CVE-2004-0619
CVSS7.2
发布时间 :2004-12-06 00:00:00
修订时间 :2016-10-17 22:46:54
NMCOS    

[原文]Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a negative add_dsa_buf_bytes variable, which leads to a buffer overflow.


[CNNVD]Linux Kernel Broadcom 5820 Cryptonet驱动整数溢出漏洞(CNNVD-200412-029)

        
        Linux是一款开放源代码操作系统。
        Linux Kernel Broadcom 5820 Cryptonet驱动存在一个整数溢出问题,本地攻击者可以利用这个漏洞对系统进行拒绝服务攻击或提升权限。
        此驱动程序包含ubsec_ioctl()函数用于设置驱动的操作参数,函数接收用户提供数据并拷贝到内核空间。当拷贝数据时,用户提供的长度值用于一个计算操作,但由于对数据缺少充分检查,当分配缓冲区空间时此计算可导致整数溢出。
        利用这个漏洞可导致系统崩溃或可能以内核上下文执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:redhat:kernel:2.4.20-8::i586
cpe:/o:redhat:linux:8.0Red Hat Linux 8.0
cpe:/o:redhat:linux:8.0::i686
cpe:/a:redhat:kernel:2.4.20-8::athlon_smp
cpe:/a:redhat:kernel:2.4.20-8::i586_smp
cpe:/a:redhat:kernel:2.4.20-8::i686
cpe:/o:redhat:fedora_core:core_1.0
cpe:/a:redhat:kernel:2.4.20-8::athlon
cpe:/a:redhat:kernel:2.4.20-8::i386
cpe:/a:redhat:kernel:2.4.20-8::i686_smp
cpe:/a:redhat:kernel:2.4.20-8::i386_src
cpe:/o:redhat:linux:8.0::i386

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9773Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (cr...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0619
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0619
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-029
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=108802653409053&w=2
(UNKNOWN)  BUGTRAQ  20040623 Linux Broadcom 5820 Cryptonet Driver Integer Overflow
http://www.ciac.org/ciac/bulletins/p-047.shtml
(UNKNOWN)  CIAC  P-047
http://www.redhat.com/support/errata/RHSA-2004-549.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2004:549
http://www.redhat.com/support/errata/RHSA-2005-283.html
(UNKNOWN)  REDHAT  RHSA-2005:283
http://www.securityfocus.com/bid/10599
(VENDOR_ADVISORY)  BID  10599
http://xforce.iss.net/xforce/xfdb/16459
(VENDOR_ADVISORY)  XF  bcm5820-adddsabufbytes-integer-bo(16459)

- 漏洞信息

Linux Kernel Broadcom 5820 Cryptonet驱动整数溢出漏洞
高危 边界条件错误
2004-12-06 00:00:00 2005-10-20 00:00:00
本地  
        
        Linux是一款开放源代码操作系统。
        Linux Kernel Broadcom 5820 Cryptonet驱动存在一个整数溢出问题,本地攻击者可以利用这个漏洞对系统进行拒绝服务攻击或提升权限。
        此驱动程序包含ubsec_ioctl()函数用于设置驱动的操作参数,函数接收用户提供数据并拷贝到内核空间。当拷贝数据时,用户提供的长度值用于一个计算操作,但由于对数据缺少充分检查,当分配缓冲区空间时此计算可导致整数溢出。
        利用这个漏洞可导致系统崩溃或可能以内核上下文执行任意指令。
        

- 公告与补丁

        厂商补丁:
        RedHat
        ------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        RedHat Fedora Core1:
        RedHat Upgrade kernel-2.4.22-1.2197.nptl.x86_64.rpm
        
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

        RedHat Fedora Core 1
        RedHat Upgrade kernel-smp-2.4.22-1.2197.nptl.x86_64.rpm
        
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

        RedHat Fedora Core 1
        RedHat Upgrade kernel-debuginfo-2.4.22-1.2197.nptl.x86_64.rpm
        
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

        RedHat Fedora Core 1
        RedHat Upgrade kernel-BOOT-2.4.22-1.2197.nptl.i386.rpm
        
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

        RedHat Fedora Core 1
        RedHat Upgrade kernel-debuginfo-2.4.22-1.2197.nptl.i386.rpm
        
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

        RedHat Fedora Core 1
        RedHat Upgrade kernel-2.4.22-1.2197.nptl.i586.rpm
        
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

        RedHat Fedora Core 1
        RedHat Upgrade kernel-smp-2.4.22-1.2197.nptl.i586.rpm
        
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

        RedHat Fedora Core 1
        RedHat Upgrade kernel-debuginfo-2.4.22-1.2197.nptl.i586.rpm
        
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

        RedHat Fedora Core 1
        RedHat Upgrade kernel-2.4.22-1.2197.nptl.i686.rpm
        
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

        RedHat Fedora Core 1
        RedHat Upgrade kernel-smp-2.4.22-1.2197.nptl.i686.rpm
        
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

        RedHat Fedora Core 1
        RedHat Upgrade kernel-2.4.22-1.2197.nptl.athlon.rpm
        
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

        RedHat Fedora Core 1
        RedHat Upgrade kernel-smp-2.4.22-1.2197.nptl.athlon.rpm
        
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

        RedHat Fedora Core 1
        RedHat Upgrade kernel-debuginfo-2.4.22-1.2197.nptl.athlon.rpm
        
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

        RedHat Fedora Core 1

- 漏洞信息

7249
Red Hat Linux Broadcom 5820 Cryptonet Driver Overflow
Local Access Required Input Manipulation
Loss of Integrity, Loss of Availability

- 漏洞描述

A local overflow exists in the Broadcom 5820 Cryptonet driver. The driver uses an arbitrary value for the size of a buffer resulting in an integer overflow. With a specially crafted request, an attacker can cause system instability or, in some circumstances, arbitrary code execution resulting in a loss of availability or integrity. The Broadcom 5820 Cryptonet driver is not included in the official Linux kernel source tree.

- 时间线

2004-06-24 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

Linux Kernel Broadcom 5820 Cryptonet Driver Integer Overflow Vulnerability
Boundary Condition Error 10599
No Yes
2004-06-23 12:00:00 2009-07-12 05:16:00
Credit for discovery of this vulerability goes to infamous41md@hotpop.com

- 受影响的程序版本

RedHat Linux 8.0 i686
RedHat Linux 8.0 i386
RedHat Linux 8.0
RedHat kernel-source-2.4.20-8.i386.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-smp-2.4.20-8.i686.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-smp-2.4.20-8.i586.rpm
RedHat kernel-smp-2.4.20-8.athlon.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.20-8.i686.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.20-8.i586.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.20-8.i386.rpm
RedHat kernel-2.4.20-8.athlon.rpm
+ RedHat Linux 9.0 i386
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 3.0
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1

- 漏洞讨论

It is reported that the bcm5820 Linux kernel driver contains an integer overflow vulnerability.

The driver contains a function ubsec_ioctl() which is used to setup operating parameters for the driver. This function takes user-supplied data and copies it into kernel-space. When copying this data, a user-supplied length value is used in a calculation. This calculation could cause an integer overflow when allocating buffer space.

This vulnerability could lead to a system crash, or possible code execution in the context of the kernel.

This driver is not present in the vanilla Linux kernel, nor is it standard in most distributions of Linux. Redhat 8, with Linux kernel 2.4.20 is confirmed to include the vulnerable driver, but others are also potentially vulnerable.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Redhat has released advisory FEDORA-2004-206 for Fedora Core 1 addressing this issue. Please see the referenced advisory for further information.

RedHat Linux has released advisory RHSA-2004:549-10 to address this, and other issues in RedHat Enterprise Linux operating systems. Please see the referenced advisories for further information.

Red Hat released advisory RHSA-2005:283-15 as well as fixes to address this and other issues on Red Hat Linux Enterprise 2.1 platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisories for additional information.


Red Hat Fedora Core1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站