CVE-2005-0529
CVSS2.1
发布时间 :2005-05-02 00:00:00
修订时间 :2016-10-17 23:12:22
NMCOS    

[原文]Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset arguments to the proc_file_read and locks_read_proc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positive context.


[CNNVD]Linux内核多个本地缓冲区溢出和内存泄露漏洞(CNNVD-200505-677)

        Linux kernel 2.6.10和2.6.11rc1-bk6对proc_file_read和locks_read_proc函数使用不同大小类型的偏移量参数,这引起当一个带符号比较导致正数环境中使用负数时基于栈的缓冲区溢出。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.6.11_rc1_bk6
cpe:/o:linux:linux_kernel:2.6.10Linux Kernel 2.6.10

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:8994Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset arguments to the proc_file_read and locks_read_proc functions, wh...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0529
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0529
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-677
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
(UNKNOWN)  CONECTIVA  CLA-2005:930
http://linux.bkbits.net:8080/linux-2.6/cset@4201818eC6aMn0x3GY_9rw3ueb2ZWQ
(UNKNOWN)  CONFIRM  http://linux.bkbits.net:8080/linux-2.6/cset@4201818eC6aMn0x3GY_9rw3ueb2ZWQ
http://marc.info/?l=bugtraq&m=111091402626556&w=2
(UNKNOWN)  BUGTRAQ  20050315 [USN-95-1] Linux kernel vulnerabilities
http://marc.info/?l=full-disclosure&m=110846727602817&w=2
(UNKNOWN)  FULLDISC  20050215 linux kernel 2.6 fun. windoze is a joke
http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
(PATCH)  MISC  http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
http://www.novell.com/linux/security/advisories/2005_18_kernel.html
(UNKNOWN)  SUSE  SUSE-SA:2005:018
http://www.redhat.com/support/errata/RHSA-2005-366.html
(UNKNOWN)  REDHAT  RHSA-2005:366

- 漏洞信息

Linux内核多个本地缓冲区溢出和内存泄露漏洞
低危 缓冲区溢出
2005-05-02 00:00:00 2005-10-20 00:00:00
本地  
        Linux kernel 2.6.10和2.6.11rc1-bk6对proc_file_read和locks_read_proc函数使用不同大小类型的偏移量参数,这引起当一个带符号比较导致正数环境中使用负数时基于栈的缓冲区溢出。

- 公告与补丁

        暂无数据

- 漏洞信息

13818
Linux Kernel /proc locks_read_proc() Function Overflow
Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-02-15 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux Kernel Multiple Local Buffer Overflow And Memory Disclosure Vulnerabilities
Boundary Condition Error 12555
No Yes
2005-02-15 12:00:00 2009-07-12 10:06:00
<airlied@starflyer.(none)>, Jean Delvare, and Georgi Guninski are credited with the discovery of these issues.

- 受影响的程序版本

RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Enterprise Linux AS 4
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
Linux kernel 2.6.11 -rc3
Linux kernel 2.6.11 -rc2
Linux kernel 2.6.10 rc2
Linux kernel 2.6.10
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
+ Trustix Secure Linux 3.0
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
Linux kernel 2.6.9
Linux kernel 2.6.8 rc3
Linux kernel 2.6.8 rc2
Linux kernel 2.6.8 rc1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.8
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.7 rc1
Linux kernel 2.6.7
Linux kernel 2.6.6 rc1
Linux kernel 2.6.6
Linux kernel 2.6.5
+ S.u.S.E. Linux Enterprise Server 9
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 2.6.1 -rc2
Linux kernel 2.6.1 -rc1
Linux kernel 2.6.1
Linux kernel 2.6 .10
Linux kernel 2.6
Conectiva Linux 10.0
ALT Linux ALT Linux Junior 2.3
ALT Linux ALT Linux Compact 2.3
Linux kernel 2.6.11 -rc4

- 不受影响的程序版本

Linux kernel 2.6.11 -rc4

- 漏洞讨论

Multiple local buffer overflow and memory disclosure vulnerabilities affect the Linux kernel. These issues are due to a failure to securely copy user-controlled data, a race condition error, and a failure to secure memory written by the kernel.

The first issue is a buffer overflow vulnerability in the procfs functionality. The second issue is a kernel memory disclosure vulnerability. The third issue is a race condition error in the Radeon driver that leads to a potential buffer overflow condition. The fourth issue is a buffer overflow vulnerability in the i2c-viapro driver.

A local attacker may leverage these issues to execute arbitrary code, potentially facilitating privilege escalation, and to disclose sensitive kernel memory.

- 漏洞利用

Exploits have been released for the procfs buffer overflow and the kernel memory disclosure issues. These exploits can be viewed at the following location:

http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html

- 解决方案

The vendor has released fixes dealing with these issues.

Conectiva has released a security advisory (CLA-2005:945) and fixes to address these and other issues. Please see the referenced advisory for further information regarding obtaining and applying appropriate updates.

ALT Linux has released updates dealing with this and other issues. Please see the reference section for more information.

RedHat has released an advisory (FEDORA-2005-262) and fixes for Fedora Core 2. Please see the referenced advisory for further information.

Conectiva has released a security advisory (CLA-2005:930) and fixes to address these and other issues. Please see the referenced advisory for further information regarding obtaining and applying appropriate updates.

SuSE has released summary report SUSE-SR:2005:006 mainly to address vulnerabilities described in other BIDs. However, in the addendum of this advisory, it is reported that fixes for the issues described in this BID are pending release. Customers are advised to see the referenced advisory for further information.

Ubuntu has released advisory USN-95-1 to address these issues. Please see the referenced advisory for more information.

SuSE Linux has released advisory SUSE-SA:2005:018 along with fixes dealing with this and other issues. Please see the referenced advisory for more information.

RedHat has released advisory FEDORA-2005-313 to address this issue for Fedora Core 3. Please see the referenced advisory for further information.

RedHat has released advisory RHSA-2005:366-19 to address this, and other issues in RedHat Enterprise Linux 4, and RedHat Desktop 4 operating systems. Please see the referenced advisory for further information.

Mandriva Linux has released advisories MDKSA-2005:110 and MDKSA-2005:111 addressing this issue. Please see the referenced advisory for further information.


Linux kernel 2.6.10 rc2

Linux kernel 2.6.10

Linux kernel 2.6.11 -rc3

Linux kernel 2.6.11 -rc2

Linux kernel 2.6.4

Linux kernel 2.6.5

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站