CVE-2005-0204
CVSS2.1
发布时间 :2005-05-02 00:00:00
修订时间 :2010-08-21 00:25:39
NMCOS    

[原文]Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T architectures, allows local users to write to privileged IO ports via the OUTS instruction.


[CNNVD]Linux Kernel 权限管理和访问控制漏洞(CNNVD-200505-416)

        Linux kernel 2.6.9之前的版本,在运行于AMD64和Intel EM64T体系架构下时,允许本地用户通过OUTS指令向需要权限的IO端口写入。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.6.3Linux Kernel 2.6.3
cpe:/o:linux:linux_kernel:2.6.1Linux Kernel 2.6.1
cpe:/o:linux:linux_kernel:2.6.8Linux Kernel 2.6.8
cpe:/o:linux:linux_kernel:2.6.5Linux Kernel 2.6.5
cpe:/o:linux:linux_kernel:2.6.2Linux Kernel 2.6.2
cpe:/o:linux:linux_kernel:2.6.8.1Linux Kernel 2.6.8.1
cpe:/o:linux:linux_kernel:2.6.7Linux Kernel 2.6.7
cpe:/o:linux:linux_kernel:2.6.0Linux Kernel 2.6.0
cpe:/o:linux:linux_kernel:2.6.6Linux Kernel 2.6.6
cpe:/o:linux:linux_kernel:2.6.4Linux Kernel 2.6.4

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10320Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0204
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0204
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-416
(官方数据源) CNNVD

- 其它链接及资源

http://www.redhat.com/support/errata/RHSA-2005-092.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:092
http://www.trustix.org/errata/2006/0006
(UNKNOWN)  TRUSTIX  2006-0006
http://www.securityfocus.com/bid/12598
(UNKNOWN)  BID  12598
http://www.redhat.com/support/errata/RHSA-2005-293.html
(UNKNOWN)  REDHAT  RHSA-2005:293
http://secunia.com/advisories/18784
(VENDOR_ADVISORY)  SECUNIA  18784

- 漏洞信息

Linux Kernel 权限管理和访问控制漏洞
低危 其他
2005-05-02 00:00:00 2009-08-15 00:00:00
本地  
        Linux kernel 2.6.9之前的版本,在运行于AMD64和Intel EM64T体系架构下时,允许本地用户通过OUTS指令向需要权限的IO端口写入。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        RedHat Fedora Core1
        RedHat kernel-2.4.22-1.2199.5.legacy.nptl.athlon.rpm
        Fedora Core 1:
        http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1 .2199.5.legacy.nptl.athlon.rpm
        RedHat kernel-2.4.22-1.2199.5.legacy.nptl.i586.rpm
        Fedora Core 1:
        http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1 .2199.5.legacy.nptl.i586.rpm
        RedHat kernel-2.4.22-1.2199.5.legacy.nptl.i686.rpm
        Fedora Core 1:
        http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1 .2199.5.legacy.nptl.i686.rpm
        RedHat kernel-BOOT-2.4.22-1.2199.5.legacy.nptl.i386.rpm
        Fedora Core 1:
        http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-BOOT-2.4 .22-1.2199.5.legacy.nptl.i386.rpmRedHat kernel-doc-2.4.22-1.2199.5.legacy.nptl.i386.rpm
        Fedora Core 1:
        http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-doc-2.4. 22-1.2199.5.legacy.nptl.i386.rpm
        RedHat kernel-smp-2.4.22-1.2199.5.legacy.nptl.athlon.rpm
        Fedora Core 1:
        http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4. 22-1.2199.5.legacy.nptl.athlon.rpm
        RedHat kernel-smp-2.4.22-1.2199.5.legacy.nptl.i586.rpm
        Fedora Core 1:
        http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4. 22-1.2199.5.legacy.nptl.i586.rpm
        RedHat kernel-smp-2.4.22-1.2199.5.legacy.nptl.i686.rpm
        Fedora Core 1:
        http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4. 22-1.2199.5.legacy.nptl.i686.rpm
        RedHat kernel-source-2.4.22-1.2199.5.legacy.nptl.i386.rpm
        Fedora Core 1:
        http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-source-2 .4.22-1.2199.5.legacy.nptl.i386.rpm
        Linux kernel 2.6
        Debian kernel-headers-2.6-amd64-generic_103sarge1_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64 /kernel-headers-2.6-amd64-generic_103sarge1_amd64.deb
        Debian kernel-headers-2.6-amd64-k8-smp_103sarge1_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64 /kernel-headers-2.6-amd64-k8-smp_103sarge1_amd64.deb
        Debian kernel-headers-2.6-amd64-k8_103sarge1_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64 /kernel-headers-2.6-amd64-k8_103sarge1_amd64.deb
        Debian kernel-headers-2.6-em64t-p4-smp_103sarge1_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64 /kernel-headers-2.6-em64t-p4-smp_103sarge1_amd64.deb
        Debian kernel-headers-2.6-em64t-p4_103sarge1_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64 /kernel-headers-2.6-em64t-p4_103sarge1_amd64.deb
        Debian kernel-headers-2.6-generic_101sarge1_alpha.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-alpha /kernel-headers-2.6-generic_101sarge1_alpha.deb
        Debian kernel-headers-2.6-itanium-smp_2.6.8-14sarge2_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64 /kernel-headers-2.6-itanium-smp_2.6.8-14sarge2_ia64.deb
        Debian kernel-headers-2.6-itanium_2.6.8-14sarge2_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64 /kernel-headers-2.6-itanium_2.6.8-14sarge2_ia64.deb
        Debian kernel-headers-2.6-smp_101sarge1_alpha.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-alpha /kernel-headers-2.6-smp_101sarge1_alpha.deb
        Debian kernel-headers-2.6-sparc32_101sarge1_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-sparc /kernel-headers-2.6-sparc32_101sarge1_sparc.deb
        Debian kernel-headers-2.6-sparc64-smp_101sarge1_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-sparc /kernel-headers-2.6-sparc64-smp_101sarge1_sparc.deb
        Debian kernel-headers-2.6-sparc64_101sarge1_sparc.deb
        Debian GNU/Linux 3.1 alia

- 漏洞信息

15213
Linux Kernel OUTS Instruction Privileged IO Port Write
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-02-18 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux Kernel Multiple Vulnerabilities
Unknown 12598
No Yes
2005-02-15 12:00:00 2007-03-01 10:26:00
Discovery of these issues is credited to Michael Kerrisk, OGAWA Hirofumi, and David Coulson.

- 受影响的程序版本

Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
SGI ProPack 3.0 SP6
SGI ProPack 3.0 SP5
SGI ProPack 3.0 SP4
SGI ProPack 3.0 SP3
SGI ProPack 3.0 SP2
SGI ProPack 3.0 SP1
SGI ProPack 3.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
Linux kernel 2.6.11 -rc3
Linux kernel 2.6.11 -rc2
Linux kernel 2.6.10 rc2
Linux kernel 2.6.10
Linux kernel 2.6.9
Linux kernel 2.6.8 rc3
Linux kernel 2.6.8 rc2
Linux kernel 2.6.8 rc1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.8
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.7 rc1
Linux kernel 2.6.7
Linux kernel 2.6.6 rc1
Linux kernel 2.6.6
Linux kernel 2.6.5
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 2.6.1 -rc2
Linux kernel 2.6.1 -rc1
Linux kernel 2.6.1
Linux kernel 2.6 .10
Linux kernel 2.6 -test9-CVS
Linux kernel 2.6 -test9
Linux kernel 2.6 -test8
Linux kernel 2.6 -test7
Linux kernel 2.6 -test6
Linux kernel 2.6 -test5
Linux kernel 2.6 -test4
Linux kernel 2.6 -test3
Linux kernel 2.6 -test2
Linux kernel 2.6 -test11
Linux kernel 2.6 -test10
Linux kernel 2.6 -test1
Linux kernel 2.6
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Conectiva Linux 10.0
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya MN100
Avaya Intuity LX
Avaya Integrated Management
Avaya CVLAN
Avaya Converged Communications Server 2.0

- 漏洞讨论

Linux Kernel is reported prone to multiple vulnerabilities. These issues may allow a local attacker to carry out denial-of-service attacks, access kernel memory, and potentially gain elevated privileges.

The following specific issues were identified:

- Reportedly, the filesystem Native Language Support ASCII translation table is affected by a vulnerability that results from the use of incorrect tables sizes. This issue can lead to a crash.

- Another issue affecting the kernel may allow users to unlock arbitrary shared-memory segments.

- Another vulnerability is reported to affect the 'netfilter/iptables' module. An attacker can exploit this issue to crash the kernel or bypass firewall rules.

- Reportedly, a vulnerability affects the OUTS instruction on the AMD64 and Intel EM64T architecture. This issue may lead to privilege escalation.

These issues reportedly affect Linux kernel 2.6.x versions.

Due to lack of details, further information is not available at the moment. This BID will be updated when more information becomes available.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

Please see the referenced vendor advisories for details on obtaining and applying fixes.


Red Hat Fedora Core1

Linux kernel 2.6

Linux kernel 2.6.4

Linux kernel 2.6.8 rc1

Linux kernel 2.6.8

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站