CVE-2004-0178
CVSS2.1
发布时间 :2004-06-01 00:00:00
修订时间 :2010-08-21 00:19:41
NMCOS    

[原文]The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes.


[CNNVD]Linux Kernel存在多个安全漏洞(CNNVD-200406-010)

        
        Linux是一款开放源代码操作系统。
        Linux内核存在多个安全漏洞,本地攻击者可以利用这些漏洞获得敏感信息或进行拒绝服务攻击。
        这些漏洞包括:
        * ext3文件系统信息泄露
        * SoundBlaster代码导致本地崩溃
        * 另一个DRI问题导致本地崩溃
        * mremap的其他问题导致本地拒绝服务
        目前没有详细漏洞细节提供。
        

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9427The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certa...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0178
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0178
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200406-010
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2004/dsa-495
(VENDOR_ADVISORY)  DEBIAN  DSA-495
http://www.debian.org/security/2004/dsa-491
(VENDOR_ADVISORY)  DEBIAN  DSA-491
http://www.debian.org/security/2004/dsa-489
(VENDOR_ADVISORY)  DEBIAN  DSA-489
http://www.debian.org/security/2004/dsa-482
(VENDOR_ADVISORY)  DEBIAN  DSA-482
http://www.redhat.com/support/errata/RHSA-2004-437.html
(UNKNOWN)  REDHAT  RHSA-2004:437
http://www.redhat.com/support/errata/RHSA-2004-413.html
(UNKNOWN)  REDHAT  RHSA-2004:413
http://www.debian.org/security/2004/dsa-481
(UNKNOWN)  DEBIAN  DSA-481
http://www.debian.org/security/2004/dsa-480
(UNKNOWN)  DEBIAN  DSA-480
http://www.debian.org/security/2004/dsa-479
(UNKNOWN)  DEBIAN  DSA-479
http://security.gentoo.org/glsa/glsa-200407-02.xml
(UNKNOWN)  GENTOO  GLSA-200407-02
http://linux.bkbits.net:8080/linux-2.4/cset@404ce5967rY2Ryu6Z_uNbYh643wuFA
(UNKNOWN)  MISC  http://linux.bkbits.net:8080/linux-2.4/cset@404ce5967rY2Ryu6Z_uNbYh643wuFA
ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
(UNKNOWN)  SGI  20040804-01-U
http://xforce.iss.net/xforce/xfdb/15868
(UNKNOWN)  XF  linux-sound-blaster-dos(15868)
http://www.securityfocus.com/bid/9985
(UNKNOWN)  BID  9985
http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
(UNKNOWN)  MANDRAKE  MDKSA-2004:029
http://www.ciac.org/ciac/bulletins/o-193.shtml
(UNKNOWN)  CIAC  O-193
http://www.ciac.org/ciac/bulletins/o-127.shtml
(UNKNOWN)  CIAC  O-127
http://www.ciac.org/ciac/bulletins/o-121.shtml
(UNKNOWN)  CIAC  O-121
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
(UNKNOWN)  CONECTIVA  CLA-2004:846

- 漏洞信息

Linux Kernel存在多个安全漏洞
低危 未知
2004-06-01 00:00:00 2005-10-20 00:00:00
本地  
        
        Linux是一款开放源代码操作系统。
        Linux内核存在多个安全漏洞,本地攻击者可以利用这些漏洞获得敏感信息或进行拒绝服务攻击。
        这些漏洞包括:
        * ext3文件系统信息泄露
        * SoundBlaster代码导致本地崩溃
        * 另一个DRI问题导致本地崩溃
        * mremap的其他问题导致本地拒绝服务
        目前没有详细漏洞细节提供。
        

- 公告与补丁

        厂商补丁:
        Conectiva
        ---------
        Conectiva已经为此发布了一个安全公告(CLSA-2004:829)以及相应补丁:
        CLSA-2004:829:kernel
        链接:
        http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000829

        补丁下载:
        安装如下内核补丁:
        ftp://ul.conectiva.com.br/updates/1.0/RPMS.core/k_athlon-2.4.21-198.i586.rpm
        ftp://ul.conectiva.com.br/updates/1.0/RPMS.core/k_debug-2.4.21-198.i586.rpm
        ftp://ul.conectiva.com.br/updates/1.0/RPMS.core/k_deflt-2.4.21-198.i586.rpm
        ftp://ul.conectiva.com.br/updates/1.0/RPMS.core/k_psmp-2.4.21-198.i586.rpm
        ftp://ul.conectiva.com.br/updates/1.0/RPMS.core/k_smp-2.4.21-198.i586.rpm
        ftp://ul.conectiva.com.br/updates/1.0/RPMS.core/kernel-source-2.4.21-198.i586.rpm
        ftp://ul.conectiva.com.br/updates/1.0/SRPMS.core/k_athlon-2.4.21-198.src.rpm
        ftp://ul.conectiva.com.br/updates/1.0/SRPMS.core/k_debug-2.4.21-198.src.rpm
        ftp://ul.conectiva.com.br/updates/1.0/SRPMS.core/k_deflt-2.4.21-198.src.rpm
        ftp://ul.conectiva.com.br/updates/1.0/SRPMS.core/k_psmp-2.4.21-198.src.rpm
        ftp://ul.conectiva.com.br/updates/1.0/SRPMS.core/k_smp-2.4.21-198.src.rpm
        ftp://ul.conectiva.com.br/updates/1.0/SRPMS.core/kernel-source-2.4.21-198.src.rpm
        可按照如下程序安装:
        # rpm -Uvh kernel_package_name
        # mkinitrd
        # rpm -qf /boot/vmlinuz
        # lilo
        # shutdown -r now

- 漏洞信息

5364
Linux Kernel SoundBlaster 16 Driver Sample Size Handling Local DoS
Local Access Required Denial of Service, Input Manipulation
Loss of Availability
Exploit Public

- 漏洞描述

The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered when a program submits an odd number of output bytes to the soundcard in 16bit output mode, which will cause an endless loop, resulting in loss of availability for the driver.

- 时间线

2002-06-01 Unknow
2002-06-01 Unknow

- 解决方案

Upgrade to version 2.4.26, 2.6.6, or higher, as this has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the vendor-supplied patch.

- 相关参考

- 漏洞作者

- 漏洞信息

Multiple Local Linux Kernel Vulnerabilities
Unknown 9985
No Yes
2004-03-26 12:00:00 2009-07-12 05:56:00
These issues were announced in a Conectiva advisory. The discoverer(s) are currently unknown.

- 受影响的程序版本

Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
SGI ProPack 3.0
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 2.1
Red Hat Enterprise Linux AS 2.1
Linux kernel 2.4.21 pre7
Linux kernel 2.4.21 pre4
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
Linux kernel 2.4.21 pre1
Linux kernel 2.4.21
+ Conectiva Linux 9.0
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ SuSE SUSE Linux Enterprise Server 8
Linux kernel 2.4.20
+ CRUX CRUX Linux 1.0
+ Gentoo Linux 1.4
+ Gentoo Linux 1.2
+ RedHat Linux 9.0 i386
+ Slackware Linux 9.0
+ WOLK WOLK 4.4 s
Linux kernel 2.4.19 -pre6
Linux kernel 2.4.19 -pre5
Linux kernel 2.4.19 -pre4
Linux kernel 2.4.19 -pre3
Linux kernel 2.4.19 -pre2
Linux kernel 2.4.19 -pre1
Linux kernel 2.4.19
+ Conectiva Linux 8.0
+ Conectiva Linux Enterprise Edition 1.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux 8.1
+ Slackware Linux -current
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7
Linux kernel 2.4.18 pre-8
Linux kernel 2.4.18 pre-7
Linux kernel 2.4.18 pre-6
Linux kernel 2.4.18 pre-5
Linux kernel 2.4.18 pre-4
Linux kernel 2.4.18 pre-3
Linux kernel 2.4.18 pre-2
Linux kernel 2.4.18 pre-1
Linux kernel 2.4.18 x86
+ Debian Linux 3.0 ia-32
Linux kernel 2.4.18
+ Astaro Security Linux 2.0 23
+ Astaro Security Linux 2.0 16
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
+ Red Hat Enterprise Linux AS 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Linux 8.0
+ RedHat Linux 7.3
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. Linux Office Server
+ S.u.S.E. Linux Openexchange Server
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. SuSE eMail Server 3.1
+ S.u.S.E. SuSE eMail Server III
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
Linux kernel 2.4.17
Linux kernel 2.4.16
+ Sun Cobalt RaQ 550
Linux kernel 2.4.15
Linux kernel 2.4.14
Linux kernel 2.4.13
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
Linux kernel 2.4.12
+ Conectiva Linux 7.0
Linux kernel 2.4.11
Linux kernel 2.4.10
+ S.u.S.E. Linux 7.3
Linux kernel 2.4.9
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0
Linux kernel 2.4.8
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.7
+ RedHat Linux 7.2
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
Linux kernel 2.4.6
Linux kernel 2.4.5
+ Slackware Linux 8.0
Linux kernel 2.4.4
+ S.u.S.E. Linux 7.2
Linux kernel 2.4.3
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.2
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
Linux kernel 2.4.1
Linux kernel 2.4 .0-test9
Linux kernel 2.4 .0-test8
Linux kernel 2.4 .0-test7
Linux kernel 2.4 .0-test6
Linux kernel 2.4 .0-test5
Linux kernel 2.4 .0-test4
Linux kernel 2.4 .0-test3
Linux kernel 2.4 .0-test2
Linux kernel 2.4 .0-test12
Linux kernel 2.4 .0-test11
Linux kernel 2.4 .0-test10
Linux kernel 2.4 .0-test1
Linux kernel 2.4
Gentoo Linux 1.4
Conectiva Linux 9.0
Conectiva Linux 8.0

- 漏洞讨论

Multiple local vulnerabilities were reported in the Linux Kernel. These issues could permit information disclosure via the ext3 filesystem, system crash through buggy SoundBlaster code, a system crash via a bug in Kernel DRI support and a denial of service via mremap.

These issues appear to affect the 2.4 Kernel. Few details are known at this time.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

SGI has made available Patch 10096 and advisory (20040804-01-U), correcting this and other vulnerabilities for systems running SGI ProPack 3.

Patch 10096 is available from:
ftp://patches.sgi.com/support/free/security/patches/ProPack/3/

Please see the referenced advisory for further details regarding obtaining and applying appropriate updates.

Conectiva has released advisory CLA-2004:846 to provide Kernel updates to address this and other issues for Conectiva 8 and 9. Please see the referenced advisory for further details regarding obtaining and applying appropriate updates.

Turbolinux has released a security announcement (TLSA-2004-05-21) providing fixes that can be applied to x86 architecture based computers. Turbolinux users are advised to employ the turboupdate, turbopkg, and zabom utilities as a Superuser in order to obtain and apply appropriate fixes. Please see the referenced advisory for further details regarding obtaining and applying fixes.

Conectiva has released advisory CLSA-2004:829 to provide Kernel updates for CLEE 1.0. Please see the attached advisory for details on how to apply updates.

Debian has released advisories DSA 479-1 and DSA 482-1 as well as fixes dealing with this and other issues. Please see the attached advisory for more information and details on obtaining fixes.

Mandrake has released advisory MDKSA-2004:029 along with fixes that deal with some of the issues described in this BID. Please see the reference section for more information and details on obtaining fixes.

Debian has released an update to the advisory DSA 479-1 providing fixes that deal with the IA-32 architecture. Apparently the original fixes are broken due to a build error. Please see the attached advisory for more information and details on obtaining updated fixes.

Debian has released advisory DSA 489-1 to provide updates for Linux 2.4.17 for the PowerPC/apus and S/390 architectures. Please see the attached advisory for details on applying and obtaining fixes.

Debian has released advisory DSA 491-1 to provide updates for Linux 2.4.19 on the MIPS architecture. Please see the attached advisory for details on applying and obtaining fixes.

RedHat has released an advisory (FEDORA-2004-111) to address various issues in Fedora. Please see the referenced advisory for more information.

Debian has released an advisory (DSA 495-1) to address various issues in the Linux kernel. This advisory contains fixes for the ARM architecture. Please see the referenced advisory for more information.

Gentoo Linux has released advisory GLSA 200407-02 addressing this and other issues. Please see the referenced advisory for further information about this issue and information on upgrading packages using emerge.

Red Hat has released advisories RHSA-2004:413-07, and RHSA-2004:437-02 along with fixes to address this issue on Red Hat Linux Enterprise 2.1 and 3.0 platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.


Linux kernel 2.4.16

Linux kernel 2.4.17

Linux kernel 2.4.18

Linux kernel 2.4.19

Linux kernel 2.4.21

Linux kernel 2.4.5

Linux kernel 2.4.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站