CVE-2005-0178
CVSS6.2
发布时间 :2005-03-07 00:00:00
修订时间 :2016-10-17 23:08:12
NMCOP    

[原文]Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores.


[CNNVD]Linux setsid函数 拒绝服务攻击漏洞(CNNVD-200503-068)

        Linux 2.6.8.1之前版本的setsid函数中存在竞争状态,本地用户可以实施拒绝服务攻击(崩溃),并且有可能访问TTY更改、锁定和信号灯相关的部分内核内存。

- CVSS (基础分值)

CVSS分值: 6.2 [中等(MEDIUM)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.5.45Linux Kernel 2.5.45
cpe:/o:linux:linux_kernel:2.6.0:test4Linux Kernel 2.6 test4
cpe:/o:linux:linux_kernel:2.5.46Linux Kernel 2.5.46
cpe:/o:linux:linux_kernel:2.6.0:test5Linux Kernel 2.6 test5
cpe:/o:linux:linux_kernel:2.0.30Linux Kernel 2.0.30
cpe:/o:linux:linux_kernel:2.6.0:test2Linux Kernel 2.6 test2
cpe:/o:linux:linux_kernel:2.0.1Linux Kernel 2.0.1
cpe:/o:linux:linux_kernel:2.5.40Linux Kernel 2.5.40
cpe:/o:linux:linux_kernel:2.6.0:test3Linux Kernel 2.6 test3
cpe:/o:linux:linux_kernel:2.5.41Linux Kernel 2.5.41
cpe:/o:linux:linux_kernel:2.6.0:test8Linux Kernel 2.6 test8
cpe:/o:linux:linux_kernel:2.5.42Linux Kernel 2.5.42
cpe:/o:linux:linux_kernel:2.6.0:test9Linux Kernel 2.6 test9
cpe:/o:linux:linux_kernel:2.6.10Linux Kernel 2.6.10
cpe:/o:linux:linux_kernel:2.6.0:test6Linux Kernel 2.6 test6
cpe:/o:linux:linux_kernel:2.6.0:test7Linux Kernel 2.6 test7
cpe:/o:linux:linux_kernel:2.0.2Linux Kernel 2.0.2
cpe:/o:linux:linux_kernel:2.0.32Linux Kernel 2.0.32
cpe:/o:linux:linux_kernel:2.0.3Linux Kernel 2.0.3
cpe:/o:linux:linux_kernel:2.0.31Linux Kernel 2.0.31
cpe:/o:linux:linux_kernel:2.0.38Linux Kernel 2.0.38
cpe:/o:linux:linux_kernel:2.0.8Linux Kernel 2.0.8
cpe:/o:linux:linux_kernel:2.5.47Linux Kernel 2.5.47
cpe:/o:linux:linux_kernel:2.0.37Linux Kernel 2.0.37
cpe:/o:linux:linux_kernel:2.0.9Linux Kernel 2.0.9
cpe:/o:linux:linux_kernel:2.5.48Linux Kernel 2.5.48
cpe:/o:linux:linux_kernel:2.5.49Linux Kernel 2.5.49
cpe:/o:linux:linux_kernel:2.0.34Linux Kernel 2.0.34
cpe:/o:linux:linux_kernel:2.0.4Linux Kernel 2.0.4
cpe:/o:linux:linux_kernel:2.2.15:pre16Linux Kernel 2.2.15 pre16
cpe:/o:linux:linux_kernel:2.5.43Linux Kernel 2.5.43
cpe:/o:linux:linux_kernel:2.6.11Linux Kernel 2.6.11
cpe:/o:linux:linux_kernel:2.0.33Linux Kernel 2.0.33
cpe:/o:linux:linux_kernel:2.0.5Linux Kernel 2.0.5
cpe:/o:linux:linux_kernel:2.5.44Linux Kernel 2.5.44
cpe:/o:linux:linux_kernel:2.0.29Linux Kernel 2.0.29
cpe:/o:linux:linux_kernel:2.4.18::x86
cpe:/o:linux:linux_kernel:2.0.28Linux Kernel 2.0.28
cpe:/o:linux:linux_kernel:2.0.36Linux Kernel 2.0.36
cpe:/o:linux:linux_kernel:2.0.6Linux Kernel 2.0.6
cpe:/o:linux:linux_kernel:2.0.35Linux Kernel 2.0.35
cpe:/o:linux:linux_kernel:2.0.7Linux Kernel 2.0.7
cpe:/o:linux:linux_kernel:2.6.0:test11Linux Kernel 2.6 test11
cpe:/o:linux:linux_kernel:2.6.0:test1Linux Kernel 2.6 test1
cpe:/o:linux:linux_kernel:2.0.9.9
cpe:/o:linux:linux_kernel:2.6.0:test10Linux Kernel 2.6 test10
cpe:/o:linux:linux_kernel:2.5.56Linux Kernel 2.5.56
cpe:/o:linux:linux_kernel:2.5.57Linux Kernel 2.5.57
cpe:/o:linux:linux_kernel:2.5.50Linux Kernel 2.5.50
cpe:/o:linux:linux_kernel:2.6.20.1Linux Kernel 2.6.20.1
cpe:/o:linux:linux_kernel:2.5.51Linux Kernel 2.5.51
cpe:/o:linux:linux_kernel:2.5.52Linux Kernel 2.5.52
cpe:/o:linux:linux_kernel:2.5.53Linux Kernel 2.5.53
cpe:/o:linux:linux_kernel:2.5.58Linux Kernel 2.5.58
cpe:/o:linux:linux_kernel:2.4.22:pre10Linux Kernel 2.4.22 pre10
cpe:/o:linux:linux_kernel:2.5.59Linux Kernel 2.5.59
cpe:/o:linux:linux_kernel:2.5.54Linux Kernel 2.5.54
cpe:/o:linux:linux_kernel:2.5.55Linux Kernel 2.5.55
cpe:/o:linux:linux_kernel:2.0.39Linux Kernel 2.0.39
cpe:/o:linux:linux_kernel:2.6.8Linux Kernel 2.6.8
cpe:/o:linux:linux_kernel:2.6.1:rc2Linux Kernel 2.6.1 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.1:rc1Linux Kernel 2.6.1 Release Candidate 1
cpe:/o:linux:linux_kernel:2.5.0Linux Kernel 2.5.0
cpe:/o:linux:linux_kernel:2.5.4Linux Kernel 2.5.4
cpe:/o:linux:linux_kernel:2.5.3Linux Kernel 2.5.3
cpe:/o:linux:linux_kernel:2.5.2Linux Kernel 2.5.2
cpe:/o:linux:linux_kernel:2.5.1Linux Kernel 2.5.1
cpe:/o:linux:linux_kernel:2.6.6:rc1Linux Kernel 2.6.6 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.7:rc1Linux Kernel 2.6.7 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.8:rc1Linux Kernel 2.6.8 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.8:rc2Linux Kernel 2.6.8 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.8:rc3Linux Kernel 2.6.8 Release Candidate 3
cpe:/a:netkit:linux_netkit:0.17.17
cpe:/o:linux:linux_kernel:2.4.23_ow2
cpe:/o:linux:linux_kernel:2.6.7Linux Kernel 2.6.7
cpe:/o:linux:linux_kernel:2.6.6Linux Kernel 2.6.6
cpe:/o:linux:linux_kernel:2.6.5Linux Kernel 2.6.5
cpe:/o:linux:linux_kernel:2.6.4Linux Kernel 2.6.4
cpe:/o:linux:linux_kernel:2.6.11.7Linux Kernel 2.6.11.7
cpe:/o:linux:linux_kernel:2.6.11.6Linux Kernel 2.6.11.6
cpe:/o:linux:linux_kernel:2.4.27:pre5Linux Kernel 2.4.27 pre5
cpe:/o:linux:linux_kernel:2.4.27:pre3Linux Kernel 2.4.27 pre3
cpe:/o:linux:linux_kernel:2.6.11.5Linux Kernel 2.6.11.5
cpe:/o:linux:linux_kernel:2.6.11.4Linux Kernel 2.6.11.4
cpe:/o:linux:linux_kernel:2.2.10Linux Kernel 2.2.10
cpe:/o:linux:linux_kernel:2.6.11.8Linux Kernel 2.6.11.8
cpe:/o:linux:linux_kernel:2.4.0:test4Linux Kernel 2.4.0 test4
cpe:/o:linux:linux_kernel:2.6.11.3Linux Kernel 2.6.11.3
cpe:/o:linux:linux_kernel:2.4.0:test5Linux Kernel 2.4.0 test5
cpe:/o:linux:linux_kernel:2.6.11.2Linux Kernel 2.6.11.2
cpe:/o:linux:linux_kernel:2.2.11Linux Kernel 2.2.11
cpe:/o:linux:linux_kernel:2.2.12Linux Kernel 2.2.12
cpe:/o:linux:linux_kernel:2.2.17Linux Kernel 2.2.17
cpe:/o:linux:linux_kernel:2.2.18Linux Kernel 2.2.18
cpe:/o:linux:linux_kernel:2.6.11.1Linux Kernel 2.6.11.1
cpe:/o:linux:linux_kernel:2.6.3Linux Kernel 2.6.3
cpe:/o:linux:linux_kernel:2.6.2Linux Kernel 2.6.2
cpe:/o:linux:linux_kernel:2.2.13Linux Kernel 2.2.13
cpe:/o:linux:linux_kernel:2.2.14Linux Kernel 2.2.14
cpe:/a:netkit:linux_netkit:0.17
cpe:/o:linux:linux_kernel:2.4.27:pre4Linux Kernel 2.4.27 pre4
cpe:/o:linux:linux_kernel:2.4.21:pre4Linux Kernel 2.4.21 pre4
cpe:/o:linux:linux_kernel:2.6.1Linux Kernel 2.6.1
cpe:/o:linux:linux_kernel:2.6.0Linux Kernel 2.6.0
cpe:/o:linux:linux_kernel:2.2.15Linux Kernel 2.2.15
cpe:/o:linux:linux_kernel:2.2.16Linux Kernel 2.2.16
cpe:/o:linux:linux_kernel:2.4.21:pre7Linux Kernel 2.4.21 pre7
cpe:/o:linux:linux_kernel:2.4.23:pre9Linux Kernel 2.4.23 pre9
cpe:/o:linux:linux_kernel:2.2.16:pre6Linux Kernel 2.2.16 pre6
cpe:/o:linux:linux_kernel:2.2.20Linux Kernel 2.2.20
cpe:/o:linux:linux_kernel:2.2.21Linux Kernel 2.2.21
cpe:/o:linux:linux_kernel:2.4.0:test1Linux Kernel 2.4.0 test1
cpe:/o:linux:linux_kernel:2.2.22Linux Kernel 2.2.22
cpe:/o:linux:linux_kernel:2.2.23Linux Kernel 2.2.23
cpe:/o:linux:linux_kernel:2.2.24Linux Kernel 2.2.24
cpe:/o:linux:linux_kernel:2.2.25Linux Kernel 2.2.25
cpe:/o:linux:linux_kernel:2.2.19Linux Kernel 2.2.19
cpe:/o:linux:linux_kernel:2.4.24_ow1
cpe:/o:linux:linux_kernel:2.4.12Linux Kernel 2.4.12
cpe:/o:linux:linux_kernel:2.4.11Linux Kernel 2.4.11
cpe:/o:linux:linux_kernel:2.4.18:pre1Linux Kernel 2.4.18 pre1
cpe:/o:linux:linux_kernel:2.4.18:pre2Linux Kernel 2.4.18 pre2
cpe:/o:linux:linux_kernel:2.4.19:pre1Linux Kernel 2.4.19 pre1
cpe:/o:linux:linux_kernel:2.4.19:pre2Linux Kernel 2.4.19 pre2
cpe:/o:linux:linux_kernel:2.4.19Linux Kernel 2.4.19
cpe:/o:linux:linux_kernel:2.4.14Linux Kernel 2.4.14
cpe:/o:linux:linux_kernel:2.4.13Linux Kernel 2.4.13
cpe:/o:linux:linux_kernel:2.4.16Linux Kernel 2.4.16
cpe:/o:linux:linux_kernel:2.4.15Linux Kernel 2.4.15
cpe:/o:linux:linux_kernel:2.3.0Linux Kernel 2.3
cpe:/o:linux:linux_kernel:2.4.10Linux Kernel 2.4.10
cpe:/o:linux:linux_kernel:2.4.18Linux Kernel 2.4.18
cpe:/o:linux:linux_kernel:2.4.17Linux Kernel 2.4.17
cpe:/o:linux:linux_kernel:2.4.18:pre6Linux Kernel 2.4.18 pre6
cpe:/o:linux:linux_kernel:2.4.18:pre3Linux Kernel 2.4.18 pre3
cpe:/o:linux:linux_kernel:2.4.27:pre1Linux Kernel 2.4.27 pre1
cpe:/o:linux:linux_kernel:2.4.18:pre4Linux Kernel 2.4.18 pre4
cpe:/o:linux:linux_kernel:2.4.19:pre5Linux Kernel 2.4.19 pre5
cpe:/o:linux:linux_kernel:2.4.27:pre2Linux Kernel 2.4.27 pre2
cpe:/o:linux:linux_kernel:2.4.3:pre3Linux Kernel 2.4.3 pre3
cpe:/o:linux:linux_kernel:2.4.19:pre6Linux Kernel 2.4.19 pre6
cpe:/o:linux:linux_kernel:2.4.21:pre1Linux Kernel 2.4.21 pre1
cpe:/o:linux:linux_kernel:2.4.19:pre3Linux Kernel 2.4.19 pre3
cpe:/o:linux:linux_kernel:2.4.18:pre7Linux Kernel 2.4.18 pre7
cpe:/o:linux:linux_kernel:2.4.19:pre4Linux Kernel 2.4.19 pre4
cpe:/o:linux:linux_kernel:2.4.18:pre8Linux Kernel 2.4.18 pre8
cpe:/o:linux:linux_kernel:2.4.23Linux Kernel 2.4.23
cpe:/o:linux:linux_kernel:2.4.22Linux Kernel 2.4.22
cpe:/o:linux:linux_kernel:2.4.18:pre5Linux Kernel 2.4.18 pre5
cpe:/o:linux:linux_kernel:2.4.25Linux Kernel 2.4.25
cpe:/o:linux:linux_kernel:2.4.24Linux Kernel 2.4.24
cpe:/o:linux:linux_kernel:2.4.30:rc2Linux Kernel 2.4.30 rc2
cpe:/o:linux:linux_kernel:2.4.27Linux Kernel 2.4.27
cpe:/o:linux:linux_kernel:2.4.26Linux Kernel 2.4.26
cpe:/o:linux:linux_kernel:2.4.21Linux Kernel 2.4.21
cpe:/o:linux:linux_kernel:2.4.20Linux Kernel 2.4.20
cpe:/o:linux:linux_kernel:2.4.9Linux Kernel 2.4.9
cpe:/o:linux:linux_kernel:2.4.8Linux Kernel 2.4.8
cpe:/o:linux:linux_kernel:2.4.29Linux Kernel 2.4.29
cpe:/o:linux:linux_kernel:2.4.30:rc3Linux Kernel 2.4.30 rc3
cpe:/o:linux:linux_kernel:2.4.7Linux Kernel 2.4.7
cpe:/o:linux:linux_kernel:2.4.28Linux Kernel 2.4.28
cpe:/o:linux:linux_kernel:2.4.6Linux Kernel 2.4.6
cpe:/a:vserver:linux-vserver:1.21
cpe:/a:vserver:linux-vserver:1.24
cpe:/a:vserver:linux-vserver:1.22
cpe:/o:linux:linux_kernel:2.5.9Linux Kernel 2.5.9
cpe:/o:linux:linux_kernel:2.1
cpe:/o:linux:linux_kernel:2.0
cpe:/a:vserver:linux-vserver:1.20
cpe:/a:vserver:linux-vserver:1.23
cpe:/o:linux:linux_kernel:2.3.99:pre7Linux Kernel 2.3.99 pre7
cpe:/o:linux:linux_kernel:2.4.1Linux Kernel 2.4.1
cpe:/o:linux:linux_kernel:2.4.0Linux Kernel 2.4.0
cpe:/o:linux:linux_kernel:2.3.99:pre4Linux Kernel 2.3.99 pre4
cpe:/o:linux:linux_kernel:2.3.99:pre3Linux Kernel 2.3.99 pre3
cpe:/o:linux:linux_kernel:2.4.5Linux Kernel 2.4.5
cpe:/o:linux:linux_kernel:2.3.99:pre6Linux Kernel 2.3.99 pre6
cpe:/o:linux:linux_kernel:2.4.4Linux Kernel 2.4.4
cpe:/o:linux:linux_kernel:2.1.89Linux Kernel 2.1.89
cpe:/o:linux:linux_kernel:2.3.99:pre5Linux Kernel 2.3.99 pre5
cpe:/o:linux:linux_kernel:2.4.3Linux Kernel 2.4.3
cpe:/o:linux:linux_kernel:2.4.2Linux Kernel 2.4.2
cpe:/o:linux:linux_kernel:2.5.8Linux Kernel 2.5.8
cpe:/o:linux:linux_kernel:2.5.7Linux Kernel 2.5.7
cpe:/o:linux:linux_kernel:2.5.6Linux Kernel 2.5.6
cpe:/o:linux:linux_kernel:2.5.5Linux Kernel 2.5.5
cpe:/o:linux:linux_kernel:2.5.23Linux Kernel 2.5.23
cpe:/o:linux:linux_kernel:2.5.24Linux Kernel 2.5.24
cpe:/o:linux:linux_kernel:2.5.20Linux Kernel 2.5.20
cpe:/o:linux:linux_kernel:2.0.10Linux Kernel 2.0.10
cpe:/o:linux:linux_kernel:2.0.16Linux Kernel 2.0.16
cpe:/o:linux:linux_kernel:2.5.25Linux Kernel 2.5.25
cpe:/o:linux:linux_kernel:2.0.15Linux Kernel 2.0.15
cpe:/o:linux:linux_kernel:2.5.26Linux Kernel 2.5.26
cpe:/o:linux:linux_kernel:2.5.27Linux Kernel 2.5.27
cpe:/o:linux:linux_kernel:2.5.28Linux Kernel 2.5.28
cpe:/o:linux:linux_kernel:2.0.12Linux Kernel 2.0.12
cpe:/o:linux:linux_kernel:2.5.21Linux Kernel 2.5.21
cpe:/o:linux:linux_kernel:2.0.11Linux Kernel 2.0.11
cpe:/o:linux:linux_kernel:2.5.22Linux Kernel 2.5.22
cpe:/o:linux:linux_kernel:2.0.14Linux Kernel 2.0.14
cpe:/o:linux:linux_kernel:2.0.13Linux Kernel 2.0.13
cpe:/o:linux:linux_kernel:2.5.29Linux Kernel 2.5.29
cpe:/o:linux:linux_kernel:2.3.99Linux Kernel 2.3.99
cpe:/o:linux:linux_kernel:2.5.34Linux Kernel 2.5.34
cpe:/o:linux:linux_kernel:2.3.99:pre2Linux Kernel 2.3.99 pre2
cpe:/o:linux:linux_kernel:2.5.35Linux Kernel 2.5.35
cpe:/o:linux:linux_kernel:2.3.99:pre1Linux Kernel 2.3.99 pre1
cpe:/o:linux:linux_kernel:2.5.30Linux Kernel 2.5.30
cpe:/o:linux:linux_kernel:2.5.31Linux Kernel 2.5.31
cpe:/o:linux:linux_kernel:2.0.21Linux Kernel 2.0.21
cpe:/o:linux:linux_kernel:2.4.0:test2Linux Kernel 2.4.0 test2
cpe:/o:linux:linux_kernel:2.0.20Linux Kernel 2.0.20
cpe:/o:linux:linux_kernel:2.4.0:test3Linux Kernel 2.4.0 test3
cpe:/o:linux:linux_kernel:2.0.27Linux Kernel 2.0.27
cpe:/o:linux:linux_kernel:2.4.0:test8Linux Kernel 2.4.0 test8
cpe:/o:linux:linux_kernel:2.5.36Linux Kernel 2.5.36
cpe:/o:linux:linux_kernel:2.0.26Linux Kernel 2.0.26
cpe:/o:linux:linux_kernel:2.4.0:test9Linux Kernel 2.4.0 test9
cpe:/o:linux:linux_kernel:2.5.37Linux Kernel 2.5.37
cpe:/o:linux:linux_kernel:2.4.0:test6Linux Kernel 2.4.0 test6
cpe:/o:linux:linux_kernel:2.5.38Linux Kernel 2.5.38
cpe:/o:linux:linux_kernel:2.6.10:rc2Linux Kernel 2.6.10 Release Candidate 2
cpe:/o:linux:linux_kernel:2.4.0:test7Linux Kernel 2.4.0 test7
cpe:/o:linux:linux_kernel:2.5.39Linux Kernel 2.5.39
cpe:/o:linux:linux_kernel:2.0.23Linux Kernel 2.0.23
cpe:/o:linux:linux_kernel:2.5.32Linux Kernel 2.5.32
cpe:/o:linux:linux_kernel:2.0.22Linux Kernel 2.0.22
cpe:/o:linux:linux_kernel:2.5.33Linux Kernel 2.5.33
cpe:/o:linux:linux_kernel:2.0.18Linux Kernel 2.0.18
cpe:/o:linux:linux_kernel:2.0.17Linux Kernel 2.0.17
cpe:/o:linux:linux_kernel:2.0.25Linux Kernel 2.0.25
cpe:/o:linux:linux_kernel:2.6.11:rc3Linux Kernel 2.6.11 Release Candidate 3
cpe:/o:linux:linux_kernel:2.6.12:rc4Linux Kernel 2.6.12 Release Candidate 4
cpe:/o:linux:linux_kernel:2.0.24Linux Kernel 2.0.24
cpe:/o:linux:linux_kernel:2.6.11:rc4Linux Kernel 2.6.11 Release Candidate 4
cpe:/o:linux:linux_kernel:2.6.12:rc1Linux Kernel 2.6.12 Release Candidate 1
cpe:/o:linux:linux_kernel:2.2.9Linux Kernel 2.2.9
cpe:/o:linux:linux_kernel:2.0.19Linux Kernel 2.0.19
cpe:/o:linux:linux_kernel:2.2.8Linux Kernel 2.2.8
cpe:/o:linux:linux_kernel:2.6.11:rc2Linux Kernel 2.6.11 Release Candidate 2
cpe:/o:linux:linux_kernel:2.4.31:pre1Linux Kernel 2.4.31 pre1
cpe:/o:linux:linux_kernel:2.4.30Linux Kernel 2.4.30
cpe:/o:linux:linux_kernel:2.2.3Linux Kernel 2.2.3
cpe:/o:linux:linux_kernel:2.2.2Linux Kernel 2.2.2
cpe:/o:linux:linux_kernel:2.2.7Linux Kernel 2.2.7
cpe:/o:linux:linux_kernel:2.2.6Linux Kernel 2.2.6
cpe:/o:linux:linux_kernel:2.2.1Linux Kernel 2.2.1
cpe:/o:linux:linux_kernel:2.2.0Linux Kernel 2.2
cpe:/o:linux:linux_kernel:2.2.5Linux Kernel 2.2.5
cpe:/o:linux:linux_kernel:2.2.4Linux Kernel 2.2.4
cpe:/o:linux:linux_kernel:2.2.27:rc2Linux Kernel 2.2.27 rc2
cpe:/o:linux:linux_kernel:2.4.0:test12Linux Kernel 2.4.0 test12
cpe:/o:linux:linux_kernel:2.4.0:test11Linux Kernel 2.4.0 test11
cpe:/o:linux:linux_kernel:2.5.12Linux Kernel 2.5.12
cpe:/o:linux:linux_kernel:2.5.13Linux Kernel 2.5.13
cpe:/o:linux:linux_kernel:2.5.14Linux Kernel 2.5.14
cpe:/o:linux:linux_kernel:2.5.15Linux Kernel 2.5.15
cpe:/o:linux:linux_kernel:2.5.16Linux Kernel 2.5.16
cpe:/o:linux:linux_kernel:2.5.17Linux Kernel 2.5.17
cpe:/o:linux:linux_kernel:2.5.10Linux Kernel 2.5.10
cpe:/o:linux:linux_kernel:2.5.11Linux Kernel 2.5.11
cpe:/o:linux:linux_kernel:2.4.0:test10Linux Kernel 2.4.0 test10
cpe:/o:linux:linux_kernel:2.5.18Linux Kernel 2.5.18
cpe:/o:linux:linux_kernel:2.5.19Linux Kernel 2.5.19
cpe:/o:linux:linux_kernel:2.5.67Linux Kernel 2.5.67
cpe:/o:linux:linux_kernel:2.5.68Linux Kernel 2.5.68
cpe:/o:linux:linux_kernel:2.5.61Linux Kernel 2.5.61
cpe:/o:linux:linux_kernel:2.5.62Linux Kernel 2.5.62
cpe:/o:linux:linux_kernel:2.5.63Linux Kernel 2.5.63
cpe:/o:linux:linux_kernel:2.5.64Linux Kernel 2.5.64
cpe:/o:linux:linux_kernel:2.5.69Linux Kernel 2.5.69
cpe:/o:linux:linux_kernel:2.5.65Linux Kernel 2.5.65
cpe:/o:linux:linux_kernel:2.5.66Linux Kernel 2.5.66
cpe:/o:linux:linux_kernel:2.4.29:rc2Linux Kernel 2.4.29 rc2
cpe:/o:linux:linux_kernel:2.5.60Linux Kernel 2.5.60
cpe:/o:linux:linux_kernel:2.4.29:rc1Linux Kernel 2.4.29 rc1
cpe:/o:linux:linux_kernel:2.6_test9_cvs
cpe:/o:linux:linux_kernel:2.2.15_pre20

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10647Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access po...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0178
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0178
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200503-068
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
(VENDOR_ADVISORY)  CONECTIVA  CLA-2005:930
http://linux.bkbits.net:8080/linux-2.6/cset@41ddda70CWJb5nNL71T4MOlG2sMG8A
(VENDOR_ADVISORY)  CONFIRM  http://linux.bkbits.net:8080/linux-2.6/cset@41ddda70CWJb5nNL71T4MOlG2sMG8A
http://marc.info/?l=full-disclosure&m=110846102231365&w=2
(UNKNOWN)  BUGTRAQ  20050215 [USN-82-1] Linux kernel vulnerabilities
http://www.redhat.com/support/errata/RHSA-2005-092.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:092
http://www.securityfocus.com/bid/12598
(UNKNOWN)  BID  12598

- 漏洞信息

Linux setsid函数 拒绝服务攻击漏洞
中危 资料不足
2005-03-07 00:00:00 2007-05-16 00:00:00
本地  
        Linux 2.6.8.1之前版本的setsid函数中存在竞争状态,本地用户可以实施拒绝服务攻击(崩溃),并且有可能访问TTY更改、锁定和信号灯相关的部分内核内存。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        RedHat Fedora Core1
        RedHat kernel-2.4.22-1.2199.5.legacy.nptl.athlon.rpm
        Fedora Core 1:
        http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1 .2199.5.legacy.nptl.athlon.rpm
        RedHat kernel-2.4.22-1.2199.5.legacy.nptl.i586.rpm
        Fedora Core 1:
        http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1 .2199.5.legacy.nptl.i586.rpm
        RedHat kernel-2.4.22-1.2199.5.legacy.nptl.i686.rpm
        Fedora Core 1:
        http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1 .2199.5.legacy.nptl.i686.rpm
        RedHat kernel-BOOT-2.4.22-1.2199.5.legacy.nptl.i386.rpm
        Fedora Core 1:
        http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-BOOT-2.4 .22-1.2199.5.legacy.nptl.i386.rpm
        RedHat kernel-doc-2.4.22-1.2199.5.legacy.nptl.i386.rpm
        Fedora Core 1:
        http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-doc-2.4. 22-1.2199.5.legacy.nptl.i386.rpm
        RedHat kernel-smp-2.4.22-1.2199.5.legacy.nptl.athlon.rpm
        Fedora Core 1:
        http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4. 22-1.2199.5.legacy.nptl.athlon.rpm
        RedHat kernel-smp-2.4.22-1.2199.5.legacy.nptl.i586.rpm
        Fedora Core 1:
        http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4. 22-1.2199.5.legacy.nptl.i586.rpm
        RedHat kernel-smp-2.4.22-1.2199.5.legacy.nptl.i686.rpm
        Fedora Core 1:
        http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4. 22-1.2199.5.legacy.nptl.i686.rpm
        RedHat kernel-source-2.4.22-1.2199.5.legacy.nptl.i386.rpm
        Fedora Core 1:
        http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-source-2 .4.22-1.2199.5.legacy.nptl.i386.rpm
        

- 漏洞信息 (F36188)

Ubuntu Security Notice 82-1 (PacketStormID:F36188)
2005-02-25 00:00:00
Ubuntu  ubuntu.com
advisory,remote,overflow,kernel
linux,ubuntu
CVE-2005-0176,CVE-2005-0177,CVE-2005-0178
[点击下载]

Ubuntu Security Notice USN-82-1 - The Linux kernel suffers from various flaws. Michael Kerrisk noticed insufficient permission checking in the shmctl() function. OGAWA Hirofumi noticed that the table sizes in nls_ascii.c were incorrectly set to 128 instead of 256. This caused a buffer overflow in some cases which could be exploited to crash the kernel. David Coulson noticed a design flaw in the netfilter/iptables module. By sending specially crafted packets, a remote attacker could exploit this to crash the kernel or to bypass firewall rules.

===========================================================
Ubuntu Security Notice USN-82-1		  February 15, 2005
linux-source-2.6.8.1 vulnerabilities
CAN-2005-0176, CAN-2005-0177, CAN-2005-0178
http://oss.sgi.com/archives/netdev/2005-01/msg01036.html
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

linux-image-2.6.8.1-5-386
linux-image-2.6.8.1-5-686
linux-image-2.6.8.1-5-686-smp
linux-image-2.6.8.1-5-amd64-generic
linux-image-2.6.8.1-5-amd64-k8
linux-image-2.6.8.1-5-amd64-k8-smp
linux-image-2.6.8.1-5-amd64-xeon
linux-image-2.6.8.1-5-k7
linux-image-2.6.8.1-5-k7-smp
linux-image-2.6.8.1-5-power3
linux-image-2.6.8.1-5-power3-smp
linux-image-2.6.8.1-5-power4
linux-image-2.6.8.1-5-power4-smp
linux-image-2.6.8.1-5-powerpc
linux-image-2.6.8.1-5-powerpc-smp
linux-source-2.6.8.1

The problem can be corrected by upgrading the affected package to
version 2.6.8.1-16.11. You need to reboot the computer after doing a
standard system upgrade to effect the necessary changes. 

ATTENTION: Due to an unavoidable ABI change this kernel got a new
version number, which requires to recompile and reinstall all third
party kernel modules you might have installed. If you use
linux-restricted-modules, you have to update that package as well to
get modules which work with the new kernel version. 

Details follow:

CAN-2004-0176:

  Michael Kerrisk noticed an insufficient permission checking in the
  shmctl() function. Any process was permitted to lock/unlock any
  System V shared memory segment that fell within the the
  RLIMIT_MEMLOCK limit (that is the maximum size of shared memory that
  unprivileged users can acquire). This allowed am unprivileged user
  process to unlock locked memory of other processes, thereby allowing
  them to be swapped out.  Usually locked shared memory is used to
  store passphrases and other sensitive content which must not be
  written to the swap space (where it could be read out even after a
  reboot).

CAN-2005-0177:

  OGAWA Hirofumi noticed that the table sizes in nls_ascii.c were
  incorrectly set to 128 instead of 256. This caused a buffer overflow
  in some cases which could be exploited to crash the kernel.

CAN-2005-0178:

  A race condition was found in the terminal handling of the
  "setsid()" function, which is used to start new process sessions.

http://oss.sgi.com/archives/netdev/2005-01/msg01036.html:

  David Coulson noticed a design flaw in the netfilter/iptables module.
  By sending specially crafted packets, a remote attacker could exploit
  this to crash the kernel or to bypass firewall rules.

  Fixing this vulnerability required a change in the Application
  Binary Interface (ABI) of the kernel. This means that third party
  user installed modules might not work any more with the new kernel,
  so this fixed kernel has a new ABI version number. You have to
  recompile and reinstall all third party modules.


Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.11.diff.gz
      Size/MD5:  3131336 018744464a81b26a56e8ebad017a6b92
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.11.dsc
      Size/MD5:     2121 1f9b1a2154269330778491713342f356
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1.orig.tar.gz
      Size/MD5: 44728688 79730a3ad4773ba65fab65515369df84

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-doc-2.6.8.1_2.6.8.1-16.11_all.deb
      Size/MD5:  6157384 1f8e5c04af6b4747b22a955234793868
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-patch-debian-2.6.8.1_2.6.8.1-16.11_all.deb
      Size/MD5:  1487356 84c8210589ecce35d6cc4927947206cf
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.11_all.deb
      Size/MD5: 36721850 700dab7df43c5fdac9d8fa20e5fc463d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-tree-2.6.8.1_2.6.8.1-16.11_all.deb
      Size/MD5:   307628 13c78081dbf5937951016cd11aa0c3d9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-generic_2.6.8.1-16.11_amd64.deb
      Size/MD5:   247484 32e97a0231fe15be3e401b54d17287b6
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-k8-smp_2.6.8.1-16.11_amd64.deb
      Size/MD5:   243346 3ebff9280b5ad3149d31b1e104ac234d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-k8_2.6.8.1-16.11_amd64.deb
      Size/MD5:   246658 aefe96c821df4eab05865481d9a9b492
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-xeon_2.6.8.1-16.11_amd64.deb
      Size/MD5:   241658 3cdb542a8697652f26c3d4da698caa2c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5_2.6.8.1-16.11_amd64.deb
      Size/MD5:  3178600 8a3beb8ab0f2405524d6f25d5c991e4a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-generic_2.6.8.1-16.11_amd64.deb
      Size/MD5: 14353492 d5d99134c044eeb6db3705a371846129
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-k8-smp_2.6.8.1-16.11_amd64.deb
      Size/MD5: 14829272 fe97d55924252a32e7a5998fcb7f219d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-k8_2.6.8.1-16.11_amd64.deb
      Size/MD5: 14862020 4e6fd1ec472e2d71be18e14373cc96a0
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-xeon_2.6.8.1-16.11_amd64.deb
      Size/MD5: 14685336 4dde3f2e54ac2c782ebdb548919c8fa0

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-386_2.6.8.1-16.11_i386.deb
      Size/MD5:   276618 e7515bca01afee669aa8c7d911c91ec9
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-686-smp_2.6.8.1-16.11_i386.deb
      Size/MD5:   271306 1dd684c2fcc4b51e90755d379169da7a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-686_2.6.8.1-16.11_i386.deb
      Size/MD5:   274344 bf6865cc48586f2106d7fe0a4cedabb6
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-k7-smp_2.6.8.1-16.11_i386.deb
      Size/MD5:   271496 d00c94e11d37b9f9a8559871059a8e8e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-k7_2.6.8.1-16.11_i386.deb
      Size/MD5:   274504 c5b8d5d81399cf85f696dbab9cc63f56
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5_2.6.8.1-16.11_i386.deb
      Size/MD5:  3219282 3715432204a5a3bc041a107c3fab36d6
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-386_2.6.8.1-16.11_i386.deb
      Size/MD5: 15495868 83b6105ee396f209626708fdace4b6b0
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-686-smp_2.6.8.1-16.11_i386.deb
      Size/MD5: 16345520 a95573b78fa75c7804717bdae413ae09
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-686_2.6.8.1-16.11_i386.deb
      Size/MD5: 16513502 1fd8522debd671daba5d13426ddfe527
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-k7-smp_2.6.8.1-16.11_i386.deb
      Size/MD5: 16448364 19e0461812d1c04b147cd7417ab37f4a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-k7_2.6.8.1-16.11_i386.deb
      Size/MD5: 16573500 e90a1d65c27a6b4d32c30cafc10d5297

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power3-smp_2.6.8.1-16.11_powerpc.deb
      Size/MD5:   212458 fcd0297e7895434f7c1b8a44be00826c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power3_2.6.8.1-16.11_powerpc.deb
      Size/MD5:   213210 1318790324114b43286969e7d1772f61
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power4-smp_2.6.8.1-16.11_powerpc.deb
      Size/MD5:   212278 6f211474930ebcabf50ce8e486b748c4
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power4_2.6.8.1-16.11_powerpc.deb
      Size/MD5:   212992 dc9c578a1fc49f29a344fc35c62f8dde
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-powerpc-smp_2.6.8.1-16.11_powerpc.deb
      Size/MD5:   212934 49c3817461c65f51c98fec71d7a2171a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-powerpc_2.6.8.1-16.11_powerpc.deb
      Size/MD5:   214312 2fcedb0aa0bf9ed2e260943eb3b5d03f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5_2.6.8.1-16.11_powerpc.deb
      Size/MD5:  3296508 9b9dc2b9adc886bb5608e9ec1e8a61b6
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power3-smp_2.6.8.1-16.11_powerpc.deb
      Size/MD5: 16367592 d68479b96cb67d53266a596df49274b1
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power3_2.6.8.1-16.11_powerpc.deb
      Size/MD5: 15942424 fc5c150813918c651d574facc3cc1e28
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power4-smp_2.6.8.1-16.11_powerpc.deb
      Size/MD5: 16354802 ba375b1b58c7d2f66da79f4f5b9143a8
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power4_2.6.8.1-16.11_powerpc.deb
      Size/MD5: 15926092 3023e8dfcc225a5a05d3cfd4ff8f0e81
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-powerpc-smp_2.6.8.1-16.11_powerpc.deb
      Size/MD5: 16289236 ce61fec3ae189560596423ebe8beddd4
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-powerpc_2.6.8.1-16.11_powerpc.deb
      Size/MD5: 15976204 3ca936e410bdb73e3c79490efd155928
    

- 漏洞信息

13849
Linux Kernel setsid() Function Race Condition

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-02-15 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站