CVE-2004-0435
CVSS3.6
发布时间 :2004-08-18 00:00:00
修订时间 :2008-09-10 15:26:23
NMCOPS    

[原文]Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk.


[CNNVD]FreeBSD Msync(2)系统调用缓冲区缓存实现漏洞(CNNVD-200408-144)

        
        FreeBSD的msync(2)系统调用是应用程序用来请求将映射内存中的数据写回磁盘。
        msync(2)系统调用实现存在编程错误,本地攻击者可以利用这个漏洞破坏系统文件,或更改敏感配置文件等攻击。
        msync(2)系统调用在进行MS_INVALIDATE操作时存在问题,可导致在虚拟内存系统和磁盘内容之间产生缓存一致性问题,可能利用这个漏洞破坏系统文件。
        

- CVSS (基础分值)

CVSS分值: 3.6 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:freebsd:freebsd:4.10:releng
cpe:/o:freebsd:freebsd:5.2.1:release
cpe:/o:freebsd:freebsd:4.9:releng
cpe:/o:freebsd:freebsd:4.8FreeBSD 4.8
cpe:/o:freebsd:freebsd:4.8:pre-release
cpe:/o:freebsd:freebsd:4.9:pre-release
cpe:/o:freebsd:freebsd:4.10FreeBSD 4.10
cpe:/o:freebsd:freebsd:5.2FreeBSD 5.2
cpe:/o:freebsd:freebsd:4.8:releng
cpe:/o:freebsd:freebsd:4.9FreeBSD 4.9
cpe:/o:freebsd:freebsd:4.0:releng
cpe:/o:freebsd:freebsd:4.8:release_p6
cpe:/o:freebsd:freebsd:5.2.1:releng
cpe:/o:freebsd:freebsd:4.10:release

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0435
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0435
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-144
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:11.msync.asc
(UNKNOWN)  FREEBSD  FreeBSD-SA-04:11
http://xforce.iss.net/xforce/xfdb/16254
(UNKNOWN)  XF  freebsd-msync-gain-privileges(16254)
http://www.securityfocus.com/bid/10416
(UNKNOWN)  BID  10416
http://secunia.com/advisories/11714
(UNKNOWN)  SECUNIA  11714

- 漏洞信息

FreeBSD Msync(2)系统调用缓冲区缓存实现漏洞
低危 设计错误
2004-08-18 00:00:00 2005-10-20 00:00:00
本地  
        
        FreeBSD的msync(2)系统调用是应用程序用来请求将映射内存中的数据写回磁盘。
        msync(2)系统调用实现存在编程错误,本地攻击者可以利用这个漏洞破坏系统文件,或更改敏感配置文件等攻击。
        msync(2)系统调用在进行MS_INVALIDATE操作时存在问题,可导致在虚拟内存系统和磁盘内容之间产生缓存一致性问题,可能利用这个漏洞破坏系统文件。
        

- 公告与补丁

        厂商补丁:
        FreeBSD
        -------
        FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-04:11)以及相应补丁:
        FreeBSD-SA-04:11:buffer cache invalidation implementation issues
        链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:11.msync.asc
        补丁下载:
        执行以下步骤之一:
        1) 将有漏洞的系统升级到4-STABLE,或修订日期后的RELENG_5_2,RELENG_4_10,RELENG_4_9
        或RELENG_4_8安全版本。
        2) 绿盟科技建议立刻为当前系统打补丁:
        已验证下列补丁可应用于FreeBSD 4.8, 4.9, 4.10和5.2系统。
        a) 从以下位置下载相关补丁,并使用PGP工具验证附带的PGP签名。
        [FreeBSD 5.2]
        # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync5.patch
        # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync5.patch.asc
        [FreeBSD 4.8, 4.9, 4.10]
        # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync4.patch
        # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync4.patch.asc
        b) 应用补丁
        # cd /usr/src
        # patch < /path/to/patch
        c) 按
        http://www.freebsd.org/handbook/kernelconfig.html >所述重新编译
        kernel并重启系统。

- 漏洞信息 (F33429)

FreeBSD Security Advisory 2004.11 (PacketStormID:F33429)
2004-05-26 00:00:00
The FreeBSD Project,Stephan Uphoff,Matt Dillon  freebsd.org
advisory
freebsd
CVE-2004-0435
[点击下载]

FreeBSD Security Advisory FreeBSD-SA-04:11.msync - Programming errors in the implementation of the msync(2) system call involving the MS_INVALIDATE operation lead to cache consistency problems between the virtual memory system and on-disk contents. In some situations, a user with read access to a file may be able to prevent changes to that file from being committed to disk.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-type" content="text/html;charset=utf-8" />
<title>FreeBSD Security Advisory 2004.11 ≈ Packet Storm</title>
<meta name="description" content="Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers" />
<meta name="keywords" content="security,exploit,advisory,whitepaper,xss,csrf,overflow,scanner,vulnerability" />
<link rel="shortcut icon" href="/img/pss.ico" />
<link rel="stylesheet" media="screen,print,handheld" href="http://packetstatic.com/css1366870159/pss.css" type="text/css" />
<!--[if lt ie 8]><link rel="stylesheet" type="text/css" href="http://packetstatic.com/css1366870159/ie.css" /><![endif]-->
<script type="text/javascript" src="http://packetstatic.com/js1366870155/pt.js"></script>
<script type="text/javascript" src="http://packetstatic.com/js1366870155/pss.js"></script>
<link rel="search" type="application/opensearchdescription+xml" href="http://packetstormsecurity.com/opensearch.xml" title="Packet Storm Site Search" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Headlines" href="http://rss.packetstormsecurity.com/news/" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Recent Files" href="http://rss.packetstormsecurity.com/files/" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Exploits" href="http://rss.packetstormsecurity.com/files/tags/exploit/" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Advisories" href="http://rss.packetstormsecurity.com/files/tags/advisory/" />
</head>
<body id="files">
<div id="t">
   <div id="tc">
      <a id="top" href="/"><img src="http://packetstatic.com/img1353978071/ps_logo.png" width="315" height="65" id="logo" alt="packet storm" /></a>
      <div id="slogan">the original cloud security
</div>
      <div id="account"><a href="https://packetstormsecurity.com/account/register/">Register</a> | <a href="https://packetstormsecurity.com/account/login/">Login</a></div>
      <div id="search">
        <form method="get" action="/search/"><input type="text" name="q" id="q" maxlength="120" value="Search …" /><button type="submit"></button><div id="q-tabs"><label for="s-files" class="on">Files</label><label for="s-news">News</label><label for="s-users">Users</label><label for="s-authors">Authors</label><input type="radio" value="files" name="s" id="s-files" /><input type="radio" value="news" name="s" id="s-news" /><input type="radio" value="users" name="s" id="s-users" /><input type="radio" value="authors" name="s" id="s-authors" /></div></form>
      </div>
   </div>
    <div id="tn"><div id="tnc">
        <a href="/" id="tn-home"><span>Home</span></a> <a href="/files/" id="tn-files"><span>Files</span></a> <a href="/news/" id="tn-news"><span>News</span></a> <a href="/about/" id="tn-about"><span>About</span></a> <a href="/contact/" id="tn-contact"><span>Contact</span></a> <a href="/submit/" id="tn-submit"><span>Add New</span></a>
    </div></div>
    <div id="tn2"></div>
</div>

<div id="c">

 <div id="cc">
     <div id="m">
    

    
    
    
     
    <div class="h1"><h1>FreeBSD Security Advisory 2004.11</h1></div>
<dl id="F33429" class="file first">
<dt><a class="ico text-plain" href="/files/download/33429/FreeBSD-SA-04%3A11.msync.txt" title="Size: 4.4 KB"><strong>FreeBSD Security Advisory 2004.11</strong></a></dt>
<dd class="datetime">Posted <a href="/files/date/2004-05-26/" title="21:25:28 UTC">May 26, 2004</a></dd>
<dd class="refer">Authored by <a href="/files/author/1243/" class="group">The FreeBSD Project</a>, <a href="/files/author/3333/" class="person">Stephan Uphoff</a>, <a href="/files/author/3334/" class="person">Matt Dillon</a> | Site <a href="http://www.freebsd.org/security/">freebsd.org</a></dd>
<dd class="detail"><p>FreeBSD Security Advisory FreeBSD-SA-04:11.msync - Programming errors in the implementation of the msync(2) system call involving the MS_INVALIDATE operation lead to cache consistency problems between the virtual memory system and on-disk contents. In some situations, a user with read access to a file may be able to prevent changes to that file from being committed to disk.</p></dd>
<dd class="tags"><span>tags</span> | <a href="/files/tags/advisory">advisory</a></dd>
<dd class="os"><span>systems</span> | <a href="/files/os/freebsd">freebsd</a></dd>
<dd class="cve"><span>advisories</span> | <a href="/files/cve/CVE-2004-0435">CVE-2004-0435</a></dd>
<dd class="md5"><span>MD5</span> | <code>cb50bc11528130a72e93716778e80844</code></dd>
<dd class="act-links"><a href="/files/download/33429/FreeBSD-SA-04%3A11.msync.txt" title="Size: 4.4 KB" rel="nofollow">Download</a> | <a href="/files/favorite/33429/" class="fav" rel="nofollow">Favorite</a> | <a href="/files/33429/FreeBSD-Security-Advisory-2004.11.html">Comments <span>(0)</span></a></dd>
</dl>
<div id="extra-links"><a href="/files/related/33429/FreeBSD-Security-Advisory-2004.11.html" id="related">Related Files</a><div id="share">
<h2>Share This</h2>
<ul>
<li><iframe scrolling="no" frameborder="0" allowtransparency="true" style="border: medium none; overflow: hidden; width: 80px; height: 21px;" src="http://www.facebook.com/plugins/like.php?href=http://packetstormsecurity.com/files/33429/FreeBSD-Security-Advisory-2004.11.html&layout=button_count&show_faces=true&width=250&action=like&font&colorscheme=light&height=21"></iframe></li><li><iframe scrolling="no" frameborder="0" tabindex="0" allowtransparency="true" src="http://platform0.twitter.com/widgets/tweet_button.html?_=1286138321418&count=horizontal&lang=en&text=FreeBSD%20Security%20Advisory%202004.11&url=http://packetstormsecurity.com/files/33429/FreeBSD-Security-Advisory-2004.11.html&via=packet_storm" style="width: 110px; height: 20px;" title="Twitter"></iframe></li><li><a href="http://www.linkedin.com/shareArticle?mini=true&url=http://packetstormsecurity.com/files/33429/FreeBSD-Security-Advisory-2004.11.html&title=FreeBSD%20Security%20Advisory%202004.11&source=Packet+Storm" class="LinkedIn">LinkedIn</a></li><li><a href="http://www.reddit.com/submit?url=http://packetstormsecurity.com/files/33429/FreeBSD-Security-Advisory-2004.11.html&title=FreeBSD%20Security%20Advisory%202004.11" class="Reddit">Reddit</a></li><li><a href="http://digg.com/submit?phase=2&url=http://packetstormsecurity.com/files/33429/FreeBSD-Security-Advisory-2004.11.html" class="Digg">Digg</a></li><li><a href="http://www.stumbleupon.com/submit?url=http://packetstormsecurity.com/files/33429/FreeBSD-Security-Advisory-2004.11.html&title=FreeBSD%20Security%20Advisory%202004.11" class="StumbleUpon">StumbleUpon</a></li></ul>
</div>
</div>
<div class="h1"><h1>FreeBSD Security Advisory 2004.11</h1></div>
<div class="src">
<div><a href="/mirrors/">Change Mirror</a> <a href="/files/download/33429/FreeBSD-SA-04%3A11.msync.txt">Download</a></div>
<pre><code>-----BEGIN PGP SIGNED MESSAGE-----<br />Hash: SHA1<br /><br />=============================================================================<br />FreeBSD-SA-04:11.msync                                      Security Advisory<br />                                                          The FreeBSD Project<br /><br />Topic:          buffer cache invalidation implementation issues<br /><br />Category:       core<br />Module:         sys<br />Announced:      2004-05-26<br />Credits:        Stephan Uphoff <ups@tree.com><br />                Matt Dillon <dillon@apollo.backplane.com><br />Affects:        All FreeBSD versions prior to the correction date<br />Corrected:      2004-05-25 22:46:38 UTC (RELENG_4, 4.10-STABLE)<br />                2004-05-25 23:07:55 UTC (RELENG_5_2, 5.2.1-RELEASE-p8)<br />                2004-05-22 23:09:19 UTC (RELENG_4_10, 4.10-RELEASE)<br />                2004-05-25 23:01:21 UTC (RELENG_4_9, 4.9-RELEASE-p9)<br />                2004-05-25 23:01:19 UTC (RELENG_4_8, 4.8-RELEASE-p22)<br />CVE Name:       CAN-2004-0435<br />FreeBSD only:   YES<br /><br />For general information regarding FreeBSD Security Advisories,<br />including descriptions of the fields above, security branches, and the<br />following sections, please visit<br /><URL:http://www.freebsd.org/security/>.<br /><br />I.   Background<br /><br />The msync(2) system call is used by applications to request that<br />modified memory pages are written to permanent storage.<br /><br />II.  Problem Description<br /><br />Programming errors in the implementation of the msync(2) system call<br />involving the MS_INVALIDATE operation lead to cache consistency<br />problems between the virtual memory system and on-disk contents.<br /><br />III. Impact<br /><br />In some situations, a user with read access to a file may be able to<br />prevent changes to that file from being committed to disk.<br /><br />IV.  Workaround<br /><br />There is no workaround.<br /><br />V.   Solution<br /><br />Perform one of the following:<br /><br />1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_2,<br />RELENG_4_10, RELENG_4_9, or RELENG_4_8 security branch dated after the<br />correction date.<br /><br />2) To patch your present system:<br /><br />The following patches have been verified to apply to FreeBSD 4.8, 4.9,<br />4.10 and 5.2 systems.<br /><br />a) Download the relevant patch from the location below, and verify the<br />detached PGP signature using your PGP utility.<br /><br />[FreeBSD 5.2]<br /># fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync5.patch<br /># fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync5.patch.asc<br /><br />[FreeBSD 4.8, 4.9, 4.10]<br /># fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync4.patch<br /># fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync4.patch.asc<br /><br />b) Apply the patch.<br /><br /># cd /usr/src<br /># patch < /path/to/patch<br /><br />c) Recompile your kernel as described in<br /><URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the<br />system.<br /><br />VI.  Correction details<br /><br />The following list contains the revision numbers of each file that was<br />corrected in FreeBSD.<br /><br />Branch                                                           Revision<br />  Path<br />- -------------------------------------------------------------------------<br />RELENG_4<br />  src/sys/ufs/ufs/ufs_readwrite.c                               1.65.2.16<br />  src/sys/vm/vm_map.c                                          1.187.2.30<br />RELENG_4_10<br />  src/sys/ufs/ufs/ufs_readwrite.c                           1.65.2.14.4.1<br />  src/sys/vm/vm_map.c                                      1.187.2.24.2.4<br />RELENG_4_9<br />  src/UPDATING                                             1.73.2.89.2.10<br />  src/sys/conf/newvers.sh                                  1.44.2.32.2.10<br />  src/sys/ufs/ufs/ufs_readwrite.c                           1.65.2.14.2.1<br />  src/sys/vm/vm_map.c                                      1.187.2.23.2.1<br />RELENG_4_8<br />  src/UPDATING                                             1.73.2.80.2.25<br />  src/sys/conf/newvers.sh                                  1.44.2.29.2.23<br />  src/sys/ufs/ufs/ufs_readwrite.c                           1.65.2.13.2.1<br />  src/sys/vm/vm_map.c                                      1.187.2.17.2.1<br />RELENG_5_2<br />  src/UPDATING                                                 1.282.2.16<br />  src/sys/conf/newvers.sh                                       1.56.2.15<br />  src/sys/ufs/ffs/ffs_vnops.c                                   1.119.2.1<br />  src/sys/vm/vm_object.c                                        1.317.2.1<br />- -------------------------------------------------------------------------<br />-----BEGIN PGP SIGNATURE-----<br />Version: GnuPG v1.2.4 (FreeBSD)<br /><br />iD8DBQFAtH2pFdaIBMps37IRAmycAJ0cv/iG6NlGBsC1xT4gg/Gx3lF8DwCghfHl<br />G2wdUNyfvhz0u3kFB9pH41c=<br />=SK1u<br />-----END PGP SIGNATURE-----<br /></code></pre>
</div>
<div id="comments">
<h2>Comments</h2><a href="http://rss.packetstormsecurity.com/files/33429" class="rss-cmt"><img src="http://packetstatic.com/img1353978071/bt_rss.gif" width="16" height="16" alt="RSS Feed" /> <span>Subscribe to this comment feed</span></a><br /><p id="comment-none">No comments yet, be the first!</p></div>
<div id="comment-form" style="display:none"></div><div id="comment-login"><a href="https://packetstormsecurity.com/account/login/">Login</a> or <a href="https://packetstormsecurity.com/account/register/">Register</a> to post a comment</div>
    
    
     </div>
    
      <div id="adblock">
        
      </div>
      <div id="mn">
        <div class="mn-like-us">
<ul>
<li><a href="https://twitter.com/packet_storm"><img src="http://packetstatic.com/img1353978071/s_twitter.png" width="24" height="24" alt="Follow on Twitter" /> Follow us on Twitter</a></li>
<li><a href="https://www.facebook.com/packetstormfeed"><img src="http://packetstatic.com/img1353978071/s_facebook.png" width="24" height="24" alt="Follow on Facebook" /> Follow us on Facebook</a></li>
<li><a href="/feeds"><img src="http://packetstatic.com/img1353978071/s_rss.png" width="24" height="24" alt="View RSS Feeds" /> Subscribe to an RSS Feed</a></li>
</ul>
</div>
<div class="mn-like-us"><ul><li style="border-color: #afa; background: #efe"><a style="border-color: #6f6; background: #afa; color: #060; padding-left: 0;" href="/bugbounty/"><span style="color:#393">$ $ $</span>  Write Exploits? Get Paid!</a></li></ul></div>
<div>
<form id="cal" action="/files/cal/" method="post">
<h2>File Archive:</h2><h3>April 2013</h3>
<button id="cal-prev" name="cal-prev" type="button" value="2013-4"><span><</span></button><ul class="dotw"><li>Su</li><li>Mo</li><li>Tu</li><li>We</li><li>Th</li><li>Fr</li><li>Sa</li></ul>
<ul><li></li><li class="low"><a href="/files/date/2013-04-01/">1</a><div class="stats"><div class="point"></div><div class="date">Apr 1st</div><div class="count">10 Files</div></div></li><li class="med"><a href="/files/date/2013-04-02/">2</a><div class="stats"><div class="point"></div><div class="date">Apr 2nd</div><div class="count">15 Files</div></div></li><li class="med"><a href="/files/date/2013-04-03/">3</a><div class="stats"><div class="point"></div><div class="date">Apr 3rd</div><div class="count">16 Files</div></div></li><li class="med"><a href="/files/date/2013-04-04/">4</a><div class="stats"><div class="point"></div><div class="date">Apr 4th</div><div class="count">15 Files</div></div></li><li class="med"><a href="/files/date/2013-04-05/">5</a><div class="stats"><div class="point"></div><div class="date">Apr 5th</div><div class="count">30 Files</div></div></li><li class="low"><a href="/files/date/2013-04-06/">6</a><div class="stats"><div class="point"></div><div class="date">Apr 6th</div><div class="count">4 Files</div></div></li></ul>
<ul><li class="low"><a href="/files/date/2013-04-07/">7</a><div class="stats"><div class="point"></div><div class="date">Apr 7th</div><div class="count">12 Files</div></div></li><li class="med"><a href="/files/date/2013-04-08/">8</a><div class="stats"><div class="point"></div><div class="date">Apr 8th</div><div class="count">23 Files</div></div></li><li class="med"><a href="/files/date/2013-04-09/">9</a><div class="stats"><div class="point"></div><div class="date">Apr 9th</div><div class="count">26 Files</div></div></li><li class="med"><a href="/files/date/2013-04-10/">10</a><div class="stats"><div class="point"></div><div class="date">Apr 10th</div><div class="count">30 Files</div></div></li><li class="high"><a href="/files/date/2013-04-11/">11</a><div class="stats"><div class="point"></div><div class="date">Apr 11th</div><div class="count">63 Files</div></div></li><li class="low"><a href="/files/date/2013-04-12/">12</a><div class="stats"><div class="point"></div><div class="date">Apr 12th</div><div class="count">12 Files</div></div></li><li class="low"><a href="/files/date/2013-04-13/">13</a><div class="stats"><div class="point"></div><div class="date">Apr 13th</div><div class="count">3 Files</div></div></li></ul>
<ul><li class="low"><a href="/files/date/2013-04-14/">14</a><div class="stats"><div class="point"></div><div class="date">Apr 14th</div><div class="count">2 Files</div></div></li><li class="low"><a href="/files/date/2013-04-15/">15</a><div class="stats"><div class="point"></div><div class="date">Apr 15th</div><div class="count">11 Files</div></div></li><li class="med"><a href="/files/date/2013-04-16/">16</a><div class="stats"><div class="point"></div><div class="date">Apr 16th</div><div class="count">16 Files</div></div></li><li class="med"><a href="/files/date/2013-04-17/">17</a><div class="stats"><div class="point"></div><div class="date">Apr 17th</div><div class="count">15 Files</div></div></li><li class="med"><a href="/files/date/2013-04-18/">18</a><div class="stats"><div class="point"></div><div class="date">Apr 18th</div><div class="count">15 Files</div></div></li><li class="med"><a href="/files/date/2013-04-19/">19</a><div class="stats"><div class="point"></div><div class="date">Apr 19th</div><div class="count">19 Files</div></div></li><li class="low"><a href="/files/date/2013-04-20/">20</a><div class="stats"><div class="point"></div><div class="date">Apr 20th</div><div class="count">3 Files</div></div></li></ul>
<ul><li class="low"><a href="/files/date/2013-04-21/">21</a><div class="stats"><div class="point"></div><div class="date">Apr 21st</div><div class="count">3 Files</div></div></li><li class="low"><a href="/files/date/2013-04-22/">22</a><div class="stats"><div class="point"></div><div class="date">Apr 22nd</div><div class="count">12 Files</div></div></li><li class="low"><a href="/files/date/2013-04-23/">23</a><div class="stats"><div class="point"></div><div class="date">Apr 23rd</div><div class="count">13 Files</div></div></li><li class="low"><a href="/files/date/2013-04-24/">24</a><div class="stats"><div class="point"></div><div class="date">Apr 24th</div><div class="count">11 Files</div></div></li><li class="none today"><a href="/files/date/2013-04-25/">25</a><div class="stats"><div class="point"></div><div class="date">Apr 25th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2013-04-26/">26</a><div class="stats"><div class="point"></div><div class="date">Apr 26th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2013-04-27/">27</a><div class="stats"><div class="point"></div><div class="date">Apr 27th</div><div class="count">0 Files</div></div></li></ul>
<ul><li class="none"><a href="/files/date/2013-04-28/">28</a><div class="stats"><div class="point"></div><div class="date">Apr 28th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2013-04-29/">29</a><div class="stats"><div class="point"></div><div class="date">Apr 29th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2013-04-30/">30</a><div class="stats"><div class="point"></div><div class="date">Apr 30th</div><div class="count">0 Files</div></div></li><li></li><li></li><li></li><li></li></ul>
</form></div>
<div id="mn-top-author" class="top-ten">
<h2>Top Authors In Last 30 Days</h2>
<ul>
<li><a href="/files/authors/3786">Mandriva</a> <span>126 files</span></li>
<li><a href="/files/authors/4676">Red Hat</a> <span>44 files</span></li>
<li><a href="/files/authors/3695">Ubuntu</a> <span>28 files</span></li>
<li><a href="/files/authors/2985">Cisco Systems</a> <span>17 files</span></li>
<li><a href="/files/authors/2821">Debian</a> <span>11 files</span></li>
<li><a href="/files/authors/4612">HP</a> <span>11 files</span></li>
<li><a href="/files/authors/8993">juan vazquez</a> <span>9 files</span></li>
<li><a href="/files/authors/8123">Michael Messner</a> <span>7 files</span></li>
<li><a href="/files/authors/8035">High-Tech Bridge SA</a> <span>7 files</span></li>
<li><a href="/files/authors/8982">Slackware Security Team</a> <span>7 files</span></li>
</ul>
</div>
<div id="mn-tag-file"><h2>File Tags</h2><ul><li><a href="/files/tags/activex/">ActiveX</a> <span>(873)</span></li><li><a href="/files/tags/advisory/">Advisory</a> <span>(55,748)</span></li><li><a href="/files/tags/arbitrary/">Arbitrary</a> <span>(8,747)</span></li><li><a href="/files/tags/bbs/">BBS</a> <span>(2,859)</span></li><li><a href="/files/tags/bypass/">Bypass</a> <span>(575)</span></li><li><a href="/files/tags/cgi/">CGI</a> <span>(847)</span></li><li><a href="/files/tags/code_execution/">Code Execution</a> <span>(3,370)</span></li><li><a href="/files/tags/cracker/">Cracker</a> <span>(685)</span></li><li><a href="/files/tags/csrf/">CSRF</a> <span>(1,857)</span></li><li><a href="/files/tags/denial_of_service/">DoS</a> <span>(14,917)</span></li><li><a href="/files/tags/encryption/">Encryption</a> <span>(2,115)</span></li><li><a href="/files/tags/exploit/">Exploit</a> <span>(29,367)</span></li><li><a href="/files/tags/file_inclusion/">File Inclusion</a> <span>(3,386)</span></li><li><a href="/files/tags/firewall/">Firewall</a> <span>(748)</span></li><li><a href="/files/tags/info_disclosure/">Info Disclosure</a> <span>(1,212)</span></li><li><a href="/files/tags/intrusion_detection/">Intrusion Detection</a> <span>(663)</span></li><li><a href="/files/tags/java/">Java</a> <span>(1,320)</span></li><li><a href="/files/tags/javascript/">JavaScript</a> <span>(503)</span></li><li><a href="/files/tags/kernel/">Kernel</a> <span>(2,825)</span></li><li><a href="/files/tags/local/">Local</a> <span>(10,570)</span></li><li><a href="/files/tags/magazine/">Magazine</a> <span>(503)</span></li><li><a href="/files/tags/overflow/">Overflow</a> <span>(8,311)</span></li><li><a href="/files/tags/perl/">Perl</a> <span>(1,213)</span></li><li><a href="/files/tags/php/">PHP</a> <span>(3,984)</span></li><li><a href="/files/tags/proof_of_concept/">Proof of Concept</a> <span>(1,589)</span></li><li><a href="/files/tags/protocol/">Protocol</a> <span>(1,839)</span></li><li><a href="/files/tags/python/">Python</a> <span>(705)</span></li><li><a href="/files/tags/remote/">Remote</a> <span>(19,367)</span></li><li><a href="/files/tags/root/">Root</a> <span>(2,443)</span></li><li><a href="/files/tags/scanner/">Scanner</a> <span>(1,317)</span></li><li><a href="/files/tags/tool/">Security Tool</a> <span>(5,638)</span></li><li><a href="/files/tags/shell/">Shell</a> <span>(1,943)</span></li><li><a href="/files/tags/shellcode/">Shellcode</a> <span>(772)</span></li><li><a href="/files/tags/sniffer/">Sniffer</a> <span>(781)</span></li><li><a href="/files/tags/spoof/">Spoof</a> <span>(1,653)</span></li><li><a href="/files/tags/sql_injection/">SQL Injection</a> <span>(12,575)</span></li><li><a href="/files/tags/tcp/">TCP</a> <span>(1,961)</span></li><li><a href="/files/tags/trojan/">Trojan</a> <span>(541)</span></li><li><a href="/files/tags/udp/">UDP</a> <span>(713)</span></li><li><a href="/files/tags/virus/">Virus</a> <span>(573)</span></li><li><a href="/files/tags/vulnerability/">Vulnerability</a> <span>(22,058)</span></li><li><a href="/files/tags/web/">Web</a> <span>(5,497)</span></li><li><a href="/files/tags/paper/">Whitepaper</a> <span>(2,850)</span></li><li><a href="/files/tags/x86/">x86</a> <span>(585)</span></li><li><a href="/files/tags/xss/">XSS</a> <span>(12,267)</span></li><li><a href="/files/tags/">Other</a></li></ul></div><div id="mn-arch-file"><h2>File Archives</h2><ul><li><a href="/files/date/2013-04/">April 2013</a></li><li><a href="/files/date/2013-03/">March 2013</a></li><li><a href="/files/date/2013-02/">February 2013</a></li><li><a href="/files/date/2013-01/">January 2013</a></li><li><a href="/files/date/2012-12/">December 2012</a></li><li><a href="/files/date/2012-11/">November 2012</a></li><li><a href="/files/date/2012-10/">October 2012</a></li><li><a href="/files/date/2012-09/">September 2012</a></li><li><a href="/files/date/2012-08/">August 2012</a></li><li><a href="/files/date/2012-07/">July 2012</a></li><li><a href="/files/date/2012-06/">June 2012</a></li><li><a href="/files/date/2012-05/">May 2012</a></li><li><a href="/files/date/">Older</a></li></ul></div><div id="mn-os-file"><h2>Systems</h2><ul><li><a href="/files/os/aix/">AIX</a> <span>(371)</span></li><li><a href="/files/os/apple/">Apple</a> <span>(1,067)</span></li><li><a href="/files/os/bsd/">BSD</a> <span>(305)</span></li><li><a href="/files/os/cisco/">Cisco</a> <span>(1,393)</span></li><li><a href="/files/os/debian/">Debian</a> <span>(4,133)</span></li><li><a href="/files/os/fedora/">Fedora</a> <span>(1,663)</span></li><li><a href="/files/os/freebsd/">FreeBSD</a> <span>(1,053)</span></li><li><a href="/files/os/gentoo/">Gentoo</a> <span>(2,646)</span></li><li><a href="/files/os/hpux/">HPUX</a> <span>(735)</span></li><li><a href="/files/os/iphone/">iPhone</a> <span>(99)</span></li><li><a href="/files/os/irix/">IRIX</a> <span>(218)</span></li><li><a href="/files/os/juniper/">Juniper</a> <span>(63)</span></li><li><a href="/files/os/linux/">Linux</a> <span>(23,246)</span></li><li><a href="/files/os/osx/">Mac OS X</a> <span>(453)</span></li><li><a href="/files/os/mandriva/">Mandriva</a> <span>(2,472)</span></li><li><a href="/files/os/netbsd/">NetBSD</a> <span>(244)</span></li><li><a href="/files/os/openbsd/">OpenBSD</a> <span>(422)</span></li><li><a href="/files/os/redhat/">RedHat</a> <span>(3,170)</span></li><li><a href="/files/os/slackware/">Slackware</a> <span>(447)</span></li><li><a href="/files/os/solaris/">Solaris</a> <span>(1,524)</span></li><li><a href="/files/os/suse/">SUSE</a> <span>(1,440)</span></li><li><a href="/files/os/ubuntu/">Ubuntu</a> <span>(3,312)</span></li><li><a href="/files/os/unix/">UNIX</a> <span>(7,126)</span></li><li><a href="/files/os/unixware/">UnixWare</a> <span>(152)</span></li><li><a href="/files/os/windows/">Windows</a> <span>(4,233)</span></li><li><a href="/files/os/">Other</a></li></ul></div>
      </div>

  </div>

</div>

<div id="f">
  <div id="fc">

    <div class="f-box" style="margin: 50px 0 0 0;">
        <a href="/"><img src="http://packetstatic.com/img1353978071/ps_logo.png" width="218" alt="packet storm" /></a>
    <p class="copy">© 2013 Packet Storm. All rights reserved.</p>
    </div>

    <div class="f-box">
    <dl>
      <dt>Site Links</dt>
      <dd><a href="/news/date/">News by Month</a></dd>
      <dd><a href="/news/tags/">News Tags</a></dd>
      <dd><a href="/files/date/">Files by Month</a></dd>
      <dd><a href="/files/tags/">File Tags</a></dd>
      <dd><a href="/files/directory/">File Directory</a></dd>
    </dl>    
    </div>

    <div class="f-box">
    <dl>
      <dt>About Us</dt>
      <dd><a href="/about/">History & Purpose</a></dd>
      <dd><a href="/contact/">Contact Information</a></dd>
      <dd><a href="/legal/tos.html">Terms of Service</a></dd>
      <dd><a href="/legal/privacy.html">Privacy Statement</a></dd>
      <dd><a href="/legal/copyright.html">Copyright Information</a></dd>
    </dl>
    </div>

    <div class="f-box">
	<dl>
      <dt>Services</dt>
      <dd><a href="/services/">Security Services</a></dd>
      <dt style="margin-top:1.5em;">Hosting By</dt>
      <dd><a href="http://www.rokabear.com/">Rokabear</a></dd>
      <dd><a href="/mirrors/">Global Mirror List</a></dd>
    </dl>   
    </div>
    <div class="f-box">
    <ul class="f-follow">
     <li><a href="https://twitter.com/packet_storm"><img width="24" height="24" alt="Follow on Twitter" src="http://packetstatic.com/img1353978071/s_twitter.png" /> Follow us on Twitter</a></li>
     <li><a href="https://www.facebook.com/packetstormfeed"><img width="24" height="24" alt="Follow on Facebook" src="http://packetstatic.com/img1353978071/s_facebook.png" /> Follow us on Facebook</a></li>
     <li><a href="/feeds"><img width="24" height="24" alt="View RSS Feeds" src="http://packetstatic.com/img1353978071/s_rss.png" /> Subscribe to an RSS Feed</a></li>
    </ul>
    </div>

  </div>
</div>

<div id="o-box"><img src="http://packetstatic.com/img1353978071/o_close.png" alt="close" height="30" width="30" id="o-close" /><div id="o-main"></div></div>


<script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-18885198-1']); _gaq.push(['_setDomainName', '.packetstormsecurity.com']); _gaq.push(['_trackPageview']); (function() {var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);})(); </script><noscript><img src="http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1995319646&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=FreeBSD%20Security%20Advisory%202004.11%u2248%20Packet%20Storm&utmhn=packetstormsecurity.com&utmr=-&utmp=%2Ffiles%2F33429%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1995319646.1366882211.1366882211.1366882211.1%3B%2B__utmz%3D32867617.1366882211.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)" width="2" height="2" alt="" /></noscript>
<!-- Thu, 25 Apr 2013 09:30:09 GMT -->
</body>
</html>
    

- 漏洞信息

6425
FreeBSD msync MS_INVALIDATE File Write Restriction
Local Access Required Denial of Service, Other
Loss of Integrity, Loss of Availability
Exploit Unknown

- 漏洞描述

FreeBSD 5.2 and prior contains a flaw that may allow a malicious user to prevent file writes to disk. The issue is triggered when a user with read access to a file takes advantage of the errrors in the msync(2) system call involving the MS_INVALIDATE operation. It is possible that the flaw may allow changes from being committed to disk resulting in a loss of integrity, and availability.

- 时间线

2004-05-26 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2004-05-25 22:46:38 UTC (RELENG_4, 4.10-STABLE) 2004-05-25 23:07:55 UTC (RELENG_5_2, 5.2.1-RELEASE-p8) 2004-05-22 23:09:19 UTC (RELENG_4_10, 4.10-RELEASE) 2004-05-25 23:01:21 UTC (RELENG_4_9, 4.9-RELEASE-p9) 2004-05-25 23:01:19 UTC (RELENG_4_8, 4.8-RELEASE-p22) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. or higher, as it has been reported to fix this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

FreeBSD Msync(2) System Call Buffer Cache Implementation Vulnerability
Design Error 10416
No Yes
2004-05-26 12:00:00 2009-07-12 05:16:00
This issue was discovered by Stephan Uphoff <ups@tree.com> and Matt Dillon <dillon@apollo.backplane.com>.

- 受影响的程序版本

FreeBSD FreeBSD 5.2.1 -RELEASE
FreeBSD FreeBSD 5.2 -RELENG
FreeBSD FreeBSD 5.2 -RELEASE
FreeBSD FreeBSD 5.2
FreeBSD FreeBSD 4.10 -RELENG
FreeBSD FreeBSD 4.10 -RELEASE
FreeBSD FreeBSD 4.10
FreeBSD FreeBSD 4.9 -RELENG
FreeBSD FreeBSD 4.9 -PRERELEASE
FreeBSD FreeBSD 4.9
FreeBSD FreeBSD 4.8 -RELENG
FreeBSD FreeBSD 4.8 -RELEASE-p7
FreeBSD FreeBSD 4.8 -PRERELEASE
FreeBSD FreeBSD 4.8
FreeBSD FreeBSD 4.0 -RELENG

- 漏洞讨论

FreeBSD msync(2) system call is prone to a vulnerability that can allow a local attacker to prevent modifications made to a file from being written to disk.

Under certain circumstances, a local user with read access to a file can prevent modifications made to a file from being written to disk. It is conjectured that an attacker can potentially cause a denial of service, if the attacker can influence a sensitive configuration file. Other attacks are possible as well. The attack would depend on the privileges held by the attacker.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

FreeBSD has released an advisory (FreeBSD-SA-04:11.msync) to address this issue. Please see the referenced advisory for more information.

Updated versions of the operating systems are available from the vendor.


FreeBSD FreeBSD 4.10 -RELENG

FreeBSD FreeBSD 4.10

FreeBSD FreeBSD 4.10 -RELEASE

FreeBSD FreeBSD 4.8 -RELENG

FreeBSD FreeBSD 4.8 -PRERELEASE

FreeBSD FreeBSD 4.8 -RELEASE-p7

FreeBSD FreeBSD 4.8

FreeBSD FreeBSD 4.9 -RELENG

FreeBSD FreeBSD 4.9

FreeBSD FreeBSD 4.9 -PRERELEASE

FreeBSD FreeBSD 5.2 -RELENG

FreeBSD FreeBSD 5.2 -RELEASE

FreeBSD FreeBSD 5.2

FreeBSD FreeBSD 5.2.1 -RELEASE

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站