CVE-2004-2302
CVSS2.6
发布时间 :2004-12-31 00:00:00
修订时间 :2016-11-18 21:59:20
NMCO    

[原文]Race condition in the sysfs_read_file and sysfs_write_file functions in Linux kernel before 2.6.10 allows local users to read kernel memory and cause a denial of service (crash) via large offsets in sysfs files.


[CNNVD]Linux Kernel SYSFS_Write_File本地整数溢出漏洞(CNNVD-200412-1126)

        Linux kernel 2.6.10之前版本的sysfs_read_file和 sysfs_write_file函数存在竞争条件漏洞。本地用户借助sysfs文件的超大偏移读取核心内存和导致服务拒绝(崩溃)。

- CVSS (基础分值)

CVSS分值: 2.6 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2302
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2302
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-1126
(官方数据源) CNNVD

- 其它链接及资源

http://kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.10-rc1/2.6.10-rc1-mm1/broken-out/fix-race-in-sysfs_read_file-and-sysfs_write_file.patch
(PATCH)  CONFIRM  http://kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.10-rc1/2.6.10-rc1-mm1/broken-out/fix-race-in-sysfs_read_file-and-sysfs_write_file.patch
http://linux.bkbits.net:8080/linux-2.6/cset%404186a4deVoR88JjTwMa3ZnIp-_YJsA
(PATCH)  CONFIRM  http://linux.bkbits.net:8080/linux-2.6/cset%404186a4deVoR88JjTwMa3ZnIp-_YJsA
http://www.debian.org/security/2005/dsa-922
(UNKNOWN)  DEBIAN  DSA-922
http://www.mandriva.com/security/advisories?name=MDKSA-2005:218
(UNKNOWN)  MANDRAKE  MDKSA-2005:218
http://www.novell.com/linux/security/advisories/2005_44_kernel.html
(VENDOR_ADVISORY)  SUSE  SUSE-SA:2005:044
http://www.securityfocus.com/bid/13091
(UNKNOWN)  BID  13091

- 漏洞信息

Linux Kernel SYSFS_Write_File本地整数溢出漏洞
低危 边界条件错误
2004-12-31 00:00:00 2010-04-02 00:00:00
本地  
        Linux kernel 2.6.10之前版本的sysfs_read_file和 sysfs_write_file函数存在竞争条件漏洞。本地用户借助sysfs文件的超大偏移读取核心内存和导致服务拒绝(崩溃)。

- 公告与补丁

        SuSE has released advisory SUSE-SA:2005:018 along with fixes dealing with this issue. Please see the referenced advisory for more information.
        Ubuntu Linux has released advisory USN-110-1 along with fixes dealing with this issue. Please see the referenced advisory for more information.
        RedHat has released advisory RHSA-2005:366-19 to address this, and other issues in RedHat Enterprise Linux 4, and RedHat Desktop 4 operating systems. Please see the referenced advisory for further information.
        SUSE has released advisory SUSE-SA:2005:044 to address various issues. Please see the referenced advisory for more information.
        Mandriva has released advisory MDKSA-2005:218 to address various issues affecting the Linux Kernel. Please see the referenced advisory for more information.
        Mandriva has released advisory MDKSA-2005:219 to address various issues affecting the Linux Kernel in Mandrake Linux 10.1. Please see the referenced advisory for more information.
        Debian GNU/Linux has released advisory DSA 922-1, along with fixes to address multiple kernel issues. Please see the referenced advisory for further information.
        
        Linux kernel 2.6.3
        
        Linux kernel 2.6.4
        
        Linux kernel 2.6.8 rc1
        

- 漏洞信息

18700
Linux kernel sysfs Large Offset Race Condition

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-11-01 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站