CVE-2005-0136
CVSS2.1
发布时间 :2005-12-31 00:00:00
修订时间 :2011-03-07 21:19:35
NMCOS    

[原文]The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service (crash) via crafted syscalls, possibly related to MCA/INIT, a different vulnerability than CVE-2005-1761.


[CNNVD]Linux内核审核代码未明本地拒绝服务漏洞(CNNVD-200512-902)

        Itanium IA64平台上的Linux kernel的2.6.11之前版本存在某些"进程跟踪边际情况",本地用户可以借此通过特制的syscall发起拒绝服务攻击(崩溃),可能与MCA/INIT有关。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.6.8.1.5::power4
cpe:/o:linux:linux_kernel:2.6.8.1.5::amd64
cpe:/o:linux:linux_kernel:2.6.8.1.5::amd64_xeon
cpe:/o:linux:linux_kernel:2.6.10:rc3Linux Kernel 2.6.10 Release Candidate 3
cpe:/o:linux:linux_kernel:2.6.10:rc1Linux Kernel 2.6.10 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.8.1.5::k7_smp
cpe:/o:linux:linux_kernel:2.6.9:rc4Linux Kernel 2.6.9 Release Candidate 4
cpe:/o:linux:linux_kernel:2.6.9:rc1Linux Kernel 2.6.9 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.8.1.5::386
cpe:/o:linux:linux_kernel:2.6.8.1.5::amd64_k8
cpe:/o:linux:linux_kernel:2.6.8:rc3Linux Kernel 2.6.8 Release Candidate 3
cpe:/o:linux:linux_kernel:2.6.8:rc2Linux Kernel 2.6.8 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.9:rc2Linux Kernel 2.6.9 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.8.1.5::686
cpe:/o:linux:linux_kernel:2.6.8.1.5::power3_smp
cpe:/o:linux:linux_kernel:2.6.9:final
cpe:/o:linux:linux_kernel:2.6.8.1Linux Kernel 2.6.8.1
cpe:/o:linux:linux_kernel:2.6.10:rc2Linux Kernel 2.6.10 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.8.1.5::powerpc_smp
cpe:/o:linux:linux_kernel:2.6.8:rc4Linux Kernel 2.6.8 Release Candidate 4
cpe:/o:linux:linux_kernel:2.6.9:2.6.20
cpe:/o:linux:linux_kernel:2.6.8.1.5::power4_smp
cpe:/o:linux:linux_kernel:2.6.8.1.5
cpe:/o:linux:linux_kernel:2.6.8.1.5::k7
cpe:/o:linux:linux_kernel:2.6.8.1.5::amd64_k8_smp
cpe:/o:linux:linux_kernel:2.6.8.1.5::686_smp
cpe:/o:linux:linux_kernel:2.6.8:rc1Linux Kernel 2.6.8 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.8.1.5::powerpc
cpe:/o:linux:linux_kernel:2.6.10Linux Kernel 2.6.10
cpe:/o:linux:linux_kernel:2.6.8Linux Kernel 2.6.8
cpe:/o:linux:linux_kernel:2.6.9:rc3Linux Kernel 2.6.9 Release Candidate 3
cpe:/o:linux:linux_kernel:2.6.8.1.5::power3

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11628The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of se...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0136
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0136
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-902
(官方数据源) CNNVD

- 其它链接及资源

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=155283
(PATCH)  MISC  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=155283
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148862
(PATCH)  MISC  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148862
http://www.redhat.com/support/errata/RHSA-2005-663.html
(PATCH)  REDHAT  RHSA-2005:663
http://www.redhat.com/support/errata/RHSA-2005-420.html
(PATCH)  REDHAT  RHSA-2005:420
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11
(PATCH)  CONFIRM  http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11
http://www.gelato.unsw.edu.au/archives/linux-ia64/0409/11073.html
(PATCH)  MLIST  [linux-ia64] 20040916 Re: [Patch] Per CPU MCA/INIT data save areas
http://secunia.com/advisories/17002
(VENDOR_ADVISORY)  SECUNIA  17002
http://openvz.org/news/updates/kernel-022stab045.1-released
(PATCH)  MISC  http://openvz.org/news/updates/kernel-022stab045.1-released
http://www.vupen.com/english/advisories/2005/1878
(UNKNOWN)  VUPEN  ADV-2005-1878
http://lists.alioth.debian.org/pipermail/kernel-svn-changes/2005-August/002597.html
(UNKNOWN)  MLIST  [kernel-svn-changes] 20050816 r3920 - in branches/dist/sarge-security: . kernel kernel/i386 kernel/source kernel/source/kernel-source-2.6.8-2.6.8/debian

- 漏洞信息

Linux内核审核代码未明本地拒绝服务漏洞
低危 资料不足
2005-12-31 00:00:00 2006-06-01 00:00:00
本地  
        Itanium IA64平台上的Linux kernel的2.6.11之前版本存在某些"进程跟踪边际情况",本地用户可以借此通过特制的syscall发起拒绝服务攻击(崩溃),可能与MCA/INIT有关。

- 公告与补丁

        Red Hat已经发布了公告RHSA-2005:420-22和修复补丁,用以解决此问题以及RedHat Linux企业版平台的其它问题。建议受该问题影响的客户应用适当的更新程序。订购Red Hat Network的客户可以使用Red Hat Update Agent (up2date)应用适当的修补程序。详见引述的公告。
        Red Hat已经发布公告RHSA-2005:420-24来解决各种影响内核的问题。请参阅 Web 参考中的建议了解更多信息。
        RedHat Linux已经发布公告RHSA-2005:663-19来解决此问题,以及RedHat Enterprise Linux 3操作系统上的其它问题。更多信息,请参见引用的公告。

- 漏洞信息

17235
Linux Kernel on Itanium Unspecified Auditing Code Local DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-06-08 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux Kernel Auditing Code Unspecified Local Denial Of Service Vulnerability
Unknown 13895
No Yes
2005-06-08 12:00:00 2009-07-12 02:56:00
This issue was announced in a vendor advisory.

- 受影响的程序版本

RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Desktop 4.0
RedHat Desktop 3.0
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Linux kernel 2.6.9
Linux kernel 2.6.8 rc3
Linux kernel 2.6.8 rc2
Linux kernel 2.6.8 rc1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.8
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.7 rc1
Linux kernel 2.6.7
Linux kernel 2.6.6 rc1
Linux kernel 2.6.6
Linux kernel 2.6.5
+ S.u.S.E. Linux Enterprise Server 9
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 2.6.1 -rc2
Linux kernel 2.6.1 -rc1
Linux kernel 2.6.1
Linux kernel 2.6

- 漏洞讨论

The Linux kernel is prone to an unspecified local denial of service vulnerability.

Reports indicate that the issue exists in the Linux kernel auditing code, and that local attacks on 64-Bit platforms could result in a kernel panic.

Successful attacks will deny service for legitimate users.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Red Hat has released advisory RHSA-2005:420-22 and fixes to address this issue and another issue on Red Hat Linux Enterprise platforms. Customers that are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

Red Hat has released an updated advisory RHSA-2005:420-24 to address various issues affecting the kernel. Please see the advisory in Web references for more information.

RedHat Linux has released advisory RHSA-2005:663-19 to address this, and other issues in RedHat Enterprise Linux 3 operating systems. Please see the referenced advisory for further information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站