel 2.5.16
cpe:/o:linux:linux_kernel:2.5.17Linux Kernel 2.5.17
cpe:/o:linux:linux_kernel:2.5.10Linux Kernel 2.5.10
cpe:/o:linux:linux_kernel:2.5.54Linux Kernel 2.5.54
cpe:/o:linux:linux_kernel:2.5.11Linux Kernel 2.5.11
cpe:/o:linux:linux_kernel:2.5.55Linux Kernel 2.5.55
cpe:/o:linux:linux_kernel:2.5.8Linux Kernel 2.5.8
cpe:/o:linux:linux_kernel:2.5.7Linux Kernel 2.5.7
cpe:/o:linux:linux_kernel:2.5.18Linux Kernel 2.5.18
cpe:/o:linux:linux_kernel:2.5.6Linux Kernel 2.5.6
cpe:/o:linux:linux_kernel:2.5.19Linux Kernel 2.5.19
cpe:/o:linux:linux_kernel:2.5.5Linux Kernel 2.5.5
cpe:/o:linux:linux_kernel:2.4.12Linux Kernel 2.4.12
cpe:/o:linux:linux_kernel:2.5.23Linux Kernel 2.5.23
cpe:/o:linux:linux_kernel:2.5.67Linux Kernel 2.5.67
cpe:/o:linux:linux_kernel:2.4.11Linux Kernel 2.4.11
cpe:/o:linux:linux_kernel:2.5.24Linux Kernel 2.5.24
cpe:/o:linux:linux_kernel:2.5.68Linux Kernel 2.5.68
cpe:/o:linux:linux_kernel:2.5.61Linux Kernel 2.5.61
cpe:/o:linux:linux_kernel:2.5.62Linux Kernel 2.5.62
cpe:/o:linux:linux_kernel:2.5.63Linux Kernel 2.5.63
cpe:/o:linux:linux_kernel:2.5.20Linux Kernel 2.5.20
cpe:/o:linux:linux_kernel:2.5.64Linux Kernel 2.5.64
cpe:/o:linux:linux_kernel:2.5.0Linux Kernel 2.5.0
cpe:/o:linux:linux_kernel:2.4.19Linux Kernel 2.4.19
cpe:/o:linux:linux_kernel:2.4.14Linux Kernel 2.4.14
cpe:/o:linux:linux_kernel:2.5.25Linux Kernel 2.5.25
cpe:/o:linux:linux_kernel:2.5.69Linux Kernel 2.5.69
cpe:/o:linux:linux_kernel:2.4.13Linux Kernel 2.4.13
cpe:/o:linux:linux_kernel:2.5.26Linux Kernel 2.5.26
cpe:/o:linux:linux_kernel:2.4.16Linux Kernel 2.4.16
cpe:/o:linux:linux_kernel:2.5.27Linux Kernel 2.5.27
cpe:/o:linux:linux_kernel:2.5.4Linux Kernel 2.5.4
cpe:/o:linux:linux_kernel:2.4.15Linux Kernel 2.4.15
cpe:/o:linux:linux_kernel:2.5.28Linux Kernel 2.5.28
cpe:/o:linux:linux_kernel:2.5.3Linux Kernel 2.5.3
cpe:/o:linux:linux_kernel:2.4.10Linux Kernel 2.4.10
cpe:/o:linux:linux_kernel:2.5.21Linux Kernel 2.5.21
cpe:/o:linux:linux_kernel:2.5.65Linux Kernel 2.5.65
cpe:/o:linux:linux_kernel:2.5.22Linux Kernel 2.5.22
cpe:/o:linux:linux_kernel:2.5.66Linux Kernel 2.5.66
cpe:/o:linux:linux_kernel:2.5.2Linux Kernel 2.5.2
cpe:/o:linux:linux_kernel:2.5.1Linux Kernel 2.5.1
cpe:/o:linux:linux_kernel:2.4.18Linux Kernel 2.4.18
cpe:/o:linux:linux_kernel:2.5.29Linux Kernel 2.5.29
cpe:/o:linux:linux_kernel:2.4.17Linux Kernel 2.4.17
cpe:/o:linux:linux_kernel:2.5.60Linux Kernel 2.5.60
cpe:/o:linux:linux_kernel:2.5.34Linux Kernel 2.5.34
cpe:/o:linux:linux_kernel:2.5.35Linux Kernel 2.5.35
cpe:/o:linux:linux_kernel:2.5.30Linux Kernel 2.5.30
cpe:/o:linux:linux_kernel:2.5.31Linux Kernel 2.5.31
cpe:/o:linux:linux_kernel:2.5.36Linux Kernel 2.5.36
cpe:/o:linux:linux_kernel:2.5.37Linux Kernel 2.5.37
cpe:/o:linux:linux_kernel:2.5.38Linux Kernel 2.5.38
cpe:/o:linux:linux_kernel:2.5.39Linux Kernel 2.5.39
cpe:/o:linux:linux_kernel:2.5.32Linux Kernel 2.5.32
cpe:/o:linux:linux_kernel:2.4.20Linux Kernel 2.4.20
cpe:/o:linux:linux_kernel:2.5.33Linux Kernel 2.5.33
cpe:/o:linux:linux_kernel:2.4.9Linux Kernel 2.4.9
cpe:/o:linux:linux_kernel:2.4.8Linux Kernel 2.4.8
cpe:/o:linux:linux_kernel:2.4.7Linux Kernel 2.4.7
cpe:/o:linux:linux_kernel:2.4.6Linux Kernel 2.4.6

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:278Linux ioperm Privilege Restriction Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0246
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0246
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200306-073
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0076.html
(UNKNOWN)  VULNWATCH  20030520 Linux 2.4 kernel ioperm vuln
http://marc.info/?l=bugtraq&m=105301461726555&w=2
(UNKNOWN)  ENGARDE  ESA-20030515-017
http://www.debian.org/security/2003/dsa-311
(VENDOR_ADVISORY)  DEBIAN  DSA-311
http://www.debian.org/security/2003/dsa-312
(UNKNOWN)  DEBIAN  DSA-312
http://www.debian.org/security/2003/dsa-332
(UNKNOWN)  DEBIAN  DSA-332
http://www.debian.org/security/2003/dsa-336
(UNKNOWN)  DEBIAN  DSA-336
http://www.debian.org/security/2004/dsa-442
(UNKNOWN)  DEBIAN  DSA-442
http://www.mandriva.com/security/advisories?name=MDKSA-2003:066
(UNKNOWN)  MANDRAKE  MDKSA-2003:066
http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
(UNKNOWN)  MANDRAKE  MDKSA-2003:074
http://www.redhat.com/support/errata/RHSA-2003-147.html
(UNKNOWN)  REDHAT  RHSA-2003:147
http://www.redhat.com/support/errata/RHSA-2003-172.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2003:172
http://www.turbolinux.com/security/TLSA-2003-41.txt
(UNKNOWN)  TURBO  TLSA-2003-41

- 漏洞信息

Linux Kernel IOPERM系统调用I/O端口访问漏洞
低危 设计错误
2003-06-16 00:00:00 2005-10-20 00:00:00
本地  
        
        Linux Kernel是开放源代码的Linux内核系统。
        Linux的ioperm系统调用存在程序设计错误,本地攻击者可以利用这个漏洞读/写访问系统的I/O端口。
        ioperm由于设计问题可允许非特权用户获得对系统I/O端口的读和写访问。当特权进程使用时,ioperm系统调用也会不正确地限制权限。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * Linux 2.5.69版本中未测试和非官方补丁如下:
        diff -urN linux-2.5.64-bk5/arch/i386/kernel/ioport.c linux/arch/i386/kernel/ioport.c
        --- linux-2.5.64-bk5/arch/i386/kernel/ioport.c2003-02-24 14:59:03.000000000 -0500
        +++ linux/arch/i386/kernel/ioport.c2003-03-14 10:19:48.000000000 -0500
        @@ -84,15 +84,17 @@
        t->ts_io_bitmap = bitmap;
        }
        -tss = init_tss + get_cpu();
        -if (bitmap)
        -tss->bitmap = IO_BITMAP_OFFSET;/* Activate it in the TSS */
        -
        /*
        * do it in the per-thread copy and in the TSS ...
        */
        set_bitmap(t->ts_io_bitmap, from, num, !turn_on);
        -set_bitmap(tss->io_bitmap, from, num, !turn_on);
        +tss = init_tss + get_cpu();
        +if (tss->bitmap == IO_BITMAP_OFFSET) { /* already active? */
        +set_bitmap(tss->io_bitmap, from, num, !turn_on);
        +} else {
        +memcpy(tss->io_bitmap, t->ts_io_bitmap, IO_BITMAP_BYTES);
        +tss->bitmap = IO_BITMAP_OFFSET;/* Activate it in the TSS */
        +}
        put_cpu();
        out:
        return ret;
        厂商补丁:
        RedHat
        ------
        RedHat已经为此发布了一个安全公告(RHSA-2003:172-00)以及相应补丁:
        RHSA-2003:172-00:Updated 2.4 kernel fixes security vulnerabilities and various bugs
        链接:https://www.redhat.com/support/errata/RHSA-2003-172.html
        补丁下载:
        Red Hat Linux 7.1:
        SRPMS:
        ftp://updates.redhat.com/7.1/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm
        athlon:
        ftp://updates.redhat.com/7.1/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm
        ftp://updates.redhat.com/7.1/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm
        i386:
        ftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.20-13.7.i386.rpm
        ftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm
        ftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm
        ftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm
        i586:
        ftp://updates.redhat.com/7.1/en/os/i586/kernel-2.4.20-13.7.i586.rpm
        ftp://updates.redhat.com/7.1/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm
        i686:
        ftp://updates.redhat.com/7.1/en/os/i686/kernel-2.4.20-13.7.i686.rpm
        ftp://updates.redhat.com/7.1/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm
        ftp://updates.redhat.com/7.1/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm
        Red Hat Linux 7.2:
        SRPMS:
        ftp://updates.redhat.com/7.2/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm
        athlon:
        ftp://updates.redhat.com/7.2/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm
        ftp://updates.redhat.com/7.2/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm
        i386:
        ftp://updates.redhat.com/7.2/en/os/i386/kernel-2.4.20-13.7.i386.rpm
        ftp://updates.redhat.com/7.2/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm
        ftp://updates.redhat.com/7.2/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm
        ftp://updates.redhat.com/7.2/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm
        i586:
        ftp://updates.redhat.com/7.2/en/os/i586/kernel-2.4.20-13.7.i586.rpm
        ftp://updates.redhat.com/7.2/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm
        i686:
        ftp://updates.redhat.com/7.2/en/os/i686/kernel-2.4.20-13.7.i686.rpm
        ftp://updates.redhat.com/7.2/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm
        ftp://updates.redhat.com/7.2/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm
        Red Hat Linux 7.3:
        SRPMS:
        ftp://updates.redhat.com/7.3/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm
        athlon:
        ftp://updates.redhat.com/7.3/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm
        ftp://updates.redhat.com/7.3/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm
        i386:
        ftp://updates.redhat.com/7.3/en/os/i386/kernel-2.4.20-13.7.i386.rpm
        ftp://updates.redhat.com/7.3/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm
        ftp://updates.redhat.com/7.3/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm
        ftp://updates.redhat.com/7.3/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm
        i586:
        ftp://updates.redhat.com/7.3/en/os/i586/kernel-2.4.20-13.7.i586.rpm
        ftp://updates.redhat.com/7.3/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm
        i686:
        ftp://updates.redhat.com/7.3/en/os/i686/kernel-2.4.20-13.7.i686.rpm
        ftp://updates.redhat.com/7.3/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm
        ftp://updates.redhat.com/7.3/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm
        Red Hat Linux 8.0:
        SRPMS:
        ftp://updates.redhat.com/8.0/en/os/SRPMS/kernel-2.4.20-13.8.src.rpm
        ftp://updates.redhat.com/8.0/en/os/SRPMS/oprofile-0.4-44.8.1.src.rpm
        athlon:
        

- 漏洞信息

4454
Linux Kernel ioperm System Call Arbitrary Port read/write Access

- 漏洞描述

Unknown or Incomplete

- 时间线

2003-05-13 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux Kernel IOPERM System Call I/O Port Access Vulnerability
Design Error 7600
No Yes
2003-05-14 12:00:00 2009-07-11 10:06:00
The discovery of this vulnerability has been credited to Martin J. Bligh.

- 受影响的程序版本

Sun Linux 5.0.5
Sun Linux 5.0.3
Sun Linux 5.0
+ Sun LX50
RedHat kernel-utils-2.4-8.29.i386.rpm
RedHat kernel-utils-2.4-8.13.i386.rpm
+ RedHat Linux 8.0
RedHat kernel-utils-2.4-7.4.i386.rpm
+ RedHat Linux 7.3
RedHat kernel-uml-2.4.18-14.i686.rpm
+ RedHat Linux 8.0
RedHat kernel-source-2.4.7-10.i386.rpm
+ RedHat Linux 7.2
RedHat kernel-source-2.4.20-8.i386.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-source-2.4.2-2.i386.rpm
+ RedHat Linux 7.1
RedHat kernel-source-2.4.18-3.i386.rpm
RedHat kernel-source-2.4.18-14.i386.rpm
RedHat kernel-smp-2.4.7-10.i686.rpm
+ RedHat Linux 7.2
RedHat kernel-smp-2.4.7-10.i586.rpm
+ RedHat Linux 7.2
RedHat kernel-smp-2.4.7-10.athlon.rpm
RedHat kernel-smp-2.4.20-8.i686.rpm
RedHat kernel-smp-2.4.20-8.athlon.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-smp-2.4.2-2.i686.rpm
+ RedHat Linux 7.1
RedHat kernel-smp-2.4.2-2.i586.rpm
+ RedHat Linux 7.1
RedHat kernel-smp-2.4.18-3.i686.rpm
RedHat kernel-smp-2.4.18-3.i586.rpm
+ RedHat Linux 7.3
RedHat kernel-smp-2.4.18-3.athlon.rpm
RedHat kernel-smp-2.4.18-14.i686.rpm
+ RedHat Linux 8.0
RedHat kernel-smp-2.4.18-14.athlon.rpm
RedHat kernel-headers-2.4.7-10.i386.rpm
RedHat kernel-headers-2.4.2-2.i386.rpm
RedHat kernel-enterprise-2.4.2-2.i686.rpm
RedHat kernel-doc-2.4.7-10.i386.rpm
+ RedHat Linux 7.2
RedHat kernel-doc-2.4.20-8.i386.rpm
RedHat kernel-doc-2.4.2-2.i386.rpm
RedHat kernel-doc-2.4.18-3.i386.rpm
RedHat kernel-doc-2.4.18-14.i386.rpm
+ RedHat Linux 8.0
RedHat kernel-debug-2.4.18-3.i686.rpm
RedHat kernel-debug-2.4.18-14.i686.rpm
RedHat kernel-BOOT-2.4.7-10.i386.rpm
RedHat kernel-BOOT-2.4.20-8.i386.rpm
RedHat kernel-BOOT-2.4.2-2.i386.rpm
RedHat kernel-BOOT-2.4.18-3.i386.rpm
+ RedHat Linux 7.3
RedHat kernel-BOOT-2.4.18-14.i386.rpm
+ RedHat Linux 8.0
RedHat kernel-bigmem-2.4.20-8.i686.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-bigmem-2.4.18-3.i686.rpm
+ RedHat Linux 7.3
RedHat kernel-bigmem-2.4.18-14.i686.rpm
+ RedHat Linux 8.0
RedHat kernel-2.4.7-10.i686.rpm
+ RedHat Linux 7.2
RedHat kernel-2.4.7-10.i386.rpm
RedHat kernel-2.4.7-10.athlon.rpm
RedHat kernel-2.4.20-8.i686.rpm
RedHat kernel-2.4.20-8.i586.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.20-8.athlon.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.2-2.i686.rpm
+ RedHat Linux 7.1
RedHat kernel-2.4.2-2.i586.rpm
RedHat kernel-2.4.2-2.i386.rpm
+ RedHat Linux 7.1
RedHat kernel-2.4.18-3.i686.rpm
+ RedHat Linux 7.3
RedHat kernel-2.4.18-3.i386.rpm
RedHat kernel-2.4.18-3.athlon.rpm
+ RedHat Linux 7.3
RedHat kernel-2.4.18-14.i686.rpm
RedHat kernel-2.4.18-14.i586.rpm
+ RedHat Linux 8.0
RedHat kernel-2.4.18-14.athlon.rpm
Mandriva Linux Mandrake 9.1 ppc
Mandriva Linux Mandrake 9.1
Mandriva Linux Mandrake 9.0
Mandriva Linux Mandrake 8.2 ppc
Mandriva Linux Mandrake 8.2
MandrakeSoft Single Network Firewall 7.2
MandrakeSoft Corporate Server 2.1
Linux kernel 2.5.69
Linux kernel 2.5.68
Linux kernel 2.5.67
Linux kernel 2.5.66
Linux kernel 2.5.65
Linux kernel 2.5.64
Linux kernel 2.5.63
Linux kernel 2.5.62
Linux kernel 2.5.61
Linux kernel 2.5.60
Linux kernel 2.5.59
Linux kernel 2.5.58
Linux kernel 2.5.57
Linux kernel 2.5.56
Linux kernel 2.5.55
Linux kernel 2.5.54
Linux kernel 2.5.53
Linux kernel 2.5.52
Linux kernel 2.5.51
Linux kernel 2.5.50
Linux kernel 2.5.49
Linux kernel 2.5.48
Linux kernel 2.5.47
Linux kernel 2.5.46
Linux kernel 2.5.45
Linux kernel 2.5.44
Linux kernel 2.5.43
Linux kernel 2.5.42
Linux kernel 2.5.41
Linux kernel 2.5.40
Linux kernel 2.5.39
Linux kernel 2.5.38
Linux kernel 2.5.37
Linux kernel 2.5.36
Linux kernel 2.5.35
Linux kernel 2.5.34
Linux kernel 2.5.33
Linux kernel 2.5.32
Linux kernel 2.5.31
Linux kernel 2.5.30
Linux kernel 2.5.29
Linux kernel 2.5.28
Linux kernel 2.5.27
Linux kernel 2.5.26
Linux kernel 2.5.25
Linux kernel 2.5.24
Linux kernel 2.5.23
Linux kernel 2.5.22
Linux kernel 2.5.21
Linux kernel 2.5.20
Linux kernel 2.5.19
Linux kernel 2.5.18
Linux kernel 2.5.17
Linux kernel 2.5.16
Linux kernel 2.5.15
Linux kernel 2.5.14
Linux kernel 2.5.13
Linux kernel 2.5.12
Linux kernel 2.5.11
Linux kernel 2.5.10
Linux kernel 2.5.9
Linux kernel 2.5.8
Linux kernel 2.5.7
Linux kernel 2.5.6
Linux kernel 2.5.5
Linux kernel 2.5.4
Linux kernel 2.5.3
Linux kernel 2.5.2
Linux kernel 2.5.1
Linux kernel 2.5 .0
Linux kernel 2.4.21 pre4
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
Linux kernel 2.4.20
+ CRUX CRUX Linux 1.0
+ Gentoo Linux 1.4
+ Gentoo Linux 1.2
+ RedHat Linux 9.0 i386
+ Slackware Linux 9.0
+ WOLK WOLK 4.4 s
Linux kernel 2.4.19
Linux kernel 2.4.18 x86
Linux kernel 2.4.18
Linux kernel 2.4.17
Linux kernel 2.4.16
Linux kernel 2.4.15
Linux kernel 2.4.14
Linux kernel 2.4.13
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
Linux kernel 2.4.12
+ Conectiva Linux 7.0
Linux kernel 2.4.11
Linux kernel 2.4.10
+ S.u.S.E. Linux 7.3
Linux kernel 2.4.9
Linux kernel 2.4.8
Linux kernel 2.4.7
+ RedHat Linux 7.2
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
Linux kernel 2.4.6
Linux kernel 2.4.5
+ Slackware Linux 8.0
Linux kernel 2.4.4
Linux kernel 2.4.3
Linux kernel 2.4.2
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
Linux kernel 2.4.1
Linux kernel 2.4
Sun Linux 5.0.6

- 不受影响的程序版本

Sun Linux 5.0.6

- 漏洞讨论

A vulnerability has been discovered in the ioperm system call for Linux. Due to a programming error, permissions may not be correctly configured on I/O ports used by a process. As a result, an unprivileged local user may be capable of reading and writing to I/O port addresses which they would not normally have access to.

- 漏洞利用

No exploit required.

A proof of concept has been made available. See referenced advisory.

- 解决方案

Mandrake Linux have released a security advisory (MDKSA-2003:074) to address this issue. Further details regarding downloading and applying these fixes can be found in the referenced advisory. Fixes are linked below.

Mandrake has issued a kernel upgrade that is patched. Please see the advisory linked to in the reference section (MDKSA-2003:066-1) for further information.

Red Hat has released advisory RHSA-2003:172-00 and fixes to address this issue. See referenced advisory for additional details.

EnGarde has released an advisory. Information about obtaining fixes can be found in the referenced advisory (ESA-20030515-017).

Conectiva has released advisory CLSA-2003:657 to address this issue.

Red Hat Linux has released a new advisory RHSA-2003:187-01. Affected users are advised to upgrade to newer kernel packages. Further information is available in the referenced advisory.

Debian has issued a kernel upgrade that is patched. Please see the advisories linked to in the reference section (DSA-311-1 and DSA 312-1) for URLs to fixes.

Debian has released a new advisory DSA 332-1. Information about obtaining and applying fixes can be found in the referenced advisory.

Debian has announced in DSA 336-2 that advisory DSA 336-1 does not address this issue.

Conectiva has released advisory CLA-2003:701 to address this issue. See referenced advisory for additional details and fix information.

Gentoo has released advisory 200308-01 to address this issue. Affected users are advised to execute the following commands:

emerge sync
emerge gentoo-sources
emerge clean

RHBA-2003:263-05 (for non-Enterprise Red Hat distributions) has been released to address unrelated bugs but provides Kernel updates that include more recent fixes for this and other security vulnerabilities.

Conectiva has released a security advisory (CLA-2003:796) containing fixes to address this issue in Conectiva Linux 8.

Debian has released DSA 442-1 to provide fixes for s390 platforms. Please see the attached advisory for further information.


RedHat kernel-bigmem-2.4.18-14.i686.rpm

RedHat kernel-2.4.20-8.athlon.rpm

RedHat kernel-source-2.4.2-2.i386.rpm

RedHat kernel-2.4.20-8.i586.rpm

RedHat kernel-2.4.7-10.i686.rpm

RedHat kernel-bigmem-2.4.20-8.i686.rpm

RedHat kernel-source-2.4.20-8.i386.rpm

RedHat kernel-BOOT-2.4.18-3.i386.rpm

RedHat kernel-doc-2.4.18-14.i386.rpm

RedHat kernel-2.4.18-3.athlon.rpm

RedHat kernel-bigmem-2.4.18-3.i686.rpm

RedHat kernel-source-2.4.7-10.i386.rpm

RedHat kernel-2.4.18-14.i586.rpm

RedHat kernel-BOOT-2.4.18-14.i386.rpm

RedHat kernel-2.4.2-2.i686.rpm

RedHat kernel-doc-2.4.7-10.i386.rpm

RedHat kernel-2.4.18-3.i686.rpm

RedHat kernel-2.4.2-2.i386.rpm

MandrakeSoft Corporate Server 2.1

Linux kernel 2.4.17

Linux kernel 2.4.20

Linux kernel 2.4.21 pre4

Sun Linux 5.0

Sun Linux 5.0.5

Mandriva Linux Mandrake 8.2 ppc

Mandriva Linux Mandrake 9.0

Mandriva Linux Mandrake 9.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站