发布时间 :2004-12-06 00:00:00
修订时间 :2016-10-17 22:46:54

[原文]Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a negative add_dsa_buf_bytes variable, which leads to a buffer overflow.

[CNNVD]Linux Kernel Broadcom 5820 Cryptonet驱动整数溢出漏洞(CNNVD-200412-029)

        Linux Kernel Broadcom 5820 Cryptonet驱动存在一个整数溢出问题,本地攻击者可以利用这个漏洞对系统进行拒绝服务攻击或提升权限。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:redhat:linux:8.0Red Hat Linux 8.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9773Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (cr...

- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20040623 Linux Broadcom 5820 Cryptonet Driver Integer Overflow
(VENDOR_ADVISORY)  XF  bcm5820-adddsabufbytes-integer-bo(16459)

- 漏洞信息

Linux Kernel Broadcom 5820 Cryptonet驱动整数溢出漏洞
高危 边界条件错误
2004-12-06 00:00:00 2005-10-20 00:00:00
        Linux Kernel Broadcom 5820 Cryptonet驱动存在一个整数溢出问题,本地攻击者可以利用这个漏洞对系统进行拒绝服务攻击或提升权限。

- 公告与补丁

        RedHat Fedora Core1:
        RedHat Upgrade kernel-2.4.22-1.2197.nptl.x86_64.rpm

        RedHat Fedora Core 1
        RedHat Upgrade kernel-smp-2.4.22-1.2197.nptl.x86_64.rpm

        RedHat Fedora Core 1
        RedHat Upgrade kernel-debuginfo-2.4.22-1.2197.nptl.x86_64.rpm

        RedHat Fedora Core 1
        RedHat Upgrade kernel-BOOT-2.4.22-1.2197.nptl.i386.rpm

        RedHat Fedora Core 1
        RedHat Upgrade kernel-debuginfo-2.4.22-1.2197.nptl.i386.rpm

        RedHat Fedora Core 1
        RedHat Upgrade kernel-2.4.22-1.2197.nptl.i586.rpm

        RedHat Fedora Core 1
        RedHat Upgrade kernel-smp-2.4.22-1.2197.nptl.i586.rpm

        RedHat Fedora Core 1
        RedHat Upgrade kernel-debuginfo-2.4.22-1.2197.nptl.i586.rpm

        RedHat Fedora Core 1
        RedHat Upgrade kernel-2.4.22-1.2197.nptl.i686.rpm

        RedHat Fedora Core 1
        RedHat Upgrade kernel-smp-2.4.22-1.2197.nptl.i686.rpm

        RedHat Fedora Core 1
        RedHat Upgrade kernel-2.4.22-1.2197.nptl.athlon.rpm

        RedHat Fedora Core 1
        RedHat Upgrade kernel-smp-2.4.22-1.2197.nptl.athlon.rpm

        RedHat Fedora Core 1
        RedHat Upgrade kernel-debuginfo-2.4.22-1.2197.nptl.athlon.rpm

        RedHat Fedora Core 1

- 漏洞信息

Red Hat Linux Broadcom 5820 Cryptonet Driver Overflow
Local Access Required Input Manipulation
Loss of Integrity, Loss of Availability

- 漏洞描述

A local overflow exists in the Broadcom 5820 Cryptonet driver. The driver uses an arbitrary value for the size of a buffer resulting in an integer overflow. With a specially crafted request, an attacker can cause system instability or, in some circumstances, arbitrary code execution resulting in a loss of availability or integrity. The Broadcom 5820 Cryptonet driver is not included in the official Linux kernel source tree.

- 时间线

2004-06-24 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

Linux Kernel Broadcom 5820 Cryptonet Driver Integer Overflow Vulnerability
Boundary Condition Error 10599
No Yes
2004-06-23 12:00:00 2009-07-12 05:16:00
Credit for discovery of this vulerability goes to

- 受影响的程序版本

RedHat Linux 8.0 i686
RedHat Linux 8.0 i386
RedHat Linux 8.0
RedHat kernel-source-2.4.20-8.i386.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-smp-2.4.20-8.i686.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-smp-2.4.20-8.i586.rpm
RedHat kernel-smp-2.4.20-8.athlon.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.20-8.i686.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.20-8.i586.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.20-8.i386.rpm
RedHat kernel-2.4.20-8.athlon.rpm
+ RedHat Linux 9.0 i386
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 3.0
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1

- 漏洞讨论

It is reported that the bcm5820 Linux kernel driver contains an integer overflow vulnerability.

The driver contains a function ubsec_ioctl() which is used to setup operating parameters for the driver. This function takes user-supplied data and copies it into kernel-space. When copying this data, a user-supplied length value is used in a calculation. This calculation could cause an integer overflow when allocating buffer space.

This vulnerability could lead to a system crash, or possible code execution in the context of the kernel.

This driver is not present in the vanilla Linux kernel, nor is it standard in most distributions of Linux. Redhat 8, with Linux kernel 2.4.20 is confirmed to include the vulnerable driver, but others are also potentially vulnerable.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

- 解决方案

Redhat has released advisory FEDORA-2004-206 for Fedora Core 1 addressing this issue. Please see the referenced advisory for further information.

RedHat Linux has released advisory RHSA-2004:549-10 to address this, and other issues in RedHat Enterprise Linux operating systems. Please see the referenced advisories for further information.

Red Hat released advisory RHSA-2005:283-15 as well as fixes to address this and other issues on Red Hat Linux Enterprise 2.1 platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisories for additional information.

Red Hat Fedora Core1

- 相关参考