CVE-2004-0109
CVSS4.6
发布时间 :2004-06-01 00:00:00
修订时间 :2016-11-28 14:06:26
NMCOPS    

[原文]Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.


[CNNVD]Linux Kernel ISO9660文件系统缓冲区溢出漏洞(CNNVD-200406-002)

        
        Linux是一款开放源代码操作系统。
        Linux内核没有对存储在ISO9660文件系统上的符号连接进行正确的长度检查,本地攻击者可以利用这个漏洞获得root用户权限。
        ISO9660文件系统上的符号连接由'Rock Ridge'扩展到标准格式支持,通过在恶意构建ISO文件系统,当内核在执行目录列表及尝试通过畸形符号连接访问文件时触发。几个相关的受影响函数如下:
        fs/isofs/rock.c: rock_ridge_symlink_readpage()
        fs/isofs/rock.c: get_symlink_chunk()
        由于没有对符号连接长度进行正确检查而触发内存错误。精心构建记录数据可能以root用户权限执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.5.0Linux Kernel 2.5.0
cpe:/o:linux:linux_kernel:2.4.0Linux Kernel 2.4.0
cpe:/o:linux:linux_kernel:2.6.0Linux Kernel 2.6.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:940Linux Kernel ISO9660 File System Component BO
oval:org.mitre.oval:def:10733Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to ove...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0109
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0109
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200406-002
(官方数据源) CNNVD

- 其它链接及资源

ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc
(VENDOR_ADVISORY)  SGI  20040405-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc
(UNKNOWN)  SGI  20040504-01-U
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
(UNKNOWN)  CONECTIVA  CLA-2004:846
http://marc.info/?l=bugtraq&m=108213675028441&w=2
(UNKNOWN)  TRUSTIX  2004-0020
http://rhn.redhat.com/errata/RHSA-2004-166.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2004:166
http://secunia.com/advisories/11429
(UNKNOWN)  SECUNIA  11429
http://security.gentoo.org/glsa/glsa-200407-02.xml
(UNKNOWN)  GENTOO  GLSA-200407-02
http://www.ciac.org/ciac/bulletins/o-121.shtml
(UNKNOWN)  CIAC  O-121
http://www.ciac.org/ciac/bulletins/o-127.shtml
(UNKNOWN)  CIAC  O-127
http://www.debian.org/security/2004/dsa-479
(UNKNOWN)  DEBIAN  DSA-479
http://www.debian.org/security/2004/dsa-480
(UNKNOWN)  DEBIAN  DSA-480
http://www.debian.org/security/2004/dsa-481
(UNKNOWN)  DEBIAN  DSA-481
http://www.debian.org/security/2004/dsa-482
(UNKNOWN)  DEBIAN  DSA-482
http://www.debian.org/security/2004/dsa-489
(UNKNOWN)  DEBIAN  DSA-489
http://www.debian.org/security/2004/dsa-491
(UNKNOWN)  DEBIAN  DSA-491
http://www.debian.org/security/2004/dsa-495
(UNKNOWN)  DEBIAN  DSA-495
http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities
(VENDOR_ADVISORY)  MISC  http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities
http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
(VENDOR_ADVISORY)  ENGARDE  ESA-20040428-004
http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
(UNKNOWN)  MANDRAKE  MDKSA-2004:029
http://www.novell.com/linux/security/advisories/2004_09_kernel.html
(UNKNOWN)  SUSE  SuSE-SA:2004:009
http://www.redhat.com/support/errata/RHSA-2004-105.html
(UNKNOWN)  REDHAT  RHSA-2004:105
http://www.redhat.com/support/errata/RHSA-2004-106.html
(UNKNOWN)  REDHAT  RHSA-2004:106
http://www.redhat.com/support/errata/RHSA-2004-183.html
(UNKNOWN)  REDHAT  RHSA-2004:183
http://www.securityfocus.com/bid/10141
(UNKNOWN)  BID  10141
http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
(UNKNOWN)  TURBO  TLSA-2004-14
http://xforce.iss.net/xforce/xfdb/15866
(UNKNOWN)  XF  linux-iso9660-bo(15866)

- 漏洞信息

Linux Kernel ISO9660文件系统缓冲区溢出漏洞
中危 边界条件错误
2004-06-01 00:00:00 2007-01-24 00:00:00
本地  
        
        Linux是一款开放源代码操作系统。
        Linux内核没有对存储在ISO9660文件系统上的符号连接进行正确的长度检查,本地攻击者可以利用这个漏洞获得root用户权限。
        ISO9660文件系统上的符号连接由'Rock Ridge'扩展到标准格式支持,通过在恶意构建ISO文件系统,当内核在执行目录列表及尝试通过畸形符号连接访问文件时触发。几个相关的受影响函数如下:
        fs/isofs/rock.c: rock_ridge_symlink_readpage()
        fs/isofs/rock.c: get_symlink_chunk()
        由于没有对符号连接长度进行正确检查而触发内存错误。精心构建记录数据可能以root用户权限执行任意指令。
        

- 公告与补丁

        厂商补丁:
        Debian
        ------
        Debian已经为此发布了相应补丁:
        补丁下载:
        Source archives:
        
        http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3.dsc

        Size/MD5 checksum: 690 222d67d058984eef34ef3af56ad82720
        
        http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3.diff.gz

        Size/MD5 checksum: 41918 dce13eeca598d548e390a72fed76728f
        
        http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17.orig.tar.gz

        Size/MD5 checksum: 29445154 d5de2a4dc49e32c37e557ef856d5d132
        
        http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody6.dsc

        Size/MD5 checksum: 805 2076a7b98736825eb39bf5bc8eba23d2
        
        http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody6.tar.gz

        Architecture independent components:
        
        http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-doc-2.4.17_2.4.17-1woody3_all.deb

        Size/MD5 checksum: 1720294 3b6e8a510996bebd066d1cda8bac41eb
        
        http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3_all.deb

        Size/MD5 checksum: 23880582 542792a28d1fc90844f9b51abe84f90e
        
        http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody6_all.deb

        Size/MD5 checksum: 1149360 9e6755113b2f9aa136cb7a661ff17953
        Big endian MIPS architecture:
        
        http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody6_mips.deb

        Size/MD5 checksum: 3475460 5fd4b0778c297c49009ece259b417f22
        
        http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-ip22_2.4.17-0.020226.2.woody6_mips.deb

        Size/MD5 checksum: 2042058 a15d8dad4f6d3a0ca8f32bca87a153b3
        
        http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r5k-ip22_2.4.17-0.020226.2.woody6_mips.deb

        Size/MD5 checksum: 2042102 f9cc1ae2e4d53f0a017a842580823a34
        Little endian MIPS architecture:
        
        http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody6_mipsel.deb

        Size/MD5 checksum: 3474878 26731e041b80cfeb5bc609cf6f2b20a1
        
        http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r3k-kn02_2.4.17-0.020226.2.woody6_mipsel.deb

        Size/MD5 checksum: 2197528 b2cefc4f87ee78a1c146a4e428b2d44c
        
        http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-kn04_2.4.17-0.020226.2.woody6_mipsel.deb

        Size/MD5 checksum: 2193620 0cf8429a531c6eb29cdc34b4e343d9ac
        
        http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/mips-tools_2.4.17-0.020226.2.woody6_mipsel.deb

        Size/MD5 checksum: 15394 7f2ad07ae6daa9de0db7d45cdc83ee59
        Source archives:
        
        http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody2.dsc

        Size/MD5 checksum: 672 9860f430fe435100c103a42c7b5dbc66
        
        http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody2.diff.gz

        Size/MD5 checksum: 47625 cc802c42472c637de501dde07df7cec8
        
        http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19.orig.tar.gz

        Size/MD5 checksum: 32000211 237896fbb45ae652cc9c5cecc9b746da
        
        http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody4.dsc

        Size/MD5 checksum: 792 a21174ff774b45160cf3f714ea1ec226
        
        http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody4.tar.gz

        Size/MD5 checksum: 1032076 96e1ae069ef39afbdae505edc6f11375
        Architecture independent components:
        
        http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-doc-2.4.19_2.4.19-4.woody2_all.deb

        Size/MD5 checksum: 1783144 deaa1a0705f5f334ebbc60734b6bc2c7
        
        http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody2_all.deb

        Size/MD5 checksum: 25895130 f42c8c0b27e644d024e33738a5c87863
        
        http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody4_all.deb

        Size/MD5 checksum: 1032600 c7ec4194385c7e

- 漏洞信息 (F33087)

iDEFENSE Security Advisory 2004-04-14.t (PacketStormID:F33087)
2004-04-14 00:00:00
iDefense Labs,Greg MacManus  idefense.com
advisory,overflow,arbitrary,kernel,local
linux
CVE-2004-0109
[点击下载]

iDEFENSE Security Advisory 04.14.04: The Linux kernel performs no length checking on symbolic links stored on an ISO9660 file system, allowing a malformed CD to perform an arbitrary length overflow in kernel memory. Symbolic links on ISO9660 file systems are supported by the 'Rock Ridge' extension to the standard format. The vulnerability can be triggered by performing a directory listing on a maliciously constructed ISO file system, or attempting to access a file via a malformed symlink on such a file system. Many distributions allow local users to mount CDs, which makes them potentially vulnerable to local elevation attacks. The issue affects the 2.4.x, 2.5.x and 2.6.x kernel. Other kernel implementations may also be vulnerable.

Buffer Overflow in ISO9660 File System Component of Linux Kernel 

iDEFENSE Security Advisory 04.14.04:


I. BACKGROUND

Linux is a free Unix-type operating system originally created by Linus Torvalds with the assistance of developers around the world. The 'isofs' component of the Linux kernel mediates file system interactions with ISO-9660 format CD-ROMs.

II. DESCRIPTION

The Linux kernel performs no length checking on symbolic links stored on an ISO9660 file system, allowing a malformed CD to perform an arbitrary length overflow in kernel memory.

Symbolic links on ISO9660 file systems are supported by the 'Rock Ridge' extension to the standard format. The vulnerability can be triggered by performing a directory listing on a maliciously constructed ISO file system, or attempting to access a file via a malformed symlink on such a file system. Many distributions allow local users to mount CDs, which makes them potentially vulnerable to local elevation attacks.

The relevant functions are as follows:

fs/isofs/rock.c: rock_ridge_symlink_readpage() fs/isofs/rock.c: get_symlink_chunk()

There is no checking that the total length of the symlink being read is less than the memory space that has been allocated for storing it. By supplying many CE (continuation) records, each with another SL (symlink) chunk, it is possible for an attacker to build an arbitrary length data structure in kernel memory space.
A proof of concept exploit has been written that allows a local user to gain root level access. It is also possible to cause execution of code with kernel privileges.


III. ANALYSIS

In order to exploit this vulnerability, an attacker must be able to mount a maliciously constructed file system. This may be accomplished by the following:
a. Having an account on the machine to be compromised and inserting a malformed disk. Some distributions allow local users to mount removable media without needing to be root and with some configurations. This happens automatically when a disk is inserted. The proof of concept exploit works from floppy disk as well as CD-ROM.

If the attacker can reboot the machine from his or her own media or supply command line options to the kernel during the initialization process after rebooting, exploiting this vulnerability may not be necessary to gain further access. In this situation, the attacker will not be able to directly access any encrypted file systems.

b. If encrypted virtual file systems are implemented, and the attacker gains access to an account able to mount one, then an attacker may be able to mount his or her own maliciously formed file system via the encryption interface. This would allow them access to any already mounted file systems.

c. Being root already. If the attacker has already gained root, but the kernel has some form of patch preventing root being able to perform certain functions, he or she may still be able to mount a file system. As the vulnerability occurs in kernel space, it may be possible for them to neutralize the restrictions.


IV. DETECTION

The issue affects the 2.4.x, 2.5.x and 2.6.x kernel. Other kernel implementations may also be vulnerable.

V. WORKAROUNDS

Disable user mounting of removable media devices.

VI. VENDOR RESPONSE

Affected vendors have provided the following comments/patches:

Slackware
"Slackware will be waiting for a new upstream kernel version that will address this issue.    

- 漏洞信息

5362
Linux Kernel ISO9660 Symbolic Link Overflow Privilege Escalation
Local Access Required Input Manipulation
Loss of Confidentiality, Loss of Integrity, Loss of Availability
Exploit Public Vendor Verified

- 漏洞描述

A local overflow exists in the Linux kernel. The kernel fails to validate symbolic links on ISO 9660 filesystems resulting in a buffer overflow. With a specially crafted symbolic link on a mounted ISO9660 filesystem, an attacker can cause execution of code with kernel privileges resulting in a loss of confidentiality, integrity, and/or availability.

- 时间线

2004-04-14 2004-01-09
2004-01-09 Unknow

- 解决方案

Upgrade to version 2.6.6, 2.4.26 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): compile your own kernel with patches.

- 相关参考

- 漏洞作者

- 漏洞信息

Linux Kernel ISO9660 File System Buffer Overflow Vulnerability
Boundary Condition Error 10141
No Yes
2004-04-14 12:00:00 2009-07-12 04:06:00
Discovery of this issue is credited to zen-parse.

- 受影响的程序版本

Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
SGI ProPack 3.0
SGI ProPack 2.4
RedHat kernel-2.4.20-8.i686.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.20-8.i586.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.20-8.i386.rpm
RedHat kernel-2.4.20-8.athlon.rpm
+ RedHat Linux 9.0 i386
Linux kernel 2.4.25
Linux kernel 2.4.24 -ow1
Linux kernel 2.4.24
Linux kernel 2.4.23 -pre9
Linux kernel 2.4.23 -ow2
Linux kernel 2.4.23
+ Trustix Secure Linux 2.0
Linux kernel 2.4.22
+ Devil-Linux Devil-Linux 1.0.5
+ Devil-Linux Devil-Linux 1.0.4
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Red Hat Fedora Core1
+ Slackware Linux 9.1
Linux kernel 2.4.21 pre7
Linux kernel 2.4.21 pre4
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
Linux kernel 2.4.21 pre1
Linux kernel 2.4.21
+ Conectiva Linux 9.0
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ SuSE SUSE Linux Enterprise Server 8
Linux kernel 2.4.20
+ CRUX CRUX Linux 1.0
+ Gentoo Linux 1.4
+ Gentoo Linux 1.2
+ RedHat Linux 9.0 i386
+ Slackware Linux 9.0
+ WOLK WOLK 4.4 s
Linux kernel 2.4.19 -pre6
Linux kernel 2.4.19 -pre5
Linux kernel 2.4.19 -pre4
Linux kernel 2.4.19 -pre3
Linux kernel 2.4.19 -pre2
Linux kernel 2.4.19 -pre1
Linux kernel 2.4.19
+ Conectiva Linux 8.0
+ Conectiva Linux Enterprise Edition 1.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux 8.1
+ Slackware Linux -current
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7
Linux kernel 2.4.18 pre-8
Linux kernel 2.4.18 pre-7
Linux kernel 2.4.18 pre-6
Linux kernel 2.4.18 pre-5
Linux kernel 2.4.18 pre-4
Linux kernel 2.4.18 pre-3
Linux kernel 2.4.18 pre-2
Linux kernel 2.4.18 pre-1
Linux kernel 2.4.18 x86
+ Debian Linux 3.0 ia-32
Linux kernel 2.4.18
+ Astaro Security Linux 2.0 23
+ Astaro Security Linux 2.0 16
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
+ Red Hat Enterprise Linux AS 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Linux 8.0
+ RedHat Linux 7.3
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. Linux Office Server
+ S.u.S.E. Linux Openexchange Server
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. SuSE eMail Server 3.1
+ S.u.S.E. SuSE eMail Server III
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
Linux kernel 2.4.17
Linux kernel 2.4.16
+ Sun Cobalt RaQ 550
Linux kernel 2.4.15
Linux kernel 2.4.14
Linux kernel 2.4.13
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
Linux kernel 2.4.12
+ Conectiva Linux 7.0
Linux kernel 2.4.11
Linux kernel 2.4.10
+ S.u.S.E. Linux 7.3
Linux kernel 2.4.9
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0
Linux kernel 2.4.8
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.7
+ RedHat Linux 7.2
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
Linux kernel 2.4.6
Linux kernel 2.4.5
+ Slackware Linux 8.0
Linux kernel 2.4.4
+ S.u.S.E. Linux 7.2
Linux kernel 2.4.3
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.2
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
Linux kernel 2.4.1
Linux kernel 2.4 .0-test9
Linux kernel 2.4 .0-test8
Linux kernel 2.4 .0-test7
Linux kernel 2.4 .0-test6
Linux kernel 2.4 .0-test5
Linux kernel 2.4 .0-test4
Linux kernel 2.4 .0-test3
Linux kernel 2.4 .0-test2
Linux kernel 2.4 .0-test12
Linux kernel 2.4 .0-test11
Linux kernel 2.4 .0-test10
Linux kernel 2.4 .0-test1
Linux kernel 2.4
Gentoo Linux 1.4
Conectiva Linux 9.0
Conectiva Linux 8.0
Linux kernel 2.4.26

- 不受影响的程序版本

Linux kernel 2.4.26

- 漏洞讨论

It has been reported that the Linux Kernel is prone to a local ISO9660 file system buffer overflow vulnerability. This issue is due to a failure of the application to properly validate buffer boundaries when processing file system information. An attacker must have adequate permissions to mount the malicious file system to exploit the issue. This is not enabled by default on a number of available Linux distributions.

This issue may be exploited by an attacker to overflow and modify kernel memory, potentially allowing the attacker to create an arbitrary data structure in kernel memory. This issue may be leveraged to gain kernel level access to the affected system.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Linux Kernel 2.4.26 resolves this issue.

Conectiva has released advisory CLA-2004:846 to provide Kernel updates to address this and other issues for Conectiva 8 and 9. Please see the referenced advisory for further details regarding obtaining and applying appropriate updates.

Turbolinux has released a security announcement (TLSA-2004-05-21) providing fixes that can be applied to x86 architecture based computers. Turbolinux users are advised to employ the turboupdate, turbopkg, and zabom utilities as a Superuser in order to obtain and apply appropriate fixes. Please see the referenced advisory for further details regarding obtaining and applying fixes.

SGI have released an advisory (20040405-01-U) and a patch to address this and another issue. Customers are advised to apply the appropriate patch as soon as possible. Further information regarding obtaining and applying an appropriate patch can be found in the referenced advisory.

Debian has released advisories DSA 479-1 and DSA 482-1 as well as fixes dealing with this and other issues. Please see the attached advisory for more information and details on obtaining updated fixes.

Mandrake has released advisory MDKSA-2004:029 and fixes dealing with this and other issues. Please see the attached advisory for more information and details on obtaining fixes.

SuSe Linux has released advisory SuSE-SA:2004:009 and fixes dealing with this and other issues.

Debian has released an update to the advisory DSA 479-1 providing fixes that deal with the IA-32 architecture. Apparently the original fixes are broken due to a build error. Please see the attached advisory for more information and details on obtaining updated fixes.

Trustix has released an advisory TSLSA-2004-0020 with fixes to address this and other issues. Please see the referenced advisory for more information.

Debian has released advisory DSA 489-1 to provide updates for Linux 2.4.17 for the PowerPC/apus and S/390 architectures. Please see the attached advisory for details on applying and obtaining fixes.

Debian has released advisory DSA 491-1 to provide updates for Linux 2.4.19 on the MIPS architecture. Please see the attached advisory for details on applying and obtaining fixes.

Rad Hat has released advisory RHSA-2004:166-08 and fixes for Red Hat Linux version 9. Please see the referenced advisory for more information.

Red Hat has released advisory RHSA-2004:183-03 and fixes dealing with this issue for their Enterprise Linux distribution. Please see the referenced web-advisory for more information and details on obtaining fixes.

Debian has released an advisory (DSA 495-1) to address various issues in the Linux kernel. This advisory contains fixes for the ARM architecture. Please see the referenced advisory for more information.

EnGarde Secure Linux has released an advisory (ESA-20040428-004) to address various issues in the Linux kernel. Please see the referenced advisory for more information.

SGI has released an advisory (20040504-01-U) with fixes to address this and other issues in SGI ProPack 3.0. Please see the referenced advisory for more information.

Gentoo Linux has released advisory GLSA 200407-02 addressing this and other issues. Please see the referenced advisory for further information about this issue and information on upgrading packages using emerge.


RedHat kernel-2.4.20-8.athlon.rpm

Linux kernel 2.4 .0-test3

Linux kernel 2.4 .0-test6

Linux kernel 2.4 .0-test8

Linux kernel 2.4 .0-test7

Linux kernel 2.4

Linux kernel 2.4 .0-test2

Linux kernel 2.4 .0-test11

Linux kernel 2.4 .0-test10

Linux kernel 2.4 .0-test4

Linux kernel 2.4 .0-test1

Linux kernel 2.4 .0-test5

Linux kernel 2.4 .0-test12

SGI ProPack 2.4

Linux kernel 2.4 .0-test9

Linux kernel 2.4.1

Linux kernel 2.4.10

Linux kernel 2.4.11

Linux kernel 2.4.12

Linux kernel 2.4.13

Linux kernel 2.4.14

Linux kernel 2.4.15

Linux kernel 2.4.16

Linux kernel 2.4.17

Linux kernel 2.4.18 pre-8

Linux kernel 2.4.18 pre-7

Linux kernel 2.4.18

Linux kernel 2.4.18 pre-6

Linux kernel 2.4.18 pre-3

Linux kernel 2.4.18 pre-2

Linux kernel 2.4.18 pre-4

Linux kernel 2.4.18 pre-5

Linux kernel 2.4.18 x86

Linux kernel 2.4.18 pre-1

Linux kernel 2.4.19 -pre4

Linux kernel 2.4.19 -pre1

Linux kernel 2.4.19 -pre6

Linux kernel 2.4.19 -pre2

Linux kernel 2.4.19

Linux kernel 2.4.19 -pre5

Linux kernel 2.4.19 -pre3

Linux kernel 2.4.2

Linux kernel 2.4.20

Linux kernel 2.4.21

Linux kernel 2.4.21 pre1

Linux kernel 2.4.21 pre4

Linux kernel 2.4.21 pre7

Linux kernel 2.4.22

Linux kernel 2.4.23

Linux kernel 2.4.23 -ow2

Linux kernel 2.4.23 -pre9

Linux kernel 2.4.24

Linux kernel 2.4.24 -ow1

Linux kernel 2.4.25

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站