CVE-2004-0228
CVSS7.2
发布时间 :2004-08-18 00:00:00
修订时间 :2008-09-10 15:25:32
NMCOS    

[原文]Integer signedness error in the cpufreq proc handler (cpufreq_procctl) in Linux kernel 2.6 allows local users to gain privileges.


[CNNVD]Linux Kernel CPUFreq Proc处理器整数处理漏洞(CNNVD-200408-171)

        
        Linux是一款开放源代码操作系统。
        Linux内核包含的cpufreq proc处理器处理整数问题,本地攻击者可以利用这个漏洞读取任意内核内存信息,可能获得root用户权限。
        目前没有详细漏洞细节提供。
        

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0228
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0228
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-171
(官方数据源) CNNVD

- 其它链接及资源

http://www.novell.com/linux/security/advisories/2004_10_kernel.html
(UNKNOWN)  SUSE  SuSE-SA:2004:010
http://security.gentoo.org/glsa/glsa-200407-02.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200407-02
http://xforce.iss.net/xforce/xfdb/15951
(UNKNOWN)  XF  linux-cpufreq-info-disclosure(15951)
http://www.mandriva.com/security/advisories?name=MDKSA-2004:050
(UNKNOWN)  MANDRAKE  MDKSA-2004:050
http://secunia.com/advisories/11683
(UNKNOWN)  SECUNIA  11683
http://secunia.com/advisories/11491
(UNKNOWN)  SECUNIA  11491
http://secunia.com/advisories/11486
(UNKNOWN)  SECUNIA  11486
http://secunia.com/advisories/11464
(UNKNOWN)  SECUNIA  11464
http://secunia.com/advisories/11429
(UNKNOWN)  SECUNIA  11429
http://fedoranews.org/updates/FEDORA-2004-111.shtml
(UNKNOWN)  FEDORA  FEDORA-2004-111
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852
(UNKNOWN)  CONECTIVA  CLA-2004:852

- 漏洞信息

Linux Kernel CPUFreq Proc处理器整数处理漏洞
高危 设计错误
2004-08-18 00:00:00 2005-10-20 00:00:00
本地  
        
        Linux是一款开放源代码操作系统。
        Linux内核包含的cpufreq proc处理器处理整数问题,本地攻击者可以利用这个漏洞读取任意内核内存信息,可能获得root用户权限。
        目前没有详细漏洞细节提供。
        

- 公告与补丁

        厂商补丁:
        Linux
        -----
        可从如下地址获得补丁:
        
        http://www.kernel.org/pub/linux/kernel/v2.6/testing/cset/

        及
        
        http://www.kernel.org/pub/linux/kernel/v2.5/testing/cset/

- 漏洞信息

5667
Linux Kernel CPUFREQ Proc Handler Information Disclosure
Local Access Required Information Disclosure
Loss of Confidentiality
Exploit Unknown

- 漏洞描述

A local overflow exists in the Linux kernel. The kernel casts an unsigned integer into a signed integer resulting in an integer overflow. With a specially crafted request, an attacker can potentially read arbitrary amounts of memory resulting in a loss of confidentiality.

- 时间线

2004-04-21 Unknow
Unknow Unknow

- 解决方案

Upgrade to kernel version 2.6.6-rc3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Linux Kernel CPUFreq Proc Handler Integer Handling Vulnerability
Design Error 10201
No Yes
2004-04-23 12:00:00 2009-07-12 04:06:00
Discovery of this vulnerability has been credited to Brad Spengler <spender@grsecurity.net>.

- 受影响的程序版本

Linux kernel 2.6.5
+ S.u.S.E. Linux Enterprise Server 9
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 2.6.1 -rc2
Linux kernel 2.6.1 -rc1
Linux kernel 2.6.1
Linux kernel 2.6 -test9-CVS
Linux kernel 2.6 -test9
Linux kernel 2.6 -test8
Linux kernel 2.6 -test7
Linux kernel 2.6 -test6
Linux kernel 2.6 -test5
Linux kernel 2.6 -test4
Linux kernel 2.6 -test3
Linux kernel 2.6 -test2
Linux kernel 2.6 -test11
Linux kernel 2.6 -test10
Linux kernel 2.6 -test1
Linux kernel 2.6
Linux kernel 2.5.69
Linux kernel 2.5.68
Linux kernel 2.5.67
Linux kernel 2.5.66
Linux kernel 2.5.65
Linux kernel 2.5.64
Linux kernel 2.5.63
Linux kernel 2.5.62
Linux kernel 2.5.61
Linux kernel 2.5.60
Linux kernel 2.5.59
Linux kernel 2.5.58
Linux kernel 2.5.57
Linux kernel 2.5.56
Linux kernel 2.5.55
Linux kernel 2.5.54
Linux kernel 2.5.53
Linux kernel 2.5.52
Linux kernel 2.5.51
Linux kernel 2.5.50
Linux kernel 2.5.49
Linux kernel 2.5.48
Linux kernel 2.5.47
Linux kernel 2.5.46
Linux kernel 2.5.45
Linux kernel 2.5.44
Linux kernel 2.5.43
Linux kernel 2.5.42
Linux kernel 2.5.41
Linux kernel 2.5.40
Linux kernel 2.5.39
Linux kernel 2.5.38
Linux kernel 2.5.37
Linux kernel 2.5.36
Linux kernel 2.5.35
Linux kernel 2.5.34
Linux kernel 2.5.33
Linux kernel 2.5.32
Linux kernel 2.5.31
Linux kernel 2.5.30
Linux kernel 2.5.29
Linux kernel 2.5.28
Linux kernel 2.5.27
Linux kernel 2.5.26
Linux kernel 2.5.25
Linux kernel 2.5.24
Linux kernel 2.5.23
Linux kernel 2.5.22
Linux kernel 2.5.21
Linux kernel 2.5.20
Linux kernel 2.5.19
Linux kernel 2.5.18
Linux kernel 2.5.17
Linux kernel 2.5.16
Linux kernel 2.5.15
Linux kernel 2.5.14
Linux kernel 2.5.13
Linux kernel 2.5.12
Linux kernel 2.5.11
Linux kernel 2.5.10
Linux kernel 2.5.9
Linux kernel 2.5.8
Linux kernel 2.5.7
Linux kernel 2.5.6
Linux kernel 2.5.5
Linux kernel 2.5.4
Linux kernel 2.5.3
Linux kernel 2.5.2
Linux kernel 2.5.1
Linux kernel 2.5 .0
Gentoo Linux 1.4

- 漏洞讨论

A local integer handling vulnerability has been announced in the Linux kernel. It is reported that this vulnerability may be exploited by an unprivileged local user to obtain kernel memory contents. Additionally it is reported that a root user may exploit this issue to write to arbitrary regions of kernel memory, which may be a vulnerability in non-standard security enhanced systems where uid 0 does not have this privilege.

The vulnerability presents itself due to integer handling errors in the proc handler for cpufreq.

- 漏洞利用

A proof of concept exploit has been provided by iSEC Security Research.

- 解决方案

The fix is available as a source code diff at:

http://www.kernel.org/pub/linux/kernel/v2.6/testing/cset/

and

http://www.kernel.org/pub/linux/kernel/v2.5/testing/cset/

RedHat has released an advisory (FEDORA-2004-111) to address various issues in Fedora. Please see the referenced advisory for more information.

SuSE Linux has released an advisory (SuSE-SA:2004:010) to address various issues in the Linux kernel. Please see the referenced advisory for more information.

Mandrake has released an advisory (MDKSA-2004:050) to address various issues in the Linux kernel. Please see referenced advisory for more information.

Gentoo Linux has released advisory GLSA 200407-02 addressing this and other issues. Please see the referenced advisory for further information about this issue and information on upgrading packages using emerge.

Conectiva Linux has released advisory CLA-2004:852 along with fixes dealing with this and other issues. Please see the referenced advisory for more information.


Linux kernel 2.6.3

Linux kernel 2.6.4

Linux kernel 2.6.5

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站