CVE-2005-0180
CVSS3.6
发布时间 :2005-03-07 00:00:00
修订时间 :2016-11-18 21:59:21
NMCOS    

[原文]Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copy_from_user and copy_to_user functions.


[CNNVD]Linux内核 整数溢出漏洞(CNNVD-200503-070)

        Linux 2.6.x scsi_ioctl.c的sg_scsi_ioctl函数存在多个整数符号错误,本地用户可以通过scsi ioctl参数中的负整数读取或修改内核内存,这些负整数在调用copy_from_user和copy_to_user函数之前可绕过最大长度检查。

- CVSS (基础分值)

CVSS分值: 3.6 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.6.8.1Linux Kernel 2.6.8.1
cpe:/o:linux:linux_kernel:2.6.11:rc4Linux Kernel 2.6.11 Release Candidate 4
cpe:/o:linux:linux_kernel:2.6.12:rc1Linux Kernel 2.6.12 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.11:rc3Linux Kernel 2.6.11 Release Candidate 3
cpe:/o:linux:linux_kernel:2.6.12:rc4Linux Kernel 2.6.12 Release Candidate 4
cpe:/o:linux:linux_kernel:2.6.6Linux Kernel 2.6.6
cpe:/o:linux:linux_kernel:2.6.7Linux Kernel 2.6.7
cpe:/o:linux:linux_kernel:2.6.11Linux Kernel 2.6.11
cpe:/o:linux:linux_kernel:2.6.6:rc1Linux Kernel 2.6.6 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.7:rc1Linux Kernel 2.6.7 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.9:2.6.20
cpe:/o:linux:linux_kernel:2.6.8:rc2Linux Kernel 2.6.8 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.0:test5Linux Kernel 2.6 test5
cpe:/o:linux:linux_kernel:2.6.0:test2Linux Kernel 2.6 test2
cpe:/o:linux:linux_kernel:2.6.11.4Linux Kernel 2.6.11.4
cpe:/o:linux:linux_kernel:2.6.0:test4Linux Kernel 2.6 test4
cpe:/o:linux:linux_kernel:2.6.11.5Linux Kernel 2.6.11.5
cpe:/o:linux:linux_kernel:2.6.0:test9Linux Kernel 2.6 test9
cpe:/o:linux:linux_kernel:2.6.1:rc2Linux Kernel 2.6.1 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.11.2Linux Kernel 2.6.11.2
cpe:/o:linux:linux_kernel:2.6.4Linux Kernel 2.6.4
cpe:/o:linux:linux_kernel:2.6.0:test6Linux Kernel 2.6 test6
cpe:/o:linux:linux_kernel:2.6.1:rc1Linux Kernel 2.6.1 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.11.3Linux Kernel 2.6.11.3
cpe:/o:linux:linux_kernel:2.6.5Linux Kernel 2.6.5
cpe:/o:linux:linux_kernel:2.6.0:test3Linux Kernel 2.6 test3
cpe:/o:linux:linux_kernel:2.6.11.8Linux Kernel 2.6.11.8
cpe:/o:linux:linux_kernel:2.6.0:test8Linux Kernel 2.6 test8
cpe:/o:linux:linux_kernel:2.6.11:rc2Linux Kernel 2.6.11 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.11.6Linux Kernel 2.6.11.6
cpe:/o:linux:linux_kernel:2.6.8Linux Kernel 2.6.8
cpe:/o:linux:linux_kernel:2.6_test9_cvs
cpe:/o:linux:linux_kernel:2.6.11.7Linux Kernel 2.6.11.7
cpe:/o:linux:linux_kernel:2.6.0:test7Linux Kernel 2.6 test7
cpe:/o:linux:linux_kernel:2.6.10:rc2Linux Kernel 2.6.10 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.0:test1Linux Kernel 2.6 test1
cpe:/o:linux:linux_kernel:2.6.0:test11Linux Kernel 2.6 test11
cpe:/o:linux:linux_kernel:2.6.11.1Linux Kernel 2.6.11.1
cpe:/o:linux:linux_kernel:2.6.0:test10Linux Kernel 2.6 test10
cpe:/o:linux:linux_kernel:2.6.8:rc1Linux Kernel 2.6.8 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.10Linux Kernel 2.6.10
cpe:/o:linux:linux_kernel:2.6.2Linux Kernel 2.6.2
cpe:/o:linux:linux_kernel:2.6.8:rc3Linux Kernel 2.6.8 Release Candidate 3
cpe:/o:linux:linux_kernel:2.6.3Linux Kernel 2.6.3
cpe:/o:linux:linux_kernel:2.6.0Linux Kernel 2.6.0
cpe:/o:linux:linux_kernel:2.6.1Linux Kernel 2.6.1

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10667Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0180
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0180
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200503-070
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
(VENDOR_ADVISORY)  CONECTIVA  CLA-2005:930
http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html
(VENDOR_ADVISORY)  FULLDISC  20050107 grsecurity 2.1.0 release / 5 Linux kernel advisories
http://www.mandriva.com/security/advisories?name=MDKSA-2005:218
(UNKNOWN)  MANDRAKE  MDKSA-2005:218
http://www.redhat.com/support/errata/RHSA-2005-092.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:092
http://www.securityfocus.com/archive/1/386374
(UNKNOWN)  BUGTRAQ  20050107 grsecurity 2.1.0 release / 5 Linux kernel advisories
http://www.securityfocus.com/bid/12198
(UNKNOWN)  BID  12198

- 漏洞信息

Linux内核 整数溢出漏洞
低危 边界条件错误
2005-03-07 00:00:00 2005-10-20 00:00:00
本地  
        Linux 2.6.x scsi_ioctl.c的sg_scsi_ioctl函数存在多个整数符号错误,本地用户可以通过scsi ioctl参数中的负整数读取或修改内核内存,这些负整数在调用copy_from_user和copy_to_user函数之前可绕过最大长度检查。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Linux kernel 2.6.3
        Mandriva kernel-2.6.3.29mdk-1-1mdk.i586.rpm
        Corporate 3.0:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-2.6.3.29mdk-1-1mdk.x86_64.rpm
        Corporate 3.0/X86_64:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-enterprise-2.6.3.29mdk-1-1mdk.i586.rpm
        Corporate 3.0:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-i686-up-4GB-2.6.3.29mdk-1-1mdk.i586.rpm
        Corporate 3.0:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-p3-smp-64GB-2.6.3.29mdk-1-1mdk.i586.rpm
        Corporate 3.0:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-secure-2.6.3.29mdk-1-1mdk.i586.rpm
        Corporate 3.0:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-secure-2.6.3.29mdk-1-1mdk.x86_64.rpm
        Corporate 3.0/X86_64:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-smp-2.6.3.29mdk-1-1mdk.i586.rpm
        Corporate 3.0:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-smp-2.6.3.29mdk-1-1mdk.x86_64.rpm
        Corporate 3.0/X86_64:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-source-2.6.3-29mdk.i586.rpm
        Corporate 3.0:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-source-2.6.3-29mdk.x86_64.rpm
        Corporate 3.0/X86_64:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-source-stripped-2.6.3-29mdk.i586.rpm
        Corporate 3.0:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-source-stripped-2.6.3-29mdk.x86_64.rpm
        Corporate 3.0/X86_64:
        http://www1.mandrivalinux.com/en/ftp.php3
        Linux kernel 2.6.4
        SuSE kernel-bigsmp-2.6.5-7.147.i586.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-bigsmp-2.6 .5-7.147.i586.rpm
        SuSE kernel-default-2.6.5-7.147.i586.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-default-2. 6.5-7.147.i586.rpm
        SuSE kernel-default-2.6.5-7.147.x86_64.rpm
        ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-defaul t-2.6.5-7.147.x86_64.rpm
        SuSE kernel-docs-2.6.5-7.147.noarch.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/noarch/kernel-docs-2.6 .5-7.147.noarch.rpm
        SuSE kernel-smp-2.6.5-7.147.i586.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-smp-2.6.5- 7.147.i586.rpm
        SuSE kernel-smp-2.6.5-7.147.x86_64.rpm
        ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-smp-2. 6.5-7.147.x86_64.rpm
        SuSE kernel-source-2.6.5-7.147.i586.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-source-2.6 .5-7.147.i586.rpm
        SuSE kernel-source-2.6.5-7.147.x86_64.rpm
        ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-source -2.6.5-7.147.x86_64.rpm
        SuSE kernel-syms-2.6.5-7.147.i586.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-syms-2.6.5 -7.147.i586.rpm
        SuSE kernel-syms-2.6.5-7.147.x86_64.rpm
        ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-syms-2 .6.5-7.147.x86_64.rpm
        SuSE ltmodem-2.6.2-38.13.i586.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/ltmodem-2.6.2-38. 13.i586.rpm
        Linux kernel 2.6.5
        Fedora kernel-2.6.10-1.8_FC2.i586.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora kernel-2.6.10-1.8_FC2.i686.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora kernel-2.6.10-1.8_FC2.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora kernel-debuginfo-2.6.10-1.8_FC2.i586.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora kernel-debuginfo-2.6.10-1.8_FC2.i686.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora kernel-debuginfo-2.6.10-1.8_FC2.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora kernel-doc-2.6.10-1.8_FC2.noarch.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora kernel-smp-2.6.10-1.8_FC2.i586.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora kernel-smp-2.6.10-1.8_FC2.i686.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora kernel-smp-2.6.10-1.8_FC2.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora kernel-sourcecode-2.6.10-1.8_FC2.noarch.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        SuSE kernel-bigsmp-2.6.5-7.111.30.i586.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-bigsmp-2.6 .5-7.111.30.i586.rpm
        SuSE kernel-default-2.6.5-7.111.30.i586.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-default-2. 6.5-7.111.30.i586.rpm
        SuSE kernel-default-2.6.5-7.111.30.x86_64.rpm
        ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-defaul t-2.6.5-7.111.30.x86_64.rpm
        SuSE kernel-smp-2.6.5-7.111.30.i586.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-smp-2.6.5- 7.111.30.i586.rpm
        SuSE kernel-smp-2.6.5-7.111.30.x86_64.rpm
        ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-smp-2. 6.5-7.111.30.x86_64.rpm
        SuSE kernel-source-2.6.5-7.111.30.i586.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-source-2.6 .5-7.111.30.i586.rpm
        SuSE kernel-source-2.6.5-7.111.30.x86_64.rpm
        ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-source -2.6.5-7.111.30.x86_64.rpm
        Linux kernel 2.6.8 rc1
        Mandriva kernel-2.6.8.1.26mdk-1-1mdk.i586.rpm
        Mandriva Linux 10.1:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-2.6.8.1.26mdk-1-1mdk.x86_64.rpm
        Mandriva Linux 10.1/X86_64:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-enterprise-2.6.8.1.26mdk-1-1mdk.i586.rpm
        Mandriva Linux 10.1:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-i586-up-1GB-2.6.8.1.26mdk-1-1mdk.i586.rpm
        Mandriva Linux 10.1:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-i686-up-64GB-2.6.8.1.26mdk-1-1mdk.i586.rpm
        Mandriva Linux 10.1:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-secure-2.6.8.1.26mdk-1-1mdk.i586.rpm
        Mandriva Linux 10.1:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-secure-2.6.8.1.26mdk-1-1mdk.x86_64.rpm
        Mandriva Linux 10.1/X86_64:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-smp-2.6.8.1.26mdk-1-1mdk.i586.rpm
        Mandriva Linux 10.1:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-smp-2.6.8.1.26mdk-1-1mdk.x86_64.rpm
        Mandriva Linux 10.1/X86_64:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-source-2.6-2.6.8.1-26mdk.i586.rpm
        Mandriva Linux 10.1:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-source-2.6-2.6.8.1-26mdk.x86_64.rpm
        Mandriva Linux 10.1/X86_64:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-source-stripped-2.6-2.6.8.1-26mdk.i586.rpm
        Mandriva Linux 10.1:
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva kernel-source-stripped-2.6-2.6.8.1-26mdk.x86_64.rpm
        Mandriva Linux 10.1/X86_64:
        http://www1.mandrivalinux.com/en/ftp.php3
        Linux kernel 2.6.8
        SuSE kernel-bigsmp-2.6.8-24.11.i586.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-bigsmp-2.6 .8-24.11.i586.rpm
        SuSE kernel-default-2.6.8-24.11.i586.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-default-2. 6.8-24.11.i586.rpm
        SuSE kernel-default-2.6.8-24.11.x86_64.rpm
        ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/kernel-defaul t-2.6.8-24.11.x86_64.rpm
        SuSE kernel-smp-2.6.8-24.11.i586.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-smp-2.6.8- 24.11.i586.rpm
        SuSE kernel-smp-2.6.8-24.11.x86_64.rpm
        ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/kernel-smp-2. 6.8-24.11.x86_64.rpm
        SuSE kernel-source-2.6.8-24.11.i586.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-source-2.6 .8-24.11.i586.rpm
        SuSE kernel-source-2.6.8-24.11.x86_64.rpm
        ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/kernel-source -2.6.8-24.11.x86_64.rpm
        Linux kernel 2.6.9
        Fedora kernel-2.6.10-1.737_FC3.i586.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora kernel-2.6.10-1.737_FC3.i686.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora kernel-2.6.10-1.737_FC3.x

- 漏洞信息

12836
Linux Kernel scsi_ioctl.c sg_scsi_ioctl() Overflow
Local Access Required Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

A local overflow exists in the Linux kernel. The sg_scsi_ioctl() function fails to validate user-supplied integer values resulting in an integer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2005-01-07 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

Linux Kernel SCSI IOCTL Integer Overflow Vulnerability
Boundary Condition Error 12198
No Yes
2005-01-07 12:00:00 2009-07-12 09:27:00
Discovery of this vulnerability is credited to Brad Spengler <spender@grsecurity.net>.

- 受影响的程序版本

SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux 8.1
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Enterprise Linux AS 4
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Linux kernel 2.6.10 rc2
Linux kernel 2.6.10
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
+ Trustix Secure Linux 3.0
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
Linux kernel 2.6.9
Linux kernel 2.6.8 rc3
Linux kernel 2.6.8 rc2
Linux kernel 2.6.8 rc1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.8
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.7 rc1
Linux kernel 2.6.7
Linux kernel 2.6.6 rc1
Linux kernel 2.6.6
Linux kernel 2.6.5
+ S.u.S.E. Linux Enterprise Server 9
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 2.6.1 -rc2
Linux kernel 2.6.1 -rc1
Linux kernel 2.6.1
Linux kernel 2.6 .10
Linux kernel 2.6 -test9-CVS
Linux kernel 2.6 -test9
Linux kernel 2.6 -test8
Linux kernel 2.6 -test7
Linux kernel 2.6 -test6
Linux kernel 2.6 -test5
Linux kernel 2.6 -test4
Linux kernel 2.6 -test3
Linux kernel 2.6 -test2
Linux kernel 2.6 -test11
Linux kernel 2.6 -test10
Linux kernel 2.6 -test1
Linux kernel 2.6

- 漏洞讨论

The Linux Kernel is reported prone to a local integer overflow vulnerability. The issue occurs in the 'sg_scsi_ioctl' function of the 'scsi_ioctl.c' kernel driver.

The vulnerability exists due to a lack of sufficient sanitization performed on user-controlled integer values before these values are employed as the size argument of a user-land to kernel memory copy operation.

This vulnerability may be leveraged to corrupt kernel memory and ultimately execute arbitrary code with ring-0 privileges. Alternatively, the issue may be exploited to trigger a kernel panic or to disclose contents of kernel memory.

It is reported that a user must have access to the respective SCSI devices in order to exploit this issue. This may hinder exploitability.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

SuSE has released a security announcement (SUSE-SA:2005:003) and fixes to address the vulnerability described in this BID and also other vulnerabilities. Customers are advised to peruse the referenced announcement for further details in regard to obtaining and applying appropriate fixes.

RedHat has released two advisories called FEDORA-2005-013 and FEDORA-2005-014 to address this, and other issues for Fedora Core 2 and 3. Please see the referenced advisories for further information.

Red Hat has released advisory RHSA-2005:092-14 to address various issues in the kernel. Please see the advisory in Web references for more information.

SuSE has released security advisory SUSE-SA:2005:010 dealing with an issue that has arisen due to a broken patch previously released. Apparently due to various new checks being performed computers running an NVidia graphics card may experience a denial of service condition when X Windows is started. This issue affects SuSE Linux 9.1, SuSE Linux Enterprise Server 9, and Novell Linux Desktop 9.

Mandriva has released advisory MDKSA-2005:218 to address various issues affecting the Linux Kernel. Please see the referenced advisory for more information.

Mandriva has released advisory MDKSA-2005:219 to address various issues affecting the Linux Kernel in Mandrake Linux 10.1. Please see the referenced advisory for more information.


Linux kernel 2.6.3

Linux kernel 2.6.4

Linux kernel 2.6.5

Linux kernel 2.6.8 rc1

Linux kernel 2.6.8

Linux kernel 2.6.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站