CVE-2004-0618
CVSS2.1
发布时间 :2004-12-06 00:00:00
修订时间 :2016-10-17 22:46:53
NMCOES    

[原文]FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument.


[CNNVD]FreeBSD execve()未对齐内存访问本地拒绝服务漏洞(CNNVD-200412-020)

        
        FreeBSD是一款免费开放源代码的UNIX操作系统。
        运行在Alpha架构上的FreeBSD在处理execve()系统调用时存在问题,本地攻击者可以利用这个漏洞对系统进行拒绝服务攻击。
        攻击者可以传递未对齐内存地址作为第二或第三个参数给execve()系统调用,可使FreeBSD/Alpha架构平台崩溃。X86系统不存在此问题。
        

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:freebsd:freebsd:5.1:release_p5
cpe:/o:freebsd:freebsd:4.10:release
cpe:/o:freebsd:freebsd:5.1:releng
cpe:/o:freebsd:freebsd:5.1FreeBSD 5.1
cpe:/o:freebsd:freebsd:5.2.1:release
cpe:/o:freebsd:freebsd:5.1:release
cpe:/o:freebsd:freebsd:5.1:alpha

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0618
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0618
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-020
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=108816603102865&w=2
(UNKNOWN)  BUGTRAQ  20040623 Security Advisory : FreeBSD local DoS
http://www.securityfocus.com/bid/10596
(VENDOR_ADVISORY)  BID  10596
http://xforce.iss.net/xforce/xfdb/16499
(VENDOR_ADVISORY)  XF  freebsd-execve-dos(16499)

- 漏洞信息

FreeBSD execve()未对齐内存访问本地拒绝服务漏洞
低危 其他
2004-12-06 00:00:00 2005-10-20 00:00:00
本地  
        
        FreeBSD是一款免费开放源代码的UNIX操作系统。
        运行在Alpha架构上的FreeBSD在处理execve()系统调用时存在问题,本地攻击者可以利用这个漏洞对系统进行拒绝服务攻击。
        攻击者可以传递未对齐内存地址作为第二或第三个参数给execve()系统调用,可使FreeBSD/Alpha架构平台崩溃。X86系统不存在此问题。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * ceta Milos <root@marcetam.net>建议在src/sys/kern/kern_exec.c文件中的execve()函数顶行增加如下检查:
        if (!PTR_ALIGNED(uap->argv) || !PTR_ALIGNED(uap->envv))
        return (EFAULT);
        不过此方法没有进行验证。
        厂商补丁:
        FreeBSD
        -------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.freebsd.org/security/index.html

- 漏洞信息 (24233)

FreeBSD 4.10/5.x execve() Unaligned Memory Access Denial Of Service Vulnerability (EDBID:24233)
freebsd dos
2004-06-23 Verified
0 Marceta Milos
N/A [点击下载]
source: http://www.securityfocus.com/bid/10596/info


It is reported that FreeBSD running on the Alpha architecture is susceptible to a denial of service vulnerability in its execve() system call.

An attacker with local interactive user-level access on an affected machine is reportedly able to crash FreeBSD when running on the Alpha architecture, denying service to legitimate users.

FreeBSD 5.1-RELEASE/Alpha is reported vulnerable, other architectures with strict memory alignment requirements are also likely vulnerable. IA32 is reported immune. Versions other than 5.1-RELEASE are likely affected as well. 

/*
 * FreeBSD/Alpha local DoS
 *    by Marceta Milos
 *    root@marcetam.net
 *
 */

char main() { execve("/bin/ls",(int *)(main + 1), 0); }
		

- 漏洞信息

16007
FreeBSD for Alpha Malformed execve System Call Local DoS
Local Access Required Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

FreeBSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user specially crafts an execve() system call with an unaligned memory address as the second or third argument, causing the kernel to crash resulting in loss of availability for the platform.

- 时间线

2004-06-23 Unknow
2004-06-23 Unknow

- 解决方案

Currently, there are no known upgrades or patches to correct this issue. It is reported by the creditee that the flaw could be corrected by implementing one of the following workarounds, which will check to ensure ptrs are aligned: 1. Use an ALIGNED_POINTER macro which exists in src/sys/alpha/include/param.h. 2. Use #define PTR_ALIGNED(x) (((x) & 0x7) == 0) 3. Add the following at the top of execve() in src/sys/kern/kern_exec.c: if (!PTR_ALIGNED(uap->argv) || !PTR_ALIGNED(uap->envv)) return (EFAULT);

- 相关参考

- 漏洞作者

- 漏洞信息

FreeBSD execve() Unaligned Memory Access Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 10596
No Yes
2004-06-23 12:00:00 2009-07-12 05:16:00
Credit for the discovery of this vulnerability goes to Marceta Milos <root@marcetam.net>.

- 受影响的程序版本

FreeBSD FreeBSD 5.2.1 -RELEASE
FreeBSD FreeBSD 5.1 -RELENG
FreeBSD FreeBSD 5.1 -RELEASE/Alpha
FreeBSD FreeBSD 5.1 -RELEASE-p5
FreeBSD FreeBSD 5.1 -RELEASE
FreeBSD FreeBSD 5.1
FreeBSD FreeBSD 4.10 -RELEASE

- 漏洞讨论

It is reported that FreeBSD running on the Alpha architecture is susceptible to a denial of service vulnerability in its execve() system call.

An attacker with local interactive user-level access on an affected machine is reportedly able to crash FreeBSD when running on the Alpha architecture, denying service to legitimate users.

FreeBSD 5.1-RELEASE/Alpha is reported vulnerable, other architectures with strict memory alignment requirements are also likely vulnerable. IA32 is reported immune. Versions other than 5.1-RELEASE are likely affected as well.

- 漏洞利用

An example proof-of-concept exploit was provided.

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站