CVE-2004-1017
CVSS10.0
发布时间 :2004-12-31 00:00:00
修订时间 :2010-08-21 00:21:39
NMCOPS    

[原文]Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x have unknown impact and unknown attack vectors.


[CNNVD]Linux Kernel USB io_edgeport驱动程序本地整数溢出漏洞(CNNVD-200412-170)

        Linux kernel 2.4.x的io_edgeport驱动程序的多个"overflows"存在未知影响和未知攻击向量。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9786Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x have unknown impact and unknown attack vectors.
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1017
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1017
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-170
(官方数据源) CNNVD

- 其它链接及资源

https://bugzilla.fedora.us/show_bug.cgi?id=2336
(PATCH)  FEDORA  FLSA:2336
http://xforce.iss.net/xforce/xfdb/18433
(UNKNOWN)  XF  linux-ioedgeport-bo(18433)
http://www.redhat.com/support/errata/RHSA-2004-689.html
(UNKNOWN)  REDHAT  RHSA-2004:689
http://www.securityfocus.com/bid/12102
(UNKNOWN)  BID  12102
http://www.redhat.com/support/errata/RHSA-2005-017.html
(UNKNOWN)  REDHAT  RHSA-2005:017
http://www.redhat.com/support/errata/RHSA-2005-016.html
(UNKNOWN)  REDHAT  RHSA-2005:016
http://www.debian.org/security/2006/dsa-1082
(UNKNOWN)  DEBIAN  DSA-1082
http://www.debian.org/security/2006/dsa-1070
(UNKNOWN)  DEBIAN  DSA-1070
http://www.debian.org/security/2006/dsa-1069
(UNKNOWN)  DEBIAN  DSA-1069
http://www.debian.org/security/2006/dsa-1067
(UNKNOWN)  DEBIAN  DSA-1067
http://www.debian.org/security/2006/dsa-1017
(UNKNOWN)  DEBIAN  DSA-1017
http://secunia.com/advisories/20338
(UNKNOWN)  SECUNIA  20338
http://secunia.com/advisories/20202
(UNKNOWN)  SECUNIA  20202
http://secunia.com/advisories/20163
(UNKNOWN)  SECUNIA  20163
http://secunia.com/advisories/20162
(UNKNOWN)  SECUNIA  20162
http://secunia.com/advisories/19374
(UNKNOWN)  SECUNIA  19374

- 漏洞信息

Linux Kernel USB io_edgeport驱动程序本地整数溢出漏洞
危急 缓冲区溢出
2004-12-31 00:00:00 2005-10-20 00:00:00
本地  
        Linux kernel 2.4.x的io_edgeport驱动程序的多个"overflows"存在未知影响和未知攻击向量。

- 公告与补丁

        Please see the referenced vendor advisories for information on obtaining and applying the appropriate updates.
        
        Linux kernel 2.4.16
        
        Linux kernel 2.4.17
        

- 漏洞信息 (F46509)

Debian Linux Security Advisory 1070-1 (PacketStormID:F46509)
2006-05-22 00:00:00
Debian,Dann Frazier  debian.org
advisory,remote,denial of service,arbitrary,kernel,local,vulnerability
linux,debian
CVE-2004-0427,CVE-2005-0489,CVE-2004-0394,CVE-2004-0447,CVE-2004-0554,CVE-2004-0565,CVE-2004-0685,CVE-2005-0001,CVE-2004-0883,CVE-2004-0949,CVE-2004-1016,CVE-2004-1333,CVE-2004-0997,CVE-2004-1335,CVE-2004-1017,CVE-2005-0124,CVE-2005-0528,CVE-2003-0984
[点击下载]

Debian Security Advisory 1070-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1070-1                    security@debian.org
http://www.debian.org/security/               Martin Schulze, Dann Frazier
May 21th, 2006                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : kernel-source-2.4.19,kernel-image-sparc-2.4,kernel-patch-2.4.19-mips
Vulnerability  : several
Problem-Type   : local/remote
Debian-specific: no
CVE IDs        : CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685  CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2005-0528 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135

Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:


 CVE-2004-0427

     A local denial of service vulnerability in do_fork() has been found.     

 CVE-2005-0489

     A local denial of service vulnerability in proc memory handling has
     been found.

 CVE-2004-0394

     A buffer overflow in the panic handling code has been found.

 CVE-2004-0447

     A local denial of service vulnerability through a null pointer
     dereference in the IA64 process handling code has been found.

 CVE-2004-0554

     A local denial of service vulnerability through an infinite loop in
     the signal handler code has been found.

 CVE-2004-0565

     An information leak in the context switch code has been found on
     the IA64 architecture.

 CVE-2004-0685

     Unsafe use of copy_to_user in USB drivers may disclose sensitive
     information.

 CVE-2005-0001

     A race condition in the i386 page fault handler may allow privilege
     escalation.

 CVE-2004-0883

     Multiple vulnerabilities in the SMB filesystem code may allow denial
     of service of information disclosure.

 CVE-2004-0949

     An information leak discovered in the SMB filesystem code.

 CVE-2004-1016

     A local denial of service vulnerability has been found in the SCM layer.

 CVE-2004-1333

     An integer overflow in the terminal code may allow a local denial of
     service vulnerability.

 CVE-2004-0997

     A local privilege escalation in the MIPS assembly code has been found.
 
 CVE-2004-1335
 
     A memory leak in the ip_options_get() function may lead to denial of
     service.
      
 CVE-2004-1017

     Multiple overflows exist in the io_edgeport driver which might be usable
     as a denial of service attack vector.
 
 CVE-2005-0124

     Bryan Fulton reported a bounds checking bug in the coda_pioctl function
     which may allow local users to execute arbitrary code or trigger a denial
     of service attack.

 CVE-2005-0528

     A local privilege escalation in the mremap function has been found

 CVE-2003-0984

     Inproper initialization of the RTC may disclose information.

 CVE-2004-1070

     Insufficient input sanitising in the load_elf_binary() function may
     lead to privilege escalation.

 CVE-2004-1071

     Incorrect error handling in the binfmt_elf loader may lead to privilege
     escalation.

 CVE-2004-1072

     A buffer overflow in the binfmt_elf loader may lead to privilege
     escalation or denial of service.

 CVE-2004-1073

     The open_exec function may disclose information.

 CVE-2004-1074

     The binfmt code is vulnerable to denial of service through malformed
     a.out binaries.

 CVE-2004-0138

     A denial of service vulnerability in the ELF loader has been found.

 CVE-2004-1068

     A programming error in the unix_dgram_recvmsg() function may lead to
     privilege escalation.

 CVE-2004-1234

     The ELF loader is vulnerable to denial of service through malformed
     binaries.

 CVE-2005-0003

     Crafted ELF binaries may lead to privilege escalation, due to 
     insufficient checking of overlapping memory regions.

 CVE-2004-1235

     A race condition in the load_elf_library() and binfmt_aout() functions
     may allow privilege escalation.

 CVE-2005-0504

     An integer overflow in the Moxa driver may lead to privilege escalation.

 CVE-2005-0384

     A remote denial of service vulnerability has been found in the PPP
     driver.

 CVE-2005-0135

     An IA64 specific local denial of service vulnerability has been found
     in the unw_unwind_to_user() function.

The following matrix explains which kernel version for which architecture
fix the problems mentioned above:

                                     Debian 3.0 (woody)
     Source                          2.4.19-4
     Sun Sparc architecture          26woody1
     Little endian MIPS architecture 0.020911.1.woody5


We recommend that you upgrade your kernel package immediately and reboot
the machine.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get dist-upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-sparc-2.4_26woody1.dsc
      Size/MD5 checksum:      692 27f44a0eec5837b0b01d26c6cff392be
    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-sparc-2.4_26woody1.tar.gz
      Size/MD5 checksum:    27768 6c719a6343c9ea0dad44a736b3842504
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5.dsc
      Size/MD5 checksum:      792 d7c89c90fad77944ca1c5a18327f31dd
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5.tar.gz
      Size/MD5 checksum:  1013866 21b4b677a7a319442c8fe8a4c72eb4c2
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3.dsc
      Size/MD5 checksum:      672 4c353db091e8edc4395e46cf8d39ec42
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3.diff.gz
      Size/MD5 checksum:    71071 7012adde9ba9a573e1be66f0d258721a
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19.orig.tar.gz
      Size/MD5 checksum: 32000211 237896fbb45ae652cc9c5cecc9b746da

  Architecture independent components:

    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-headers-2.4.18-sparc_22woody1_all.deb
      Size/MD5 checksum:  1521850 75d23c7c54094b1d25d3b708fd644407
    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-headers-2.4.19-sparc_26woody1_all.deb
      Size/MD5 checksum:  1547874 c6881b25e3a5967e0f6f9c351fb88962
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5_all.deb
      Size/MD5 checksum:  1014564 0e89364c2816f5f4519256a8ea367ab6
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-doc-2.4.19_2.4.19-4.woody3_all.deb
      Size/MD5 checksum:  1785490 c66cef9e87d9a89caeee02af31e3c96d
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3_all.deb
      Size/MD5 checksum: 25902158 321403201a198371fd55c9b8ac4583f7

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.18-sun4u_22woody1_sparc.deb
      Size/MD5 checksum:  3923058 db7bbd997410667bec4ac713d81d60ea
    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.18-sun4u-smp_22woody1_sparc.deb
      Size/MD5 checksum:  4044796 106fcb86485531d96b4fdada61b71405
    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.19-sun4u_26woody1_sparc.deb
      Size/MD5 checksum:  3831424 347b0c290989f0cc99f3b336c156f61d
    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.19-sun4u-smp_26woody1_sparc.deb
      Size/MD5 checksum:  3952220 f7dd8326c0ae0b0dee7c46e24023d0a2

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-headers-2.4.19_2.4.19-0.020911.1.woody5_mips.deb
      Size/MD5 checksum:  3890804 7348a8cd3961190aa2a19f562c96fe2f
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r4k-ip22_2.4.19-0.020911.1.woody5_mips.deb
      Size/MD5 checksum:  2080618 d52d00e7097ae0c8f4ccb6f34656361d
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r5k-ip22_2.4.19-0.020911.1.woody5_mips.deb
      Size/MD5 checksum:  2080830 db7141d3c0d86a43659176f974599cc2
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/mips-tools_2.4.19-0.020911.1.woody5_mips.deb
      Size/MD5 checksum:    15816 c31e3b72d6eac6f3f99f75ea838e0bf9

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEcAc/Xm3vHE4uyloRAtGHAJoC9+1ELp5vTYgL4SDsNOIndI5rqQCePabu
rmancVBp6F2Nfh1PHQQrOTk=
=7GeM
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F46508)

Debian Linux Security Advisory 1069-1 (PacketStormID:F46508)
2006-05-22 00:00:00
Debian,Dann Frazier  debian.org
advisory,remote,denial of service,arbitrary,kernel,local,vulnerability
linux,debian
CVE-2004-0427,CVE-2005-0489,CVE-2004-0394,CVE-2004-0447,CVE-2004-0554,CVE-2004-0565,CVE-2004-0685,CVE-2005-0001,CVE-2004-0883,CVE-2004-0949,CVE-2004-1016,CVE-2004-1333,CVE-2004-0997,CVE-2004-1335,CVE-2004-1017,CVE-2005-0124,CVE-2005-0528,CVE-2003-0984
[点击下载]

Debian Security Advisory 1069-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1069-1                    security@debian.org
http://www.debian.org/security/               Martin Schulze, Dann Frazier
May 20th, 2006                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : kernel-source-2.4.18,kernel-image-2.4.18-1-alpha,kernel-image-2.4.18-1-i386,kernel-image-2.4.18-hppa,kernel-image-2.4.18-powerpc-xfs,kernel-patch-2.4.18-powerpc,kernel-patch-benh
Vulnerability  : several
Problem-Type   : local/remote
Debian-specific: no
CVE IDs        : CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685  CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2005-0528 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135

Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:


 CVE-2004-0427

     A local denial of service vulnerability in do_fork() has been found.     

 CVE-2005-0489

     A local denial of service vulnerability in proc memory handling has
     been found.

 CVE-2004-0394

     A buffer overflow in the panic handling code has been found.

 CVE-2004-0447

     A local denial of service vulnerability through a null pointer
     dereference in the IA64 process handling code has been found.

 CVE-2004-0554

     A local denial of service vulnerability through an infinite loop in
     the signal handler code has been found.

 CVE-2004-0565

     An information leak in the context switch code has been found on
     the IA64 architecture.

 CVE-2004-0685

     Unsafe use of copy_to_user in USB drivers may disclose sensitive
     information.

 CVE-2005-0001

     A race condition in the i386 page fault handler may allow privilege
     escalation.

 CVE-2004-0883

     Multiple vulnerabilities in the SMB filesystem code may allow denial
     of service of information disclosure.

 CVE-2004-0949

     An information leak discovered in the SMB filesystem code.

 CVE-2004-1016

     A local denial of service vulnerability has been found in the SCM layer.

 CVE-2004-1333

     An integer overflow in the terminal code may allow a local denial of
     service vulnerability.

 CVE-2004-0997

     A local privilege escalation in the MIPS assembly code has been found.
 
 CVE-2004-1335
 
     A memory leak in the ip_options_get() function may lead to denial of
     service.
      
 CVE-2004-1017

     Multiple overflows exist in the io_edgeport driver which might be usable
     as a denial of service attack vector.
 
 CVE-2005-0124

     Bryan Fulton reported a bounds checking bug in the coda_pioctl function
     which may allow local users to execute arbitrary code or trigger a denial
     of service attack.

 CVE-2005-0528

     A local privilege escalation in the mremap function has been found

 CVE-2003-0984

     Inproper initialization of the RTC may disclose information.

 CVE-2004-1070

     Insufficient input sanitising in the load_elf_binary() function may
     lead to privilege escalation.

 CVE-2004-1071

     Incorrect error handling in the binfmt_elf loader may lead to privilege
     escalation.

 CVE-2004-1072

     A buffer overflow in the binfmt_elf loader may lead to privilege
     escalation or denial of service.

 CVE-2004-1073

     The open_exec function may disclose information.

 CVE-2004-1074

     The binfmt code is vulnerable to denial of service through malformed
     a.out binaries.

 CVE-2004-0138

     A denial of service vulnerability in the ELF loader has been found.

 CVE-2004-1068

     A programming error in the unix_dgram_recvmsg() function may lead to
     privilege escalation.

 CVE-2004-1234

     The ELF loader is vulnerable to denial of service through malformed
     binaries.

 CVE-2005-0003

     Crafted ELF binaries may lead to privilege escalation, due to 
     insufficient checking of overlapping memory regions.

 CVE-2004-1235

     A race condition in the load_elf_library() and binfmt_aout() functions
     may allow privilege escalation.

 CVE-2005-0504

     An integer overflow in the Moxa driver may lead to privilege escalation.

 CVE-2005-0384

     A remote denial of service vulnerability has been found in the PPP
     driver.

 CVE-2005-0135

     An IA64 specific local denial of service vulnerability has been found
     in the unw_unwind_to_user() function.

The following matrix explains which kernel version for which architecture
fix the problems mentioned above:

                                     Debian 3.0 (woody)
     Source                          2.4.18-14.4
     Alpha architecture              2.4.18-15woody1
     Intel IA-32 architecture        2.4.18-13.2
     HP Precision architecture       62.4 
     PowerPC architecture            2.4.18-1woody6
     PowerPC architecture/XFS        20020329woody1            
     PowerPC architecture/benh       20020304woody1
     Sun Sparc architecture          22woody1    

We recommend that you upgrade your kernel package immediately and reboot
the machine.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get dist-upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEb9YGXm3vHE4uyloRAkhXAJ0e1RmUxVZSbQICFa/j07oKPfWRVwCeMrhj
wYGegwosZg6xi3oI77opLQY=
=eu/T
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F46506)

Debian Linux Security Advisory 1067-1 (PacketStormID:F46506)
2006-05-22 00:00:00
Debian,Dann Frazier  debian.org
advisory,remote,denial of service,arbitrary,kernel,local,vulnerability
linux,debian
CVE-2004-0427,CVE-2005-0489,CVE-2004-0394,CVE-2004-0447,CVE-2004-0554,CVE-2004-0565,CVE-2004-0685,CVE-2005-0001,CVE-2004-0883,CVE-2004-0949,CVE-2004-1016,CVE-2004-1333,CVE-2004-0997,CVE-2004-1335,CVE-2004-1017,CVE-2005-0124,CVE-2005-0528,CVE-2003-0984
[点击下载]

Debian Security Advisory 1067-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1067-1                    security@debian.org
http://www.debian.org/security/               Martin Schulze, Dann Frazier
May 20th, 2006                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : kernel-source-2.4.16,kernel-image-2.4.16-lart,kernel-image-2.4.16-riscpc,kernel-image-2.4.16-netwinder
Vulnerability  : several
Problem-Type   : local/remote
Debian-specific: no
CVE IDs        : CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685  CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2005-0528 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135

Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:


 CVE-2004-0427

     A local denial of service vulnerability in do_fork() has been found.     

 CVE-2005-0489

     A local denial of service vulnerability in proc memory handling has
     been found.

 CVE-2004-0394

     A buffer overflow in the panic handling code has been found.

 CVE-2004-0447

     A local denial of service vulnerability through a null pointer
     dereference in the IA64 process handling code has been found.

 CVE-2004-0554

     A local denial of service vulnerability through an infinite loop in
     the signal handler code has been found.

 CVE-2004-0565

     An information leak in the context switch code has been found on
     the IA64 architecture.

 CVE-2004-0685

     Unsafe use of copy_to_user in USB drivers may disclose sensitive
     information.

 CVE-2005-0001

     A race condition in the i386 page fault handler may allow privilege
     escalation.

 CVE-2004-0883

     Multiple vulnerabilities in the SMB filesystem code may allow denial
     of service of information disclosure.

 CVE-2004-0949

     An information leak discovered in the SMB filesystem code.

 CVE-2004-1016

     A local denial of service vulnerability has been found in the SCM layer.

 CVE-2004-1333

     An integer overflow in the terminal code may allow a local denial of
     service vulnerability.

 CVE-2004-0997

     A local privilege escalation in the MIPS assembly code has been found.
 
 CVE-2004-1335
 
     A memory leak in the ip_options_get() function may lead to denial of
     service.
      
 CVE-2004-1017

     Multiple overflows exist in the io_edgeport driver which might be usable
     as a denial of service attack vector.
 
 CVE-2005-0124

     Bryan Fulton reported a bounds checking bug in the coda_pioctl function
     which may allow local users to execute arbitrary code or trigger a denial
     of service attack.

 CVE-2005-0528

     A local privilege escalation in the mremap function has been found

 CVE-2003-0984

     Inproper initialization of the RTC may disclose information.

 CVE-2004-1070

     Insufficient input sanitising in the load_elf_binary() function may
     lead to privilege escalation.

 CVE-2004-1071

     Incorrect error handling in the binfmt_elf loader may lead to privilege
     escalation.

 CVE-2004-1072

     A buffer overflow in the binfmt_elf loader may lead to privilege
     escalation or denial of service.

 CVE-2004-1073

     The open_exec function may disclose information.

 CVE-2004-1074

     The binfmt code is vulnerable to denial of service through malformed
     a.out binaries.

 CVE-2004-0138

     A denial of service vulnerability in the ELF loader has been found.

 CVE-2004-1068

     A programming error in the unix_dgram_recvmsg() function may lead to
     privilege escalation.

 CVE-2004-1234

     The ELF loader is vulnerable to denial of service through malformed
     binaries.

 CVE-2005-0003

     Crafted ELF binaries may lead to privilege escalation, due to 
     insufficient checking of overlapping memory regions.

 CVE-2004-1235

     A race condition in the load_elf_library() and binfmt_aout() functions
     may allow privilege escalation.

 CVE-2005-0504

     An integer overflow in the Moxa driver may lead to privilege escalation.

 CVE-2005-0384

     A remote denial of service vulnerability has been found in the PPP
     driver.

 CVE-2005-0135

     An IA64 specific local denial of service vulnerability has been found
     in the unw_unwind_to_user() function.

The following matrix explains which kernel version for which architecture
fix the problems mentioned above:

                                     Debian 3.0 (woody)
     Source                          2.4.16-1woody2
     arm/lart                        20040419woody1
     arm/netwinder                   20040419woody1
     arm/riscpc                      20040419woody1

We recommend that you upgrade your kernel package immediately and reboot
the machine.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get dist-upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1.dsc
      Size/MD5 checksum:      655 cbaba3ab1ea1f99557d717bb19908dc8
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1.tar.gz
      Size/MD5 checksum:    16628 c10d76a01d03e58049b594270d7fd7c5
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1.dsc
      Size/MD5 checksum:      693 be25ede481365d969f465a0356bfe047
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1.tar.gz
      Size/MD5 checksum:    21947 12d6a2977ba7683e48e92293e4a87cf6
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1.dsc
      Size/MD5 checksum:      661 6895c73dc50b56d48588e3f053fbcc05
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1.tar.gz
      Size/MD5 checksum:    19300 3e60e7aa88e553221264f1b004d9091d
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3.dsc
      Size/MD5 checksum:      680 81e8e543d617f8464a222767e18aa261
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3.diff.gz
      Size/MD5 checksum:    46430 d164de27560966cb695141de9b004e7e
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16.orig.tar.gz
      Size/MD5 checksum: 29364642 8e42e72848dc5098b6433d66d5cacffc

  ARM architecture:

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1_arm.deb
      Size/MD5 checksum:   718814 87806c13fa914865ecc00f784c64a8f4
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-headers-2.4.16_20040419woody1_arm.deb
      Size/MD5 checksum:  3437272 3061b1a8212d2538bdbffa9609300322
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1_arm.deb
      Size/MD5 checksum:  6675192 b588a74f3b53c06ef3ffb26218c6e191
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1_arm.deb
      Size/MD5 checksum:  2914360 3df4986a2bfa64ddea35cb2b76d390a5

  Architecture independent components:

    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-doc-2.4.16_2.4.16-1woody3_all.deb
      Size/MD5 checksum:  1718004 b458e950b6aabb99a781f507c2015dd3
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3_all.deb
      Size/MD5 checksum: 23820868 3001c4af6222fa22ecba3053a146e248

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEbtDmXm3vHE4uyloRAhZsAJ0Uw7DM7RtiBSmWWskg8FXq0do5TACeMk43
Y8lxItKTeEpmOE/9asuJ6UU=
=fM5d
-----END PGP SIGNATURE-----

    

- 漏洞信息

12349
Linux Kernel io_edgeport Driver Local Overflow
Local Access Required Input Manipulation
Loss of Integrity, Loss of Availability
Exploit Unknown

- 漏洞描述

A local overflow exists in the edge_startup() function of the io_edgeport driver. The edge_startup() fails to check boundaries resulting in an overflow. With a USB dongle, an attacker can cause the kernel to crash or may be able to gain elevated privileges resulting in a loss of integrity and availability.

- 时间线

2004-12-10 2004-07-01
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Red Hat has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Linux Kernel USB io_edgeport Driver Local Integer Overflow Vulnerability
Boundary Condition Error 12102
No Yes
2004-07-01 12:00:00 2007-01-18 02:40:00
Willem Riede is credited with the discovery of this issue.

- 受影响的程序版本

RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Linux kernel 2.4.21
+ Conectiva Linux 9.0
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ SuSE SUSE Linux Enterprise Server 8
Linux kernel 2.4.20
+ CRUX CRUX Linux 1.0
+ Gentoo Linux 1.4
+ Gentoo Linux 1.2
+ RedHat Linux 9.0 i386
+ Slackware Linux 9.0
+ WOLK WOLK 4.4 s
Linux kernel 2.4.19
+ Conectiva Linux 8.0
+ Conectiva Linux Enterprise Edition 1.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux 8.1
+ Slackware Linux -current
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7
Linux kernel 2.4.18
+ Astaro Security Linux 2.0 23
+ Astaro Security Linux 2.0 16
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
+ Red Hat Enterprise Linux AS 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Linux 8.0
+ RedHat Linux 7.3
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. Linux Office Server
+ S.u.S.E. Linux Openexchange Server
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. SuSE eMail Server 3.1
+ S.u.S.E. SuSE eMail Server III
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
Linux kernel 2.4.17
Linux kernel 2.4.16
+ Sun Cobalt RaQ 550
Linux kernel 2.4.15
Linux kernel 2.4.14
Linux kernel 2.4.13
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
Linux kernel 2.4.12
+ Conectiva Linux 7.0
Linux kernel 2.4.11
Linux kernel 2.4.10
+ S.u.S.E. Linux 7.3
Linux kernel 2.4.9
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Network Routing
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya MN100
Avaya Intuity LX
Avaya Converged Communications Server 2.0

- 漏洞讨论

A local integer-overflow vulnerability affects the Linux kernel's 'io_edgeport' USB driver. This issue is due to the driver's failure to validate integer bounds.

An attacker may leverage this issue to execute arbitrary instructions or cause the affected kernel to crash.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

Please see the referenced vendor advisories for information on obtaining and applying the appropriate updates.


Linux kernel 2.4.16

Linux kernel 2.4.17

Linux kernel 2.4.18

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站