CVE-2004-1058
CVSS1.2
发布时间 :2005-01-10 00:00:00
修订时间 :2011-03-07 21:16:34
NMCOPS    

[原文]Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline.


[CNNVD]Linux Kernel RaceCondition 信息泄露漏洞(CNNVD-200501-120)

        LinuxKernel是开源操作系统Linux所使用的内核。
        Linux Kernel 2.6版本中进程再生处理时存在竞争条件问题,存在信息泄露漏洞。
        本地用户可利用这个漏洞,获得存在于/proc/.../cmdline中其他程序的环境变量信息。

- CVSS (基础分值)

CVSS分值: 1.2 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.6_test9_cvs
cpe:/o:linux:linux_kernel:2.6.0:test2Linux Kernel 2.6 test2
cpe:/o:linux:linux_kernel:2.6.1Linux Kernel 2.6.1
cpe:/o:linux:linux_kernel:2.6.7:rc1Linux Kernel 2.6.7 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.4Linux Kernel 2.6.4
cpe:/o:linux:linux_kernel:2.6.0:test9Linux Kernel 2.6 test9
cpe:/o:linux:linux_kernel:2.6.8:rc3Linux Kernel 2.6.8 Release Candidate 3
cpe:/o:linux:linux_kernel:2.6.8:rc2Linux Kernel 2.6.8 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.0:test5Linux Kernel 2.6 test5
cpe:/o:linux:linux_kernel:2.6.0:test1Linux Kernel 2.6 test1
cpe:/o:linux:linux_kernel:2.6.10:rc2Linux Kernel 2.6.10 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.0:test11Linux Kernel 2.6 test11
cpe:/o:linux:linux_kernel:2.6.9:2.6.20
cpe:/o:linux:linux_kernel:2.6.1:rc1Linux Kernel 2.6.1 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.0:test7Linux Kernel 2.6 test7
cpe:/o:linux:linux_kernel:2.6.1:rc2Linux Kernel 2.6.1 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.2Linux Kernel 2.6.2
cpe:/o:linux:linux_kernel:2.6.0:test6Linux Kernel 2.6 test6
cpe:/o:linux:linux_kernel:2.6.0:test4Linux Kernel 2.6 test4
cpe:/o:linux:linux_kernel:2.6.0Linux Kernel 2.6.0
cpe:/o:linux:linux_kernel:2.6.8:rc1Linux Kernel 2.6.8 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.6:rc1Linux Kernel 2.6.6 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.3Linux Kernel 2.6.3
cpe:/o:linux:linux_kernel:2.6.0:test8Linux Kernel 2.6 test8
cpe:/o:linux:linux_kernel:2.6.0:test3Linux Kernel 2.6 test3
cpe:/o:linux:linux_kernel:2.6.8Linux Kernel 2.6.8
cpe:/o:linux:linux_kernel:2.6.0:test10Linux Kernel 2.6 test10
cpe:/o:linux:linux_kernel:2.6.5Linux Kernel 2.6.5
cpe:/o:ubuntu:ubuntu_linux:4.1::ia64
cpe:/o:linux:linux_kernel:2.6.7Linux Kernel 2.6.7
cpe:/o:linux:linux_kernel:2.6.6Linux Kernel 2.6.6
cpe:/o:ubuntu:ubuntu_linux:4.1::ppc

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10427Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1058
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1058
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-120
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/11937
(VENDOR_ADVISORY)  BID  11937
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
(UNKNOWN)  FEDORA  FLSA:152532
http://xforce.iss.net/xforce/xfdb/17151
(UNKNOWN)  XF  linux-spawning-race-condition(17151)
http://www.ubuntulinux.org/support/documentation/usn/usn-38-1
(UNKNOWN)  UBUNTU  USN-38-1
http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml
(UNKNOWN)  GENTOO  GLSA-200408-24
http://www.securityfocus.com/bid/11052
(UNKNOWN)  BID  11052
http://www.redhat.com/support/errata/RHSA-2006-0191.html
(UNKNOWN)  REDHAT  RHSA-2006:0191
http://www.redhat.com/support/errata/RHSA-2006-0190.html
(UNKNOWN)  REDHAT  RHSA-2006:0190
http://www.redhat.com/support/errata/RHSA-2005-293.html
(UNKNOWN)  REDHAT  RHSA-2005:293
http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
(UNKNOWN)  MANDRAKE  MDKSA-2005:022
http://www.debian.org/security/2006/dsa-1018
(UNKNOWN)  DEBIAN  DSA-1018
http://secunia.com/advisories/21476
(UNKNOWN)  SECUNIA  21476
http://secunia.com/advisories/19607
(UNKNOWN)  SECUNIA  19607
http://secunia.com/advisories/19369
(UNKNOWN)  SECUNIA  19369
http://secunia.com/advisories/19038
(UNKNOWN)  SECUNIA  19038
http://secunia.com/advisories/18684
(UNKNOWN)  SECUNIA  18684
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html
(UNKNOWN)  SUSE  SUSE-SA:2006:012
ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U
(UNKNOWN)  SGI  20060402-01-U

- 漏洞信息

Linux Kernel RaceCondition 信息泄露漏洞
低危 竞争条件
2005-01-10 00:00:00 2005-10-20 00:00:00
本地  
        LinuxKernel是开源操作系统Linux所使用的内核。
        Linux Kernel 2.6版本中进程再生处理时存在竞争条件问题,存在信息泄露漏洞。
        本地用户可利用这个漏洞,获得存在于/proc/.../cmdline中其他程序的环境变量信息。

- 公告与补丁

        目前厂商还没有提供此漏洞的相关补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://www.kernel.org/

- 漏洞信息 (F35339)

Ubuntu Security Notice 38-1 (PacketStormID:F35339)
2004-12-30 00:00:00
Ubuntu  security.ubuntu.com
advisory,kernel,vulnerability
linux,ubuntu
CVE-2004-0814,CVE-2004-1016,CVE-2004-1056,CVE-2004-1058,CVE-2004-1068,CVE-2004-1069,CVE-2004-1137,CVE-2004-1151
[点击下载]

Ubuntu Security Notice USN-38-1 - This advisory covers all the recent vulnerabilities discovered in the Linux 2.6 kernel series.

===========================================================
Ubuntu Security Notice USN-38-1		  December 14, 2004
linux-source-2.6.8.1 vulnerabilities
CAN-2004-0814, CAN-2004-1016, CAN-2004-1056, CAN-2004-1058, 
CAN-2004-1068, CAN-2004-1069, CAN-2004-1137, CAN-2004-1151
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

linux-image-2.6.8.1-4-386
linux-image-2.6.8.1-4-686
linux-image-2.6.8.1-4-686-smp
linux-image-2.6.8.1-4-amd64-generic
linux-image-2.6.8.1-4-amd64-k8
linux-image-2.6.8.1-4-amd64-k8-smp
linux-image-2.6.8.1-4-amd64-xeon
linux-image-2.6.8.1-4-k7
linux-image-2.6.8.1-4-k7-smp
linux-image-2.6.8.1-4-power3
linux-image-2.6.8.1-4-power3-smp
linux-image-2.6.8.1-4-power4
linux-image-2.6.8.1-4-power4-smp
linux-image-2.6.8.1-4-powerpc
linux-image-2.6.8.1-4-powerpc-smp

The problem can be corrected by upgrading the affected package to
version 2.6.8.1-16.3. You need to reboot the computer after doing a
standard system upgrade to effect the necessary changes.

ATTENTION: Due to an unavoidable ABI change this kernel got a new
version number, which requires to recompile and reinstall all third
party kernel modules you might have installed. If you use
linux-restricted-modules, you have to update that package as well to
get modules which work with the new kernel version.

Details follow:

CAN-2004-0814:

  Vitaly V. Bursov discovered a Denial of Service vulnerability in the "serio"
  code; opening the same tty device twice and doing some particular operations on
  it caused a kernel panic and/or a system lockup.  

  Fixing this vulnerability required a change in the Application Binary
  Interface (ABI) of the kernel. This means that third party user installed
  modules might not work any more with the new kernel, so this fixed kernel got
  a new ABI version number. You have to recompile and reinstall all third party
  modules.

CAN-2004-1016:

  Paul Starzetz discovered a buffer overflow vulnerability in the "__scm_send"
  function which handles the sending of UDP network packets. A wrong validity
  check of the cmsghdr structure allowed a local attacker to modify kernel
  memory, thus causing an endless loop (Denial of Service) or possibly even
  root privilege escalation.

CAN-2004-1056:

  Thomas Hellstr    

- 漏洞信息

12562
Linux Kernel Spawning Process Environment Variable Disclosure
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-11-23 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux Kernel PROC Filesystem Local Information Disclosure Vulnerability
Race Condition Error 11937
No Yes
2004-12-14 12:00:00 2007-03-01 10:05:00
Rob Landley disclosed this vulnerability.

- 受影响的程序版本

Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
S.u.S.E. Linux Desktop 1.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
Mandriva Linux Mandrake 9.2 amd64
Mandriva Linux Mandrake 9.2
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
Linux kernel 2.6.10 rc2
Linux kernel 2.6.9
Linux kernel 2.6.8 rc3
Linux kernel 2.6.8 rc2
Linux kernel 2.6.8 rc1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.8
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.7 rc1
Linux kernel 2.6.7
Linux kernel 2.6.6 rc1
Linux kernel 2.6.6
Linux kernel 2.6.5
+ S.u.S.E. Linux Enterprise Server 9
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 2.6.1 -rc2
Linux kernel 2.6.1 -rc1
Linux kernel 2.6.1
Linux kernel 2.6 -test9-CVS
Linux kernel 2.6 -test9
Linux kernel 2.6 -test8
Linux kernel 2.6 -test7
Linux kernel 2.6 -test6
Linux kernel 2.6 -test5
Linux kernel 2.6 -test4
Linux kernel 2.6 -test3
Linux kernel 2.6 -test2
Linux kernel 2.6 -test11
Linux kernel 2.6 -test10
Linux kernel 2.6 -test1
Linux kernel 2.6
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya MN100
Avaya Intuity LX
Avaya Integrated Management
Avaya CVLAN
Avaya Converged Communications Server 2.0

- 漏洞讨论

The Linux kernel /proc filesystem is reported susceptible to an information-disclosure vulnerability. This issue is due to a race-condition allowing unauthorized access to potentially sensitive process information.

This vulnerability may allow malicious local users to gain access to potentially sensitive environment variables in other users' processes. Since some programs pass passwords and other sensitive information in environment variables, this may aid a malicious user in further attacks.

Further details are unavailable at this time. This BID will be updated as further analysis is completed.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Vendor updates are available. Please see the referenced advisories for details.


Red Hat Fedora Core1

Linux kernel 2.6

Linux kernel 2.6.3

Linux kernel 2.6.4

Linux kernel 2.6.8 rc1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站