CVE-2005-0815
CVSS6.4
发布时间 :2005-05-02 00:00:00
修订时间 :2011-03-07 21:20:38
NMCOPS    

[原文]Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem.


[CNNVD]Linux ISO9660文件处理多个漏洞(CNNVD-200505-598)

        Linux是一款使用非常广泛的开放源代码操作系统。
        在Linux的2.6.11及之前版本的ISO9660文件系统处理程序中存在几个漏洞,包括DoS到可利用的内存破坏等。在加载特制的文件系统或检查目录时可能会出现这些漏洞。

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.5.42Linux Kernel 2.5.42
cpe:/o:linux:linux_kernel:2.0.28Linux Kernel 2.0.28
cpe:/o:linux:linux_kernel:2.0.31Linux Kernel 2.0.31
cpe:/o:linux:linux_kernel:2.3.99:pre6Linux Kernel 2.3.99 pre6
cpe:/o:linux:linux_kernel:2.0.13Linux Kernel 2.0.13
cpe:/o:linux:linux_kernel:2.5.35Linux Kernel 2.5.35
cpe:/o:linux:linux_kernel:2.3.99:pre3Linux Kernel 2.3.99 pre3
cpe:/o:linux:linux_kernel:2.0.4Linux Kernel 2.0.4
cpe:/o:linux:linux_kernel:2.5.66Linux Kernel 2.5.66
cpe:/o:linux:linux_kernel:2.0.12Linux Kernel 2.0.12
cpe:/o:linux:linux_kernel:2.5.58Linux Kernel 2.5.58
cpe:/o:linux:linux_kernel:2.0.33Linux Kernel 2.0.33
cpe:/o:linux:linux_kernel:2.2.3Linux Kernel 2.2.3
cpe:/o:linux:linux_kernel:2.5.26Linux Kernel 2.5.26
cpe:/o:linux:linux_kernel:2.2.10Linux Kernel 2.2.10
cpe:/o:linux:linux_kernel:2.6.11Linux Kernel 2.6.11
cpe:/o:linux:linux_kernel:2.6.0:test11Linux Kernel 2.6 test11
cpe:/o:linux:linux_kernel:2.2.14Linux Kernel 2.2.14
cpe:/o:linux:linux_kernel:2.5.4Linux Kernel 2.5.4
cpe:/o:linux:linux_kernel:2.3.99Linux Kernel 2.3.99
cpe:/o:linux:linux_kernel:2.5.20Linux Kernel 2.5.20
cpe:/o:linux:linux_kernel:2.5.56Linux Kernel 2.5.56
cpe:/o:linux:linux_kernel:2.3.99:pre4Linux Kernel 2.3.99 pre4
cpe:/o:linux:linux_kernel:2.4.29:rc2Linux Kernel 2.4.29 rc2
cpe:/o:linux:linux_kernel:2.4.12Linux Kernel 2.4.12
cpe:/o:linux:linux_kernel:2.5.65Linux Kernel 2.5.65
cpe:/o:linux:linux_kernel:2.4.0:test8Linux Kernel 2.4.0 test8
cpe:/o:linux:linux_kernel:2.2.7Linux Kernel 2.2.7
cpe:/o:linux:linux_kernel:2.5.0Linux Kernel 2.5.0
cpe:/o:linux:linux_kernel:2.0.18Linux Kernel 2.0.18
cpe:/o:linux:linux_kernel:2.0.30Linux Kernel 2.0.30
cpe:/o:linux:linux_kernel:2.0.14Linux Kernel 2.0.14
cpe:/o:linux:linux_kernel:2.4.19:pre3Linux Kernel 2.4.19 pre3
cpe:/o:linux:linux_kernel:2.4.23_ow2
cpe:/o:linux:linux_kernel:2.2.18Linux Kernel 2.2.18
cpe:/o:linux:linux_kernel:2.5.57Linux Kernel 2.5.57
cpe:/o:linux:linux_kernel:2.1.89Linux Kernel 2.1.89
cpe:/o:linux:linux_kernel:2.2.2Linux Kernel 2.2.2
cpe:/o:linux:linux_kernel:2.4.0:test10Linux Kernel 2.4.0 test10
cpe:/o:linux:linux_kernel:2.0
cpe:/o:linux:linux_kernel:2.0.9Linux Kernel 2.0.9
cpe:/o:linux:linux_kernel:2.5.63Linux Kernel 2.5.63
cpe:/o:linux:linux_kernel:2.4.4Linux Kernel 2.4.4
cpe:/o:linux:linux_kernel:2.4.13Linux Kernel 2.4.13
cpe:/o:linux:linux_kernel:2.5.28Linux Kernel 2.5.28
cpe:/o:linux:linux_kernel:2.5.62Linux Kernel 2.5.62
cpe:/o:linux:linux_kernel:2.0.8Linux Kernel 2.0.8
cpe:/o:linux:linux_kernel:2.0.10Linux Kernel 2.0.10
cpe:/o:linux:linux_kernel:2.5.49Linux Kernel 2.5.49
cpe:/o:linux:linux_kernel:2.4.19:pre4Linux Kernel 2.4.19 pre4
cpe:/o:linux:linux_kernel:2.6.1:rc1Linux Kernel 2.6.1 Release Candidate 1
cpe:/o:linux:linux_kernel:2.4.0:test4Linux Kernel 2.4.0 test4
cpe:/o:linux:linux_kernel:2.4.27:pre4Linux Kernel 2.4.27 pre4
cpe:/o:linux:linux_kernel:2.2.1Linux Kernel 2.2.1
cpe:/o:linux:linux_kernel:2.6.0Linux Kernel 2.6.0
cpe:/o:linux:linux_kernel:2.5.3Linux Kernel 2.5.3
cpe:/o:linux:linux_kernel:2.5.46Linux Kernel 2.5.46
cpe:/o:linux:linux_kernel:2.3.99:pre5Linux Kernel 2.3.99 pre5
cpe:/o:linux:linux_kernel:2.6.0:test8Linux Kernel 2.6 test8
cpe:/o:linux:linux_kernel:2.0.35Linux Kernel 2.0.35
cpe:/o:linux:linux_kernel:2.0.36Linux Kernel 2.0.36
cpe:/o:linux:linux_kernel:2.4.19:pre5Linux Kernel 2.4.19 pre5
cpe:/o:linux:linux_kernel:2.4.30:rc3Linux Kernel 2.4.30 rc3
cpe:/o:linux:linux_kernel:2.6.0:test10Linux Kernel 2.6 test10
cpe:/o:linux:linux_kernel:2.2.11Linux Kernel 2.2.11
cpe:/o:linux:linux_kernel:2.4.0:test6Linux Kernel 2.4.0 test6
cpe:/o:linux:linux_kernel:2.5.60Linux Kernel 2.5.60
cpe:/o:linux:linux_kernel:2.0.3Linux Kernel 2.0.3
cpe:/o:linux:linux_kernel:2.5.44Linux Kernel 2.5.44
cpe:/o:linux:linux_kernel:2.4.3:pre3Linux Kernel 2.4.3 pre3
cpe:/o:linux:linux_kernel:2.5.59Linux Kernel 2.5.59
cpe:/o:linux:linux_kernel:2.5.9Linux Kernel 2.5.9
cpe:/o:linux:linux_kernel:2.5.6Linux Kernel 2.5.6
cpe:/o:linux:linux_kernel:2.4.1Linux Kernel 2.4.1
cpe:/o:linux:linux_kernel:2.5.22Linux Kernel 2.5.22
cpe:/o:linux:linux_kernel:2.5.14Linux Kernel 2.5.14
cpe:/o:linux:linux_kernel:2.5.24Linux Kernel 2.5.24
cpe:/o:linux:linux_kernel:2.3.99:pre2Linux Kernel 2.3.99 pre2
cpe:/o:linux:linux_kernel:2.0.27Linux Kernel 2.0.27
cpe:/o:linux:linux_kernel:2.4.10Linux Kernel 2.4.10
cpe:/o:linux:linux_kernel:2.6.0:test5Linux Kernel 2.6 test5
cpe:/o:linux:linux_kernel:2.2.25Linux Kernel 2.2.25
cpe:/o:linux:linux_kernel:2.4.18:pre5Linux Kernel 2.4.18 pre5
cpe:/o:linux:linux_kernel:2.5.2Linux Kernel 2.5.2
cpe:/o:linux:linux_kernel:2.5.10Linux Kernel 2.5.10
cpe:/o:linux:linux_kernel:2.5.55Linux Kernel 2.5.55
cpe:/o:linux:linux_kernel:2.4.0:test7Linux Kernel 2.4.0 test7
cpe:/o:linux:linux_kernel:2.4.19:pre6Linux Kernel 2.4.19 pre6
cpe:/o:linux:linux_kernel:2.5.1Linux Kernel 2.5.1
cpe:/o:linux:linux_kernel:2.4.21:pre1Linux Kernel 2.4.21 pre1
cpe:/o:linux:linux_kernel:2.5.29Linux Kernel 2.5.29
cpe:/o:linux:linux_kernel:2.0.24Linux Kernel 2.0.24
cpe:/o:linux:linux_kernel:2.6.0:test7Linux Kernel 2.6 test7
cpe:/o:linux:linux_kernel:2.4.5Linux Kernel 2.4.5
cpe:/o:linux:linux_kernel:2.5.7Linux Kernel 2.5.7
cpe:/o:linux:linux_kernel:2.3.0Linux Kernel 2.3
cpe:/o:linux:linux_kernel:2.5.36Linux Kernel 2.5.36
cpe:/o:linux:linux_kernel:2.0.6Linux Kernel 2.0.6
cpe:/o:linux:linux_kernel:2.4.18:pre7Linux Kernel 2.4.18 pre7
cpe:/o:linux:linux_kernel:2.5.41Linux Kernel 2.5.41
cpe:/o:linux:linux_kernel:2.4.2Linux Kernel 2.4.2
cpe:/o:linux:linux_kernel:2.4.0:test11Linux Kernel 2.4.0 test11
cpe:/o:linux:linux_kernel:2.5.13Linux Kernel 2.5.13
cpe:/o:linux:linux_kernel:2.2.15:pre16Linux Kernel 2.2.15 pre16
cpe:/o:linux:linux_kernel:2.4.27:pre1Linux Kernel 2.4.27 pre1
cpe:/o:linux:linux_kernel:2.2.24Linux Kernel 2.2.24
cpe:/o:linux:linux_kernel:2.5.34Linux Kernel 2.5.34
cpe:/o:linux:linux_kernel:2.2.9Linux Kernel 2.2.9
cpe:/o:linux:linux_kernel:2.2.22Linux Kernel 2.2.22
cpe:/o:linux:linux_kernel:2.2.15Linux Kernel 2.2.15
cpe:/o:linux:linux_kernel:2.5.61Linux Kernel 2.5.61
cpe:/o:linux:linux_kernel:2.4.18:pre4Linux Kernel 2.4.18 pre4
cpe:/o:linux:linux_kernel:2.5.64Linux Kernel 2.5.64
cpe:/o:linux:linux_kernel:2.4.11Linux Kernel 2.4.11
cpe:/o:linux:linux_kernel:2.4.18:pre8Linux Kernel 2.4.18 pre8
cpe:/o:linux:linux_kernel:2.5.11Linux Kernel 2.5.11
cpe:/o:linux:linux_kernel:2.2.21Linux Kernel 2.2.21
cpe:/o:linux:linux_kernel:2.4.19Linux Kernel 2.4.19
cpe:/o:linux:linux_kernel:2.2.5Linux Kernel 2.2.5
cpe:/o:linux:linux_kernel:2.0.26Linux Kernel 2.0.26
cpe:/o:linux:linux_kernel:2.2.8Linux Kernel 2.2.8
cpe:/o:linux:linux_kernel:2.5.8Linux Kernel 2.5.8
cpe:/o:linux:linux_kernel:2.4.21:pre4Linux Kernel 2.4.21 pre4
cpe:/o:linux:linux_kernel:2.4.9Linux Kernel 2.4.9
cpe:/o:linux:linux_kernel:2.4.18Linux Kernel 2.4.18
cpe:/o:linux:linux_kernel:2.4.8Linux Kernel 2.4.8
cpe:/o:linux:linux_kernel:2.4.0:test5Linux Kernel 2.4.0 test5
cpe:/o:linux:linux_kernel:2.0.37Linux Kernel 2.0.37
cpe:/o:linux:linux_kernel:2.4.19:pre1Linux Kernel 2.4.19 pre1
cpe:/o:linux:linux_kernel:2.0.11Linux Kernel 2.0.11
cpe:/o:linux:linux_kernel:2.4.18:pre2Linux Kernel 2.4.18 pre2
cpe:/o:linux:linux_kernel:2.6.10Linux Kernel 2.6.10
cpe:/o:linux:linux_kernel:2.0.25Linux Kernel 2.0.25
cpe:/o:linux:linux_kernel:2.4.29Linux Kernel 2.4.29
cpe:/o:linux:linux_kernel:2.4.0Linux Kernel 2.4.0
cpe:/o:linux:linux_kernel:2.5.53Linux Kernel 2.5.53
cpe:/o:linux:linux_kernel:2.5.43Linux Kernel 2.5.43
cpe:/o:linux:linux_kernel:2.0.16Linux Kernel 2.0.16
cpe:/o:linux:linux_kernel:2.5.51Linux Kernel 2.5.51
cpe:/o:linux:linux_kernel:2.6.0:test2Linux Kernel 2.6 test2
cpe:/o:linux:linux_kernel:2.0.2Linux Kernel 2.0.2
cpe:/o:linux:linux_kernel:2.0.19Linux Kernel 2.0.19
cpe:/o:linux:linux_kernel:2.6.1Linux Kernel 2.6.1
cpe:/o:linux:linux_kernel:2.5.54Linux Kernel 2.5.54
cpe:/o:linux:linux_kernel:2.0.15Linux Kernel 2.0.15
cpe:/o:linux:linux_kernel:2.4.27Linux Kernel 2.4.27
cpe:/o:linux:linux_kernel:2.5.27Linux Kernel 2.5.27
cpe:/o:linux:linux_kernel:2.0.29Linux Kernel 2.0.29
cpe:/o:linux:linux_kernel:2.0.22Linux Kernel 2.0.22
cpe:/o:linux:linux_kernel:2.4.24_ow1
cpe:/o:linux:linux_kernel:2.5.15Linux Kernel 2.5.15
cpe:/o:linux:linux_kernel:2.4.0:test3Linux Kernel 2.4.0 test3
cpe:/o:linux:linux_kernel:2.4.23:pre9Linux Kernel 2.4.23 pre9
cpe:/o:linux:linux_kernel:2.6.0:test1Linux Kernel 2.6 test1
cpe:/o:linux:linux_kernel:2.6.0:test6Linux Kernel 2.6 test6
cpe:/o:linux:linux_kernel:2.2.13Linux Kernel 2.2.13
cpe:/o:linux:linux_kernel:2.2.16Linux Kernel 2.2.16
cpe:/o:linux:linux_kernel:2.5.21Linux Kernel 2.5.21
cpe:/o:linux:linux_kernel:2.5.69Linux Kernel 2.5.69
cpe:/o:linux:linux_kernel:2.0.7Linux Kernel 2.0.7
cpe:/o:linux:linux_kernel:2.4.3Linux Kernel 2.4.3
cpe:/o:linux:linux_kernel:2.5.40Linux Kernel 2.5.40
cpe:/o:linux:linux_kernel:2.4.23Linux Kernel 2.4.23
cpe:/o:linux:linux_kernel:2.4.30:rc2Linux Kernel 2.4.30 rc2
cpe:/o:linux:linux_kernel:2.2.23Linux Kernel 2.2.23
cpe:/o:linux:linux_kernel:2.4.30Linux Kernel 2.4.30
cpe:/o:linux:linux_kernel:2.4.0:test1Linux Kernel 2.4.0 test1
cpe:/o:linux:linux_kernel:2.2.16:pre6Linux Kernel 2.2.16 pre6
cpe:/o:linux:linux_kernel:2.5.30Linux Kernel 2.5.30
cpe:/o:linux:linux_kernel:2.4.27:pre2Linux Kernel 2.4.27 pre2
cpe:/o:linux:linux_kernel:2.4.0:test12Linux Kernel 2.4.0 test12
cpe:/o:linux:linux_kernel:2.4.0:test2Linux Kernel 2.4.0 test2
cpe:/o:linux:linux_kernel:2.5.16Linux Kernel 2.5.16
cpe:/o:linux:linux_kernel:2.4.18:pre1Linux Kernel 2.4.18 pre1
cpe:/o:linux:linux_kernel:2.0.21Linux Kernel 2.0.21
cpe:/o:linux:linux_kernel:2.2.17Linux Kernel 2.2.17
cpe:/o:linux:linux_kernel:2.4.20Linux Kernel 2.4.20
cpe:/o:linux:linux_kernel:2.6.1:rc2Linux Kernel 2.6.1 Release Candidate 2
cpe:/o:linux:linux_kernel:2.4.27:pre5Linux Kernel 2.4.27 pre5
cpe:/o:linux:linux_kernel:2.0.38Linux Kernel 2.0.38
cpe:/o:linux:linux_kernel:2.0.39Linux Kernel 2.0.39
cpe:/o:linux:linux_kernel:2.6.0:test4Linux Kernel 2.6 test4
cpe:/o:linux:linux_kernel:2.5.47Linux Kernel 2.5.47
cpe:/o:linux:linux_kernel:2.4.21:pre7Linux Kernel 2.4.21 pre7
cpe:/o:linux:linux_kernel:2.0.1Linux Kernel 2.0.1
cpe:/o:linux:linux_kernel:2.4.22Linux Kernel 2.4.22
cpe:/o:linux:linux_kernel:2.3.99:pre1Linux Kernel 2.3.99 pre1
cpe:/o:linux:linux_kernel:2.2.20Linux Kernel 2.2.20
cpe:/o:linux:linux_kernel:2.5.39Linux Kernel 2.5.39
cpe:/o:linux:linux_kernel:2.4.31:pre1Linux Kernel 2.4.31 pre1
cpe:/o:linux:linux_kernel:2.5.67Linux Kernel 2.5.67
cpe:/o:linux:linux_kernel:2.0.5Linux Kernel 2.0.5
cpe:/o:linux:linux_kernel:2.2.0Linux Kernel 2.2
cpe:/o:linux:linux_kernel:2.4.21Linux Kernel 2.4.21
cpe:/o:linux:linux_kernel:2.4.25Linux Kernel 2.4.25
cpe:/o:linux:linux_kernel:2.3.99:pre7Linux Kernel 2.3.99 pre7
cpe:/o:linux:linux_kernel:2.5.18Linux Kernel 2.5.18
cpe:/o:linux:linux_kernel:2.1
cpe:/o:linux:linux_kernel:2.5.23Linux Kernel 2.5.23
cpe:/o:linux:linux_kernel:2.4.22:pre10Linux Kernel 2.4.22 pre10
cpe:/o:linux:linux_kernel:2.4.17Linux Kernel 2.4.17
cpe:/o:linux:linux_kernel:2.4.14Linux Kernel 2.4.14
cpe:/o:linux:linux_kernel:2.2.12Linux Kernel 2.2.12
cpe:/o:linux:linux_kernel:2.0.17Linux Kernel 2.0.17
cpe:/o:linux:linux_kernel:2.6.0:test9Linux Kernel 2.6 test9
cpe:/o:linux:linux_kernel:2.5.31Linux Kernel 2.5.31
cpe:/o:linux:linux_kernel:2.0.9.9
cpe:/o:linux:linux_kernel:2.4.28Linux Kernel 2.4.28
cpe:/o:linux:linux_kernel:2.5.32Linux Kernel 2.5.32
cpe:/o:linux:linux_kernel:2.4.29:rc1Linux Kernel 2.4.29 rc1
cpe:/o:linux:linux_kernel:2.0.20Linux Kernel 2.0.20
cpe:/o:linux:linux_kernel:2.5.37Linux Kernel 2.5.37
cpe:/o:linux:linux_kernel:2.4.27:pre3Linux Kernel 2.4.27 pre3
cpe:/o:linux:linux_kernel:2.4.18:pre3Linux Kernel 2.4.18 pre3
cpe:/o:linux:linux_kernel:2.5.45Linux Kernel 2.5.45
cpe:/o:linux:linux_kernel:2.4.19:pre2Linux Kernel 2.4.19 pre2
cpe:/o:linux:linux_kernel:2.5.17Linux Kernel 2.5.17
cpe:/o:linux:linux_kernel:2.2.6Linux Kernel 2.2.6
cpe:/o:linux:linux_kernel:2.4.18::x86
cpe:/o:linux:linux_kernel:2.5.12Linux Kernel 2.5.12
cpe:/o:linux:linux_kernel:2.4.0:test9Linux Kernel 2.4.0 test9
cpe:/o:linux:linux_kernel:2.5.38Linux Kernel 2.5.38
cpe:/o:linux:linux_kernel:2.6_test9_cvs
cpe:/o:linux:linux_kernel:2.4.16Linux Kernel 2.4.16
cpe:/o:linux:linux_kernel:2.5.48Linux Kernel 2.5.48
cpe:/o:linux:linux_kernel:2.4.6Linux Kernel 2.4.6
cpe:/o:linux:linux_kernel:2.4.24Linux Kernel 2.4.24
cpe:/o:linux:linux_kernel:2.2.15_pre20
cpe:/o:linux:linux_kernel:2.4.7Linux Kernel 2.4.7
cpe:/o:linux:linux_kernel:2.5.33Linux Kernel 2.5.33
cpe:/o:linux:linux_kernel:2.5.50Linux Kernel 2.5.50
cpe:/o:linux:linux_kernel:2.5.19Linux Kernel 2.5.19
cpe:/o:linux:linux_kernel:2.2.27:rc2Linux Kernel 2.2.27 rc2
cpe:/o:linux:linux_kernel:2.6.10:rc2Linux Kernel 2.6.10 Release Candidate 2
cpe:/o:linux:linux_kernel:2.0.23Linux Kernel 2.0.23
cpe:/o:linux:linux_kernel:2.0.34Linux Kernel 2.0.34
cpe:/o:linux:linux_kernel:2.4.18:pre6Linux Kernel 2.4.18 pre6
cpe:/o:linux:linux_kernel:2.5.52Linux Kernel 2.5.52
cpe:/o:linux:linux_kernel:2.5.68Linux Kernel 2.5.68
cpe:/o:linux:linux_kernel:2.2.19Linux Kernel 2.2.19
cpe:/o:linux:linux_kernel:2.5.25Linux Kernel 2.5.25
cpe:/o:linux:linux_kernel:2.0.32Linux Kernel 2.0.32
cpe:/o:linux:linux_kernel:2.5.5Linux Kernel 2.5.5
cpe:/o:linux:linux_kernel:2.6.0:test3Linux Kernel 2.6 test3
cpe:/o:linux:linux_kernel:2.4.26Linux Kernel 2.4.26
cpe:/o:linux:linux_kernel:2.2.4Linux Kernel 2.2.4
cpe:/o:linux:linux_kernel:2.4.15Linux Kernel 2.4.15

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9307Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of servi...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0815
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0815
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-598
(官方数据源) CNNVD

- 其它链接及资源

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
(UNKNOWN)  FEDORA  FLSA:152532
http://xforce.iss.net/xforce/xfdb/19741
(UNKNOWN)  XF  kernel-iso9660-filesystem(19741)
http://www.vupen.com/english/advisories/2005/1878
(UNKNOWN)  VUPEN  ADV-2005-1878
http://www.securityfocus.com/bid/12837
(UNKNOWN)  BID  12837
http://www.securityfocus.com/archive/1/393590
(UNKNOWN)  BUGTRAQ  20050317 Linux ISO9660 handling flaws
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.12-rc1
(UNKNOWN)  CONFIRM  http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.12-rc1
http://www.redhat.com/support/errata/RHSA-2006-0191.html
(UNKNOWN)  REDHAT  RHSA-2006:0191
http://www.redhat.com/support/errata/RHSA-2006-0190.html
(UNKNOWN)  REDHAT  RHSA-2006:0190
http://www.redhat.com/support/errata/RHSA-2005-663.html
(UNKNOWN)  REDHAT  RHSA-2005:663
http://www.redhat.com/support/errata/RHSA-2005-366.html
(UNKNOWN)  REDHAT  RHSA-2005:366
http://www.mandriva.com/security/advisories?name=MDKSA-2006:072
(UNKNOWN)  MANDRIVA  MDKSA-2006:072
http://secunia.com/advisories/18684
(UNKNOWN)  SECUNIA  18684
http://secunia.com/advisories/17002
(UNKNOWN)  SECUNIA  17002

- 漏洞信息

Linux ISO9660文件处理多个漏洞
中危 资料不足
2005-05-02 00:00:00 2005-10-20 00:00:00
本地  
        Linux是一款使用非常广泛的开放源代码操作系统。
        在Linux的2.6.11及之前版本的ISO9660文件系统处理程序中存在几个漏洞,包括DoS到可利用的内存破坏等。在加载特制的文件系统或检查目录时可能会出现这些漏洞。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        http://www.kernel.org/

- 漏洞信息 (F36937)

Ubuntu Security Notice 103-1 (PacketStormID:F36937)
2005-04-14 00:00:00
Ubuntu  ubuntu.com
advisory,kernel,vulnerability
linux,ubuntu
CVE-2005-0400,CVE-2005-0749,CVE-2005-0750,CVE-2005-0815,CVE-2005-0839
[点击下载]

Ubuntu Security Notice USN-103-1 - The LInux 2.6.8.1 kernel suffers from about a half dozen serious vulnerabilities.

===========================================================
Ubuntu Security Notice USN-103-1	     April 01, 2005
linux-source-2.6.8.1 vulnerabilities
CAN-2005-0400, CAN-2005-0749, CAN-2005-0750, CAN-2005-0815,
CAN-2005-0839
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

linux-image-2.6.8.1-5-386
linux-image-2.6.8.1-5-686
linux-image-2.6.8.1-5-686-smp
linux-image-2.6.8.1-5-amd64-generic
linux-image-2.6.8.1-5-amd64-k8
linux-image-2.6.8.1-5-amd64-k8-smp
linux-image-2.6.8.1-5-amd64-xeon
linux-image-2.6.8.1-5-k7
linux-image-2.6.8.1-5-k7-smp
linux-image-2.6.8.1-5-power3
linux-image-2.6.8.1-5-power3-smp
linux-image-2.6.8.1-5-power4
linux-image-2.6.8.1-5-power4-smp
linux-image-2.6.8.1-5-powerpc
linux-image-2.6.8.1-5-powerpc-smp
linux-patch-debian-2.6.8.1

The problem can be corrected by upgrading the affected package to
version 2.6.8.1-16.13. You need to reboot the computer after doing a
standard system upgrade to effect the necessary changes. 

Details follow:

Mathieu Lafon discovered an information leak in the ext2 file system
driver. When a new directory was created, the ext2 block written to
disk was not initialized, so that previous memory contents (which
could contain sensitive data like passwords) became visible on the raw
device. This is particularly important if the target device is
removable and thus can be read by users other than root.
(CAN-2005-0400)

Yichen Xie discovered a Denial of Service vulnerability in the ELF
loader. A specially crafted ELF library or executable could cause an
attempt to free an invalid pointer, which lead to a kernel crash.
(CAN-2005-0749)

Ilja van Sprundel discovered that the bluez_sock_create() function did
not check its "protocol" argument for negative values. A local
attacker could exploit this to execute arbitrary code with root
privileges by creating a Bluetooth socket with a specially crafted
protocol number. (CAN-2005-0750)

Michal Zalewski discovered that the iso9660 file system driver fails
to check ranges properly in several cases. Mounting a specially
crafted CD-ROM may have caused a buffer overflow leading to a kernel
crash or even arbitrary code execution. (CAN-2005-0815)

Previous kernels did not restrict the use of the N_MOUSE line
discipline in the serial driver. This allowed an unprivileged user to
inject mouse movement and/or keystrokes (using the sunkbd driver) into
the input subsystem, taking over the console or an X session, where
another user is logged in.  (CAN-2005-0839)

A Denial of Service vulnerability was found in the tmpfs driver, which
is commonly used to mount RAM disks below /dev/shm and /tmp. The
shm_nopage() did not properly verify its address argument, which could
be exploited by a local user to cause a kernel crash with invalid
addresses.
(http://linux.bkbits.net:8080/linux-2.6/cset@420551fbRlv9-QG6Gw9Lw_bKVfPSsg)

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.13.diff.gz
      Size/MD5:  3141166 21bb3cb0cb3411b0fc6ed4b193cc5ade
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.13.dsc
      Size/MD5:     2121 c8109995552dbdf33155366c8b6ca574
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1.orig.tar.gz
      Size/MD5: 44728688 79730a3ad4773ba65fab65515369df84

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-doc-2.6.8.1_2.6.8.1-16.13_all.deb
      Size/MD5:  6156316 ced249a61a235b9954d1ae968e2cb7ca
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-patch-debian-2.6.8.1_2.6.8.1-16.13_all.deb
      Size/MD5:  1496926 406d8a710e1d9f95b0c8448962e3f4b7
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.13_all.deb
      Size/MD5: 36719760 2b56398fcfbc1d6d757a968a552820d5
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-tree-2.6.8.1_2.6.8.1-16.13_all.deb
      Size/MD5:   308292 5f63ff191ca41e39166de2bd53f8d08c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-generic_2.6.8.1-16.13_amd64.deb
      Size/MD5:   247868 21ff61252c900e9fb2a548f30c819789
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-k8-smp_2.6.8.1-16.13_amd64.deb
      Size/MD5:   243858 dfda5b8d4eb53ef56e40dacea6c93379
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-k8_2.6.8.1-16.13_amd64.deb
      Size/MD5:   247076 21c0419cd1548273b52a141ab145834d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-xeon_2.6.8.1-16.13_amd64.deb
      Size/MD5:   242192 011e30a52dda6f020df9c643988102d1
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5_2.6.8.1-16.13_amd64.deb
      Size/MD5:  3179188 ba617aee377d068ce18f21ac6c89263c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-generic_2.6.8.1-16.13_amd64.deb
      Size/MD5: 14353262 1f3ec89ac23adf217960ed38e5d2c717
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-k8-smp_2.6.8.1-16.13_amd64.deb
      Size/MD5: 14829032 51dc56cced68159222749538fbd115b2
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-k8_2.6.8.1-16.13_amd64.deb
      Size/MD5: 14861698 89eb699bc0e6c2424dd5fe9c3eabf811
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-xeon_2.6.8.1-16.13_amd64.deb
      Size/MD5: 14686210 d3b50f9f86afaa8865b30d57d6b0fa1d

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-386_2.6.8.1-16.13_i386.deb
      Size/MD5:   277290 c3e00f0ff221ec660319606a4d19e9da
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-686-smp_2.6.8.1-16.13_i386.deb
      Size/MD5:   271980 d1cc69e7b158ee25af65f31675943631
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-686_2.6.8.1-16.13_i386.deb
      Size/MD5:   275018 17561ffd0e1448df572350eeba6cdb0d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-k7-smp_2.6.8.1-16.13_i386.deb
      Size/MD5:   272506 0cd5266261e4a4695c0f4613562c6cc3
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-k7_2.6.8.1-16.13_i386.deb
      Size/MD5:   275150 729e035be50a7315f9b6484a2127755b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5_2.6.8.1-16.13_i386.deb
      Size/MD5:  3219988 f89b979f9ca5aa2be0f24dca74270810
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-386_2.6.8.1-16.13_i386.deb
      Size/MD5: 15495380 5b4a074ba11309dd403d300e01ca5d42
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-686-smp_2.6.8.1-16.13_i386.deb
      Size/MD5: 16345080 ee2b9c141d287b4606fe6b1d23ed3c76
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-686_2.6.8.1-16.13_i386.deb
      Size/MD5: 16513718 1e3cfff372acdfc294063e0a2e8ef485
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-k7-smp_2.6.8.1-16.13_i386.deb
      Size/MD5: 16447908 21dfa2d945203fcb5d9d9385ee86c659
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-k7_2.6.8.1-16.13_i386.deb
      Size/MD5: 16573202 d7440b858e2b88b56ada1fd9c3aef045

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power3-smp_2.6.8.1-16.13_powerpc.deb
      Size/MD5:   212896 70301c701acd9e1d0682d664e63479c7
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power3_2.6.8.1-16.13_powerpc.deb
      Size/MD5:   213610 3de6832705d851b4762a677ae7efcfe3
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power4-smp_2.6.8.1-16.13_powerpc.deb
      Size/MD5:   212694 79dcc690556561c7f6b2835cadaefc65
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power4_2.6.8.1-16.13_powerpc.deb
      Size/MD5:   213368 fccda4ef54e82ef7bc9ee65dd91ad9f2
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-powerpc-smp_2.6.8.1-16.13_powerpc.deb
      Size/MD5:   213274 cb5c15759fdc1c3d67dea083fa715425
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-powerpc_2.6.8.1-16.13_powerpc.deb
      Size/MD5:   214772 738757d77bb43291937bbb8fa8e5279b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5_2.6.8.1-16.13_powerpc.deb
      Size/MD5:  3297198 c449b6f307be309b4b34096067854afd
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power3-smp_2.6.8.1-16.13_powerpc.deb
      Size/MD5: 16367564 e989eb486e57f3fdf01ba02f9aed6e5d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power3_2.6.8.1-16.13_powerpc.deb
      Size/MD5: 15942266 a3c8ed4b84d39219124c4ea70caef211
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power4-smp_2.6.8.1-16.13_powerpc.deb
      Size/MD5: 16354794 6c528b50c53088c14353845e609bc868
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power4_2.6.8.1-16.13_powerpc.deb
      Size/MD5: 15926402 2210381c424e430a48e2579226ae9fca
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-powerpc-smp_2.6.8.1-16.13_powerpc.deb
      Size/MD5: 16289246 4fd1a22f145d0abdc84e8926dfa42df8
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-powerpc_2.6.8.1-16.13_powerpc.deb
      Size/MD5: 15975494 3424a2f8dc666e9520c5abc929b08e62
    

- 漏洞信息

14866
Linux Kernel Malformed ISO9660 File System Command Execution
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-03-17 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.4.30-rc2, 2.6.11.6, 2.6.12-rc1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux Kernel Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities
Unknown 12837
No Yes
2005-03-17 12:00:00 2007-03-01 10:26:00
Discovery of these vulnerabilities is credited to Michal Zalewski <lcamtuf@dione.ids.pl>.

- 受影响的程序版本

Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
SGI ProPack 3.0 SP6
SGI ProPack 3.0 SP5
SGI ProPack 3.0 SP4
SGI ProPack 3.0 SP3
SGI ProPack 3.0 SP2
SGI ProPack 3.0 SP1
SGI ProPack 3.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Linux kernel 2.6.11 -rc4
Linux kernel 2.6.11 -rc3
Linux kernel 2.6.11 -rc2
Linux kernel 2.6.11
+ Red Hat Fedora Core4
Linux kernel 2.6.10 rc2
Linux kernel 2.6.10
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
+ Trustix Secure Linux 3.0
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
Linux kernel 2.6.9
Linux kernel 2.6.8 rc3
Linux kernel 2.6.8 rc2
Linux kernel 2.6.8 rc1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.8
Linux kernel 2.6.7 rc1
Linux kernel 2.6.7
Linux kernel 2.6.6 rc1
Linux kernel 2.6.6
Linux kernel 2.6.5
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 2.6.1 -rc2
Linux kernel 2.6.1 -rc1
Linux kernel 2.6.1
Linux kernel 2.6 .10
Linux kernel 2.6 -test9-CVS
Linux kernel 2.6 -test9
Linux kernel 2.6 -test8
Linux kernel 2.6 -test7
Linux kernel 2.6 -test6
Linux kernel 2.6 -test5
Linux kernel 2.6 -test4
Linux kernel 2.6 -test3
Linux kernel 2.6 -test2
Linux kernel 2.6 -test11
Linux kernel 2.6 -test10
Linux kernel 2.6 -test1
Linux kernel 2.6
Linux kernel 2.4.29 -rc2
Linux kernel 2.4.29 -rc1
Linux kernel 2.4.28
Linux kernel 2.4.27 -pre5
Linux kernel 2.4.27 -pre4
Linux kernel 2.4.27 -pre3
Linux kernel 2.4.27 -pre2
Linux kernel 2.4.27 -pre1
Linux kernel 2.4.27
Linux kernel 2.4.26
Linux kernel 2.4.25
Linux kernel 2.4.24 -ow1
Linux kernel 2.4.24
Linux kernel 2.4.23 -pre9
Linux kernel 2.4.23 -ow2
Linux kernel 2.4.23
Linux kernel 2.4.22
+ Devil-Linux Devil-Linux 1.0.5
+ Devil-Linux Devil-Linux 1.0.4
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Red Hat Fedora Core1
+ Slackware Linux 9.1
Linux kernel 2.4.21 pre7
Linux kernel 2.4.21 pre4
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
Linux kernel 2.4.21 pre1
Linux kernel 2.4.21
+ Conectiva Linux 9.0
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ SuSE SUSE Linux Enterprise Server 8
Linux kernel 2.4.20
+ CRUX CRUX Linux 1.0
+ Gentoo Linux 1.4
+ Gentoo Linux 1.2
+ RedHat Linux 9.0 i386
+ Slackware Linux 9.0
+ WOLK WOLK 4.4 s
Linux kernel 2.4.19 -pre6
Linux kernel 2.4.19 -pre5
Linux kernel 2.4.19 -pre4
Linux kernel 2.4.19 -pre3
Linux kernel 2.4.19 -pre2
Linux kernel 2.4.19 -pre1
Linux kernel 2.4.19
Linux kernel 2.4.18 pre-8
Linux kernel 2.4.18 pre-7
Linux kernel 2.4.18 pre-6
Linux kernel 2.4.18 pre-5
Linux kernel 2.4.18 pre-4
Linux kernel 2.4.18 pre-3
Linux kernel 2.4.18 pre-2
Linux kernel 2.4.18 pre-1
Linux kernel 2.4.18 x86
Linux kernel 2.4.18
+ Astaro Security Linux 2.0 23
+ Astaro Security Linux 2.0 16
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
+ Red Hat Enterprise Linux AS 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Linux 8.0
+ RedHat Linux 7.3
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. Linux Office Server
+ S.u.S.E. Linux Openexchange Server
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. SuSE eMail Server 3.1
+ S.u.S.E. SuSE eMail Server III
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
Linux kernel 2.4.17
Linux kernel 2.4.16
Linux kernel 2.4.15
Linux kernel 2.4.14
Linux kernel 2.4.13
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
Linux kernel 2.4.12
+ Conectiva Linux 7.0
Linux kernel 2.4.11
Linux kernel 2.4.10
+ S.u.S.E. Linux 7.3
Linux kernel 2.4.9
Linux kernel 2.4.8
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.7
+ RedHat Linux 7.2
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
Linux kernel 2.4.6
Linux kernel 2.4.5
+ Slackware Linux 8.0
Linux kernel 2.4.4
Linux kernel 2.4.3
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.2
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
Linux kernel 2.4.1
Linux kernel 2.4 .0-test9
Linux kernel 2.4 .0-test8
Linux kernel 2.4 .0-test7
Linux kernel 2.4 .0-test6
Linux kernel 2.4 .0-test5
Linux kernel 2.4 .0-test4
Linux kernel 2.4 .0-test3
Linux kernel 2.4 .0-test2
Linux kernel 2.4 .0-test12
Linux kernel 2.4 .0-test11
Linux kernel 2.4 .0-test10
Linux kernel 2.4 .0-test1
Linux kernel 2.4
Conectiva Linux 10.0

- 漏洞讨论

The Linux kernel is reported prone to multiple vulnerabilities that occur because of "range-checking flaws" present in the ISO9660 handling routines.

An attacker may exploit these issues to trigger kernel-based memory corruption. Ultimately, the attacker may be able to execute arbitrary malicious code with ring-zero privileges.

These vulnerabilities are reported to be present in the ISO9660 filesystem handler including Rock Ridge and Juliet extensions for the Linux kernel up to and including version 2.6.11.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com

The following test script is available:

- 解决方案

Please see the referenced advisories for details on obtaining and applying fixes.


Red Hat Fedora Core1

Linux kernel 2.4.18

Linux kernel 2.4.25

Linux kernel 2.6.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站