CVE-2004-0814
CVSS1.2
发布时间 :2004-12-23 00:00:00
修订时间 :2016-10-17 22:49:13
NMCOPS    

[原文]Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.


[CNNVD]Linux Kernel TIOCSETD终端子系统竞态条件漏洞(CNNVD-200412-092)

        Linux 2.6.9以前的2.4.x,和2.6.x版本的终端层存在多个竞态条件漏洞。(1)本地用户通过调用TIOCSETD ioctl到正在访问另一个线程的终端接口获得核心数据部分,或者(2)远程攻击者通过从控制台切换到PPP线路规则导致服务拒绝,然后迅速发送交换机接收到的数据。
        
        
        

- CVSS (基础分值)

CVSS分值: 1.2 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.6.0:test4Linux Kernel 2.6 test4
cpe:/o:linux:linux_kernel:2.6.0:test5Linux Kernel 2.6 test5
cpe:/o:linux:linux_kernel:2.6.0:test2Linux Kernel 2.6 test2
cpe:/o:linux:linux_kernel:2.6.0:test3Linux Kernel 2.6 test3
cpe:/o:linux:linux_kernel:2.6.0:test8Linux Kernel 2.6 test8
cpe:/o:linux:linux_kernel:2.6.0:test9Linux Kernel 2.6 test9
cpe:/o:linux:linux_kernel:2.6.0:test6Linux Kernel 2.6 test6
cpe:/o:linux:linux_kernel:2.6.0:test7Linux Kernel 2.6 test7
cpe:/o:linux:linux_kernel:2.4.1Linux Kernel 2.4.1
cpe:/o:linux:linux_kernel:2.4.0Linux Kernel 2.4.0
cpe:/o:linux:linux_kernel:2.4.5Linux Kernel 2.4.5
cpe:/o:linux:linux_kernel:2.4.4Linux Kernel 2.4.4
cpe:/o:linux:linux_kernel:2.2.15:pre16Linux Kernel 2.2.15 pre16
cpe:/o:linux:linux_kernel:2.4.18::x86
cpe:/o:linux:linux_kernel:2.4.3Linux Kernel 2.4.3
cpe:/o:linux:linux_kernel:2.4.2Linux Kernel 2.4.2
cpe:/o:linux:linux_kernel:2.6.0:test11Linux Kernel 2.6 test11
cpe:/o:linux:linux_kernel:2.6.0:test1Linux Kernel 2.6 test1
cpe:/o:linux:linux_kernel:2.6.0:test10Linux Kernel 2.6 test10
cpe:/o:linux:linux_kernel:2.6.1:rc2Linux Kernel 2.6.1 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.1:rc1Linux Kernel 2.6.1 Release Candidate 1
cpe:/o:ubuntu:ubuntu_linux:4.1::ia64
cpe:/o:linux:linux_kernel:2.6.6:rc1Linux Kernel 2.6.6 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.7:rc1Linux Kernel 2.6.7 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.8:rc1Linux Kernel 2.6.8 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.8:rc2Linux Kernel 2.6.8 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.8:rc3Linux Kernel 2.6.8 Release Candidate 3
cpe:/o:linux:linux_kernel:2.4.0:test2Linux Kernel 2.4.0 test2
cpe:/o:linux:linux_kernel:2.4.0:test3Linux Kernel 2.4.0 test3
cpe:/o:linux:linux_kernel:2.4.0:test8Linux Kernel 2.4.0 test8
cpe:/o:linux:linux_kernel:2.4.23_ow2
cpe:/o:linux:linux_kernel:2.4.0:test9Linux Kernel 2.4.0 test9
cpe:/o:linux:linux_kernel:2.4.0:test6Linux Kernel 2.4.0 test6
cpe:/o:linux:linux_kernel:2.4.0:test7Linux Kernel 2.4.0 test7
cpe:/o:linux:linux_kernel:2.6.7Linux Kernel 2.6.7
cpe:/o:linux:linux_kernel:2.6.6Linux Kernel 2.6.6
cpe:/o:linux:linux_kernel:2.2.9Linux Kernel 2.2.9
cpe:/o:linux:linux_kernel:2.6.5Linux Kernel 2.6.5
cpe:/o:linux:linux_kernel:2.2.8Linux Kernel 2.2.8
cpe:/o:linux:linux_kernel:2.6.4Linux Kernel 2.6.4
cpe:/o:linux:linux_kernel:2.4.27:pre5Linux Kernel 2.4.27 pre5
cpe:/o:linux:linux_kernel:2.4.27:pre3Linux Kernel 2.4.27 pre3
cpe:/o:linux:linux_kernel:2.2.10Linux Kernel 2.2.10
cpe:/o:linux:linux_kernel:2.4.0:test4Linux Kernel 2.4.0 test4
cpe:/o:linux:linux_kernel:2.4.0:test5Linux Kernel 2.4.0 test5
cpe:/o:linux:linux_kernel:2.2.11Linux Kernel 2.2.11
cpe:/o:linux:linux_kernel:2.2.3Linux Kernel 2.2.3
cpe:/o:linux:linux_kernel:2.2.12Linux Kernel 2.2.12
cpe:/o:linux:linux_kernel:2.2.2Linux Kernel 2.2.2
cpe:/o:linux:linux_kernel:2.2.17Linux Kernel 2.2.17
cpe:/o:linux:linux_kernel:2.2.18Linux Kernel 2.2.18
cpe:/o:linux:linux_kernel:2.2.7Linux Kernel 2.2.7
cpe:/o:linux:linux_kernel:2.6.3Linux Kernel 2.6.3
cpe:/o:linux:linux_kernel:2.6.2Linux Kernel 2.6.2
cpe:/o:linux:linux_kernel:2.2.1Linux Kernel 2.2.1
cpe:/o:linux:linux_kernel:2.2.13Linux Kernel 2.2.13
cpe:/o:linux:linux_kernel:2.2.0Linux Kernel 2.2
cpe:/o:linux:linux_kernel:2.2.14Linux Kernel 2.2.14
cpe:/o:linux:linux_kernel:2.4.27:pre4Linux Kernel 2.4.27 pre4
cpe:/o:linux:linux_kernel:2.4.21:pre4Linux Kernel 2.4.21 pre4
cpe:/o:linux:linux_kernel:2.6.1Linux Kernel 2.6.1
cpe:/o:linux:linux_kernel:2.6.0Linux Kernel 2.6.0
cpe:/o:linux:linux_kernel:2.2.15Linux Kernel 2.2.15
cpe:/o:linux:linux_kernel:2.2.16Linux Kernel 2.2.16
cpe:/o:linux:linux_kernel:2.4.21:pre7Linux Kernel 2.4.21 pre7
cpe:/o:linux:linux_kernel:2.4.23:pre9Linux Kernel 2.4.23 pre9
cpe:/o:linux:linux_kernel:2.2.16:pre6Linux Kernel 2.2.16 pre6
cpe:/o:linux:linux_kernel:2.4.0:test12Linux Kernel 2.4.0 test12
cpe:/o:linux:linux_kernel:2.4.0:test11Linux Kernel 2.4.0 test11
cpe:/o:linux:linux_kernel:2.2.20Linux Kernel 2.2.20
cpe:/o:linux:linux_kernel:2.2.21Linux Kernel 2.2.21
cpe:/o:linux:linux_kernel:2.4.0:test1Linux Kernel 2.4.0 test1
cpe:/o:ubuntu:ubuntu_linux:4.1::ppc
cpe:/o:linux:linux_kernel:2.2.22Linux Kernel 2.2.22
cpe:/o:linux:linux_kernel:2.2.23Linux Kernel 2.2.23
cpe:/o:linux:linux_kernel:2.2.24Linux Kernel 2.2.24
cpe:/o:linux:linux_kernel:2.2.25Linux Kernel 2.2.25
cpe:/o:linux:linux_kernel:2.2.19Linux Kernel 2.2.19
cpe:/o:linux:linux_kernel:2.4.0:test10Linux Kernel 2.4.0 test10
cpe:/o:linux:linux_kernel:2.4.24_ow1
cpe:/o:linux:linux_kernel:2.4.12Linux Kernel 2.4.12
cpe:/o:linux:linux_kernel:2.4.11Linux Kernel 2.4.11
cpe:/o:linux:linux_kernel:2.4.18:pre1Linux Kernel 2.4.18 pre1
cpe:/o:linux:linux_kernel:2.4.18:pre2Linux Kernel 2.4.18 pre2
cpe:/o:linux:linux_kernel:2.4.19:pre1Linux Kernel 2.4.19 pre1
cpe:/o:linux:linux_kernel:2.4.19:pre2Linux Kernel 2.4.19 pre2
cpe:/o:linux:linux_kernel:2.4.19Linux Kernel 2.4.19
cpe:/o:linux:linux_kernel:2.4.14Linux Kernel 2.4.14
cpe:/o:linux:linux_kernel:2.4.13Linux Kernel 2.4.13
cpe:/o:linux:linux_kernel:2.4.16Linux Kernel 2.4.16
cpe:/o:linux:linux_kernel:2.4.15Linux Kernel 2.4.15
cpe:/o:linux:linux_kernel:2.4.10Linux Kernel 2.4.10
cpe:/o:linux:linux_kernel:2.4.18Linux Kernel 2.4.18
cpe:/o:linux:linux_kernel:2.4.17Linux Kernel 2.4.17
cpe:/o:linux:linux_kernel:2.4.18:pre6Linux Kernel 2.4.18 pre6
cpe:/o:linux:linux_kernel:2.4.18:pre3Linux Kernel 2.4.18 pre3
cpe:/o:linux:linux_kernel:2.4.27:pre1Linux Kernel 2.4.27 pre1
cpe:/o:linux:linux_kernel:2.4.18:pre4Linux Kernel 2.4.18 pre4
cpe:/o:linux:linux_kernel:2.4.19:pre5Linux Kernel 2.4.19 pre5
cpe:/o:linux:linux_kernel:2.4.27:pre2Linux Kernel 2.4.27 pre2
cpe:/o:linux:linux_kernel:2.4.19:pre6Linux Kernel 2.4.19 pre6
cpe:/o:linux:linux_kernel:2.4.21:pre1Linux Kernel 2.4.21 pre1
cpe:/o:linux:linux_kernel:2.4.19:pre3Linux Kernel 2.4.19 pre3
cpe:/o:linux:linux_kernel:2.4.18:pre7Linux Kernel 2.4.18 pre7
cpe:/o:linux:linux_kernel:2.4.19:pre4Linux Kernel 2.4.19 pre4
cpe:/o:linux:linux_kernel:2.4.18:pre8Linux Kernel 2.4.18 pre8
cpe:/o:linux:linux_kernel:2.4.23Linux Kernel 2.4.23
cpe:/o:linux:linux_kernel:2.4.22Linux Kernel 2.4.22
cpe:/o:linux:linux_kernel:2.4.18:pre5Linux Kernel 2.4.18 pre5
cpe:/o:linux:linux_kernel:2.4.25Linux Kernel 2.4.25
cpe:/o:linux:linux_kernel:2.4.24Linux Kernel 2.4.24
cpe:/o:linux:linux_kernel:2.4.26Linux Kernel 2.4.26
cpe:/o:linux:linux_kernel:2.4.21Linux Kernel 2.4.21
cpe:/o:linux:linux_kernel:2.4.20Linux Kernel 2.4.20
cpe:/o:linux:linux_kernel:2.6_test9_cvs
cpe:/o:linux:linux_kernel:2.4.9Linux Kernel 2.4.9
cpe:/o:linux:linux_kernel:2.4.8Linux Kernel 2.4.8
cpe:/o:linux:linux_kernel:2.2.15_pre20
cpe:/o:linux:linux_kernel:2.4.7Linux Kernel 2.4.7
cpe:/o:linux:linux_kernel:2.4.6Linux Kernel 2.4.6

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10728Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel da...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0814
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0814
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-092
(官方数据源) CNNVD

- 其它链接及资源

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672
(UNKNOWN)  CONFIRM  http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110
(UNKNOWN)  CONFIRM  http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110
http://marc.info/?l=bugtraq&m=110306397320336&w=2
(UNKNOWN)  BUGTRAQ  20041214 [USN-38-1] Linux kernel vulnerabilities
http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
(UNKNOWN)  MANDRAKE  MDKSA-2005:022
http://www.redhat.com/support/errata/RHSA-2005-293.html
(UNKNOWN)  REDHAT  RHSA-2005:293
http://www.securityfocus.com/archive/1/379005
(UNKNOWN)  BUGTRAQ  20041020 CAN-2004-0814: Linux terminal layer races
http://www.securityfocus.com/bid/11491
(VENDOR_ADVISORY)  BID  11491
http://www.securityfocus.com/bid/11492
(VENDOR_ADVISORY)  BID  11492
http://xforce.iss.net/xforce/xfdb/17816
(VENDOR_ADVISORY)  XF  linux-tiocsetd-race-condition(17816)
https://bugzilla.fedora.us/show_bug.cgi?id=2336
(UNKNOWN)  FEDORA  FLSA:2336

- 漏洞信息

Linux Kernel TIOCSETD终端子系统竞态条件漏洞
低危 竞争条件
2004-12-23 00:00:00 2005-10-20 00:00:00
本地  
        Linux 2.6.9以前的2.4.x,和2.6.x版本的终端层存在多个竞态条件漏洞。(1)本地用户通过调用TIOCSETD ioctl到正在访问另一个线程的终端接口获得核心数据部分,或者(2)远程攻击者通过从控制台切换到PPP线路规则导致服务拒绝,然后迅速发送交换机接收到的数据。
        
        
        

- 公告与补丁

        This issue has been addressed in version 2.6.9 of the Linux Kernel. Patches are also available for 2.4.x releases.
        The Fedora Legacy project has released advisory FLSA:2336 to address this issue for Red Hat Fedora Core 1, Red Hat Linux 7.3 and 9. Please see the referenced advisory for further information.
        Ubuntu Linux has released advisory USN-38-1 along with fixes to address this, and other issues. Please see the referenced advisory for further information.
        MandrakeSoft has issued fixes in advisory MDKSA-2005:022. See reference section.
        TurboLinux has released Turbolinux Security Announcement 28/Feb/2005 dealing with this and other issues. Please see the referenced advisory for more information.
        SuSE Linux has released advisory SUSE-SA:2005:018 along with fixes dealing with this and other issues. Please see the referenced advisory for more information.
        Red Hat released advisory RHSA-2005:293-16 as well as fixes to address this and other issues on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisories for additional information.
        Avaya has released advisory ASA-2005-120 stating which Avaya products are vulnerable to this issue. Please see the referenced advisory for further details. No Avaya fixes are currently available.
        
        
        
        
        
        Linux kernel 2.4.20
        
        Linux kernel 2.4.21
        

- 漏洞信息 (F35339)

Ubuntu Security Notice 38-1 (PacketStormID:F35339)
2004-12-30 00:00:00
Ubuntu  security.ubuntu.com
advisory,kernel,vulnerability
linux,ubuntu
CVE-2004-0814,CVE-2004-1016,CVE-2004-1056,CVE-2004-1058,CVE-2004-1068,CVE-2004-1069,CVE-2004-1137,CVE-2004-1151
[点击下载]

Ubuntu Security Notice USN-38-1 - This advisory covers all the recent vulnerabilities discovered in the Linux 2.6 kernel series.

===========================================================
Ubuntu Security Notice USN-38-1		  December 14, 2004
linux-source-2.6.8.1 vulnerabilities
CAN-2004-0814, CAN-2004-1016, CAN-2004-1056, CAN-2004-1058, 
CAN-2004-1068, CAN-2004-1069, CAN-2004-1137, CAN-2004-1151
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

linux-image-2.6.8.1-4-386
linux-image-2.6.8.1-4-686
linux-image-2.6.8.1-4-686-smp
linux-image-2.6.8.1-4-amd64-generic
linux-image-2.6.8.1-4-amd64-k8
linux-image-2.6.8.1-4-amd64-k8-smp
linux-image-2.6.8.1-4-amd64-xeon
linux-image-2.6.8.1-4-k7
linux-image-2.6.8.1-4-k7-smp
linux-image-2.6.8.1-4-power3
linux-image-2.6.8.1-4-power3-smp
linux-image-2.6.8.1-4-power4
linux-image-2.6.8.1-4-power4-smp
linux-image-2.6.8.1-4-powerpc
linux-image-2.6.8.1-4-powerpc-smp

The problem can be corrected by upgrading the affected package to
version 2.6.8.1-16.3. You need to reboot the computer after doing a
standard system upgrade to effect the necessary changes.

ATTENTION: Due to an unavoidable ABI change this kernel got a new
version number, which requires to recompile and reinstall all third
party kernel modules you might have installed. If you use
linux-restricted-modules, you have to update that package as well to
get modules which work with the new kernel version.

Details follow:

CAN-2004-0814:

  Vitaly V. Bursov discovered a Denial of Service vulnerability in the "serio"
  code; opening the same tty device twice and doing some particular operations on
  it caused a kernel panic and/or a system lockup.  

  Fixing this vulnerability required a change in the Application Binary
  Interface (ABI) of the kernel. This means that third party user installed
  modules might not work any more with the new kernel, so this fixed kernel got
  a new ABI version number. You have to recompile and reinstall all third party
  modules.

CAN-2004-1016:

  Paul Starzetz discovered a buffer overflow vulnerability in the "__scm_send"
  function which handles the sending of UDP network packets. A wrong validity
  check of the cmsghdr structure allowed a local attacker to modify kernel
  memory, thus causing an endless loop (Denial of Service) or possibly even
  root privilege escalation.

CAN-2004-1056:

  Thomas Hellstr    

- 漏洞信息

11044
Linux Kernel Terminal Subsystem TIOCSETLD Call Memory Disclosure

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-10-20 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux Kernel Terminal Locking Race Condition Vulnerability
Race Condition Error 11492
Yes No
2004-10-21 12:00:00 2009-07-12 08:06:00
This issue was announced by Alan Cox.

- 受影响的程序版本

Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
Red Hat Fedora Core1
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
Mandriva Linux Mandrake 9.2 amd64
Mandriva Linux Mandrake 9.2
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
Linux kernel 2.6.8 rc3
Linux kernel 2.6.8 rc2
Linux kernel 2.6.8 rc1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.7 rc1
Linux kernel 2.6.7
Linux kernel 2.6.6 rc1
Linux kernel 2.6.6
Linux kernel 2.6.5
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 2.6.1 -rc2
Linux kernel 2.6.1 -rc1
Linux kernel 2.6.1
Linux kernel 2.6 -test9-CVS
Linux kernel 2.6 -test9
Linux kernel 2.6 -test8
Linux kernel 2.6 -test7
Linux kernel 2.6 -test6
Linux kernel 2.6 -test5
Linux kernel 2.6 -test4
Linux kernel 2.6 -test3
Linux kernel 2.6 -test2
Linux kernel 2.6 -test11
Linux kernel 2.6 -test10
Linux kernel 2.6 -test1
Linux kernel 2.6
Linux kernel 2.4.27 -pre5
Linux kernel 2.4.27 -pre4
Linux kernel 2.4.27 -pre3
Linux kernel 2.4.27 -pre2
Linux kernel 2.4.27 -pre1
Linux kernel 2.4.26
Linux kernel 2.4.25
Linux kernel 2.4.24 -ow1
Linux kernel 2.4.24
Linux kernel 2.4.23 -pre9
Linux kernel 2.4.23 -ow2
Linux kernel 2.4.23
Linux kernel 2.4.22
+ Devil-Linux Devil-Linux 1.0.5
+ Devil-Linux Devil-Linux 1.0.4
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Red Hat Fedora Core1
+ Slackware Linux 9.1
Linux kernel 2.4.21 pre7
Linux kernel 2.4.21 pre4
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
Linux kernel 2.4.21 pre1
Linux kernel 2.4.21
+ Conectiva Linux 9.0
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ SuSE SUSE Linux Enterprise Server 8
Linux kernel 2.4.20
+ CRUX CRUX Linux 1.0
+ Gentoo Linux 1.4
+ Gentoo Linux 1.2
+ RedHat Linux 9.0 i386
+ Slackware Linux 9.0
+ WOLK WOLK 4.4 s
Linux kernel 2.4.19 -pre6
Linux kernel 2.4.19 -pre5
Linux kernel 2.4.19 -pre4
Linux kernel 2.4.19 -pre3
Linux kernel 2.4.19 -pre2
Linux kernel 2.4.19 -pre1
Linux kernel 2.4.19
Linux kernel 2.4.18 pre-8
Linux kernel 2.4.18 pre-7
Linux kernel 2.4.18 pre-6
Linux kernel 2.4.18 pre-5
Linux kernel 2.4.18 pre-4
Linux kernel 2.4.18 pre-3
Linux kernel 2.4.18 pre-2
Linux kernel 2.4.18 pre-1
Linux kernel 2.4.18 x86
Linux kernel 2.4.18
Linux kernel 2.4.17
Linux kernel 2.4.16
Linux kernel 2.4.15
Linux kernel 2.4.14
Linux kernel 2.4.13
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
Linux kernel 2.4.12
+ Conectiva Linux 7.0
Linux kernel 2.4.11
Linux kernel 2.4.10
+ S.u.S.E. Linux 7.3
Linux kernel 2.4.9
Linux kernel 2.4.8
Linux kernel 2.4.7
+ RedHat Linux 7.2
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
Linux kernel 2.4.6
Linux kernel 2.4.5
+ Slackware Linux 8.0
Linux kernel 2.4.4
Linux kernel 2.4.3
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.2
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
Linux kernel 2.4.1
Linux kernel 2.4 .0-test9
Linux kernel 2.4 .0-test8
Linux kernel 2.4 .0-test7
Linux kernel 2.4 .0-test6
Linux kernel 2.4 .0-test5
Linux kernel 2.4 .0-test4
Linux kernel 2.4 .0-test3
Linux kernel 2.4 .0-test2
Linux kernel 2.4 .0-test12
Linux kernel 2.4 .0-test11
Linux kernel 2.4 .0-test10
Linux kernel 2.4 .0-test1
Linux kernel 2.4
Linux kernel 2.2.25
Linux kernel 2.2.24
Linux kernel 2.2.23
Linux kernel 2.2.22
Linux kernel 2.2.21
Linux kernel 2.2.20
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
Linux kernel 2.2.19
Linux kernel 2.2.18
+ Caldera OpenLinux 2.4
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux 4.2
+ Conectiva Linux 4.1
+ Conectiva Linux 4.0 es
+ Conectiva Linux 4.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ Mandriva Linux Mandrake 7.0
+ Mandriva Linux Mandrake 6.1
+ Mandriva Linux Mandrake 6.0
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.1 sparc
+ RedHat Linux 6.1 i386
+ RedHat Linux 6.1 alpha
+ RedHat Linux 6.0 sparc
+ RedHat Linux 6.0 alpha
+ RedHat Linux 6.0
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4
+ S.u.S.E. Linux 6.3 ppc
+ S.u.S.E. Linux 6.3 alpha
+ S.u.S.E. Linux 6.3
+ S.u.S.E. Linux 6.1 alpha
+ S.u.S.E. Linux 6.1
+ S.u.S.E. Linux 6.0
+ SCO eDesktop 2.4
+ SCO eServer 2.3.1
+ Slackware Linux 7.1
+ Slackware Linux 7.0
+ Slackware Linux 4.0
+ Wirex Immunix OS 7.0 -Beta
+ Wirex Immunix OS 7.0
+ Wirex Immunix OS 6.2
Linux kernel 2.2.17
+ Mandriva Linux Mandrake 7.2
+ S.u.S.E. Linux 7.0
+ Trustix Secure Linux 1.2
Linux kernel 2.2.16 pre6
Linux kernel 2.2.16
+ RedHat Linux 7.0
+ Sun Cobalt Qube 3
+ Sun Cobalt RaQ XTR
+ Trustix Secure Linux 1.1
Linux kernel 2.2.15 pre20
Linux kernel 2.2.15 pre16
Linux kernel 2.2.15
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 7.1
Linux kernel 2.2.14
+ Red Hat Linux 6.2
+ SCO eDesktop 2.4
+ SCO eServer 2.3.1
+ Sun Cobalt RaQ 4
Linux kernel 2.2.13
+ S.u.S.E. Linux 6.4
+ S.u.S.E. Linux 6.3
Linux kernel 2.2.12
Linux kernel 2.2.11
Linux kernel 2.2.10
+ Caldera OpenLinux 2.3
Linux kernel 2.2.9
Linux kernel 2.2.8
Linux kernel 2.2.7
Linux kernel 2.2.3
Linux kernel 2.2.2
Linux kernel 2.2.1
Linux kernel 2.2
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya MN100
Avaya Intuity LX
Avaya Integrated Management
Avaya CVLAN
Avaya Converged Communications Server 2.0
Linux kernel 2.6.9

- 不受影响的程序版本

Linux kernel 2.6.9

- 漏洞讨论

A race condition vulnerability exists in the Linux Kernel terminal subsystem. This issue is related to terminal locking and is exposed when a remote user connects to the computer through a PPP dialup port.

Reportedly, when the remote user issues the switch from console to PPP, there is a small window of opportunity to send data that will trigger the vulnerability. The report indicates that this may cause a denial of service. It is unknown if there are other impacts for this vulnerability.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

This issue has been addressed in version 2.6.9 of the Linux Kernel. Patches are also available for 2.4.x releases.

The Fedora Legacy project has released advisory FLSA:2336 to address this issue for Red Hat Fedora Core 1, Red Hat Linux 7.3 and 9. Please see the referenced advisory for further information.

Ubuntu Linux has released advisory USN-38-1 along with fixes to address this, and other issues. Please see the referenced advisory for further information.

MandrakeSoft has issued fixes in advisory MDKSA-2005:022. See reference section.

TurboLinux has released Turbolinux Security Announcement 28/Feb/2005 dealing with this and other issues. Please see the referenced advisory for more information.

SuSE Linux has released advisory SUSE-SA:2005:018 along with fixes dealing with this and other issues. Please see the referenced advisory for more information.

Red Hat released advisory RHSA-2005:293-16 as well as fixes to address this and other issues on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisories for additional information.

Avaya has released advisory ASA-2005-120 stating which Avaya products are vulnerable to this issue. Please see the referenced advisory for further details. No Avaya fixes are currently available.


Linux kernel 2.4.20

Linux kernel 2.4.21

Linux kernel 2.4.22

Linux kernel 2.4.25

Linux kernel 2.4.5

Linux kernel 2.6 -test6

Linux kernel 2.6 -test4

Linux kernel 2.6 -test2

Linux kernel 2.6 -test9-CVS

Linux kernel 2.6 -test7

Linux kernel 2.6 -test9

Linux kernel 2.6 -test10

Linux kernel 2.6.1 -rc2

Linux kernel 2.6.1

Linux kernel 2.6.2

Linux kernel 2.6.3

Linux kernel 2.6.4

Linux kernel 2.6.6 rc1

Linux kernel 2.6.6

Linux kernel 2.6.7

Linux kernel 2.6.8 rc2

Linux kernel 2.6.8 rc1

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站