CVE-2005-0937
CVSS1.2
发布时间 :2005-02-22 00:00:00
修订时间 :2010-08-21 00:27:17
NMCOPS    

[原文]Some futex functions in futex.c for Linux kernel 2.6.x perform get_user calls while holding the mmap_sem semaphore, which could allow local users to cause a deadlock condition in do_page_fault by triggering get_user faults while another thread is executing mmap or other functions.


[CNNVD]Linux Kernel Futex本地死锁拒绝服务漏洞(CNNVD-200502-083)

        Linux Kernel是开放源码操作系统Linux所使用的内核。
        Linux kernel 2.6.x的futex.c中的某些futex函数,在执行get_user调用的同时会保留mmap_sem信号灯,这可让本地用户通过在其他线程正在执行mmap或其他函数时触发get_user错误来导致do_page_fault中产生死锁条件。

- CVSS (基础分值)

CVSS分值: 1.2 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.5.42Linux Kernel 2.5.42
cpe:/o:linux:linux_kernel:2.6.0:test2Linux Kernel 2.6 test2
cpe:/o:linux:linux_kernel:2.5.54Linux Kernel 2.5.54
cpe:/o:linux:linux_kernel:2.6.1Linux Kernel 2.6.1
cpe:/o:linux:linux_kernel:2.5.35Linux Kernel 2.5.35
cpe:/o:linux:linux_kernel:2.6.11.6Linux Kernel 2.6.11.6
cpe:/o:linux:linux_kernel:2.5.66Linux Kernel 2.5.66
cpe:/o:linux:linux_kernel:2.5.27Linux Kernel 2.5.27
cpe:/o:linux:linux_kernel:2.5.58Linux Kernel 2.5.58
cpe:/o:linux:linux_kernel:2.5.15Linux Kernel 2.5.15
cpe:/o:linux:linux_kernel:2.5.26Linux Kernel 2.5.26
cpe:/o:linux:linux_kernel:2.6.0:test1Linux Kernel 2.6 test1
cpe:/o:linux:linux_kernel:2.6.11Linux Kernel 2.6.11
cpe:/o:linux:linux_kernel:2.6.0:test11Linux Kernel 2.6 test11
cpe:/o:linux:linux_kernel:2.6.9:2.6.20
cpe:/o:linux:linux_kernel:2.5.4Linux Kernel 2.5.4
cpe:/o:linux:linux_kernel:2.6.0:test6Linux Kernel 2.6 test6
cpe:/o:linux:linux_kernel:2.5.20Linux Kernel 2.5.20
cpe:/o:linux:linux_kernel:2.5.56Linux Kernel 2.5.56
cpe:/o:linux:linux_kernel:2.5.65Linux Kernel 2.5.65
cpe:/o:linux:linux_kernel:2.5.21Linux Kernel 2.5.21
cpe:/o:linux:linux_kernel:2.5.0Linux Kernel 2.5.0
cpe:/o:linux:linux_kernel:2.5.69Linux Kernel 2.5.69
cpe:/o:linux:linux_kernel:2.5.57Linux Kernel 2.5.57
cpe:/o:linux:linux_kernel:2.5.40Linux Kernel 2.5.40
cpe:/o:linux:linux_kernel:2.5.30Linux Kernel 2.5.30
cpe:/o:linux:linux_kernel:2.5.63Linux Kernel 2.5.63
cpe:/o:linux:linux_kernel:2.6.8:rc3Linux Kernel 2.6.8 Release Candidate 3
cpe:/o:linux:linux_kernel:2.5.28Linux Kernel 2.5.28
cpe:/o:linux:linux_kernel:2.5.16Linux Kernel 2.5.16
cpe:/o:linux:linux_kernel:2.5.62Linux Kernel 2.5.62
cpe:/o:linux:linux_kernel:2.5.49Linux Kernel 2.5.49
cpe:/o:linux:linux_kernel:2.6.1:rc1Linux Kernel 2.6.1 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.1:rc2Linux Kernel 2.6.1 Release Candidate 2
cpe:/o:linux:linux_kernel:2.5.47Linux Kernel 2.5.47
cpe:/o:linux:linux_kernel:2.6.0:test4Linux Kernel 2.6 test4
cpe:/o:linux:linux_kernel:2.5.3Linux Kernel 2.5.3
cpe:/o:linux:linux_kernel:2.6.0Linux Kernel 2.6.0
cpe:/o:linux:linux_kernel:2.5.46Linux Kernel 2.5.46
cpe:/o:linux:linux_kernel:2.6.6:rc1Linux Kernel 2.6.6 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.3Linux Kernel 2.6.3
cpe:/o:linux:linux_kernel:2.5.39Linux Kernel 2.5.39
cpe:/o:linux:linux_kernel:2.6.0:test8Linux Kernel 2.6 test8
cpe:/o:linux:linux_kernel:2.5.67Linux Kernel 2.5.67
cpe:/o:linux:linux_kernel:2.6.0:test10Linux Kernel 2.6 test10
cpe:/o:linux:linux_kernel:2.5.60Linux Kernel 2.5.60
cpe:/o:linux:linux_kernel:2.5.44Linux Kernel 2.5.44
cpe:/o:linux:linux_kernel:2.5.59Linux Kernel 2.5.59
cpe:/o:linux:linux_kernel:2.5.9Linux Kernel 2.5.9
cpe:/o:linux:linux_kernel:2.5.18Linux Kernel 2.5.18
cpe:/o:linux:linux_kernel:2.5.23Linux Kernel 2.5.23
cpe:/o:linux:linux_kernel:2.6.11:rc2Linux Kernel 2.6.11 Release Candidate 2
cpe:/o:linux:linux_kernel:2.5.6Linux Kernel 2.5.6
cpe:/o:linux:linux_kernel:2.6.7:rc1Linux Kernel 2.6.7 Release Candidate 1
cpe:/o:linux:linux_kernel:2.5.22Linux Kernel 2.5.22
cpe:/o:linux:linux_kernel:2.5.14Linux Kernel 2.5.14
cpe:/o:linux:linux_kernel:2.5.24Linux Kernel 2.5.24
cpe:/o:linux:linux_kernel:2.6.0:test9Linux Kernel 2.6 test9
cpe:/o:linux:linux_kernel:2.5.31Linux Kernel 2.5.31
cpe:/o:linux:linux_kernel:2.6.0:test5Linux Kernel 2.6 test5
cpe:/o:linux:linux_kernel:2.5.2Linux Kernel 2.5.2
cpe:/o:linux:linux_kernel:2.5.32Linux Kernel 2.5.32
cpe:/o:linux:linux_kernel:2.6.11:rc3Linux Kernel 2.6.11 Release Candidate 3
cpe:/o:linux:linux_kernel:2.6.11:rc4Linux Kernel 2.6.11 Release Candidate 4
cpe:/o:linux:linux_kernel:2.5.10Linux Kernel 2.5.10
cpe:/o:linux:linux_kernel:2.5.55Linux Kernel 2.5.55
cpe:/o:linux:linux_kernel:2.5.1Linux Kernel 2.5.1
cpe:/o:linux:linux_kernel:2.5.37Linux Kernel 2.5.37
cpe:/o:linux:linux_kernel:2.5.29Linux Kernel 2.5.29
cpe:/o:linux:linux_kernel:2.5.45Linux Kernel 2.5.45
cpe:/o:linux:linux_kernel:2.6.0:test7Linux Kernel 2.6 test7
cpe:/o:linux:linux_kernel:2.5.7Linux Kernel 2.5.7
cpe:/o:linux:linux_kernel:2.5.36Linux Kernel 2.5.36
cpe:/o:linux:linux_kernel:2.5.17Linux Kernel 2.5.17
cpe:/o:linux:linux_kernel:2.5.12Linux Kernel 2.5.12
cpe:/o:linux:linux_kernel:2.6.5Linux Kernel 2.6.5
cpe:/o:linux:linux_kernel:2.6.7Linux Kernel 2.6.7
cpe:/o:linux:linux_kernel:2.5.41Linux Kernel 2.5.41
cpe:/o:linux:linux_kernel:2.5.38Linux Kernel 2.5.38
cpe:/o:linux:linux_kernel:2.5.13Linux Kernel 2.5.13
cpe:/o:linux:linux_kernel:2.6_test9_cvs
cpe:/o:linux:linux_kernel:2.5.34Linux Kernel 2.5.34
cpe:/o:linux:linux_kernel:2.5.48Linux Kernel 2.5.48
cpe:/o:linux:linux_kernel:2.5.33Linux Kernel 2.5.33
cpe:/o:linux:linux_kernel:2.6.4Linux Kernel 2.6.4
cpe:/o:linux:linux_kernel:2.5.50Linux Kernel 2.5.50
cpe:/o:linux:linux_kernel:2.5.61Linux Kernel 2.5.61
cpe:/o:linux:linux_kernel:2.6.8:rc2Linux Kernel 2.6.8 Release Candidate 2
cpe:/o:linux:linux_kernel:2.5.64Linux Kernel 2.5.64
cpe:/o:linux:linux_kernel:2.5.19Linux Kernel 2.5.19
cpe:/o:linux:linux_kernel:2.5.11Linux Kernel 2.5.11
cpe:/o:linux:linux_kernel:2.6.10:rc2Linux Kernel 2.6.10 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.11.5Linux Kernel 2.6.11.5
cpe:/o:linux:linux_kernel:2.5.8Linux Kernel 2.5.8
cpe:/o:linux:linux_kernel:2.5.52Linux Kernel 2.5.52
cpe:/o:linux:linux_kernel:2.5.68Linux Kernel 2.5.68
cpe:/o:linux:linux_kernel:2.5.25Linux Kernel 2.5.25
cpe:/o:linux:linux_kernel:2.6.2Linux Kernel 2.6.2
cpe:/o:linux:linux_kernel:2.6.8:rc1Linux Kernel 2.6.8 Release Candidate 1
cpe:/o:linux:linux_kernel:2.5.5Linux Kernel 2.5.5
cpe:/o:linux:linux_kernel:2.6.10Linux Kernel 2.6.10
cpe:/o:linux:linux_kernel:2.6.0:test3Linux Kernel 2.6 test3
cpe:/o:linux:linux_kernel:2.6.8Linux Kernel 2.6.8
cpe:/o:linux:linux_kernel:2.6.6Linux Kernel 2.6.6
cpe:/o:linux:linux_kernel:2.5.53Linux Kernel 2.5.53
cpe:/o:linux:linux_kernel:2.5.43Linux Kernel 2.5.43
cpe:/o:linux:linux_kernel:2.5.51Linux Kernel 2.5.51

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10037Some futex functions in futex.c for Linux kernel 2.6.x perform get_user calls while holding the mmap_sem semaphore, which could allow local ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0937
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0937
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200502-083
(官方数据源) CNNVD

- 其它链接及资源

http://lkml.org/lkml/2005/2/22/123
(VENDOR_ADVISORY)  MISC  http://lkml.org/lkml/2005/2/22/123
http://linux.bkbits.net:8080/linux-2.6/cset@421cfc11zFsK9gxvSJ2t__FCmuUd3Q
(VENDOR_ADVISORY)  CONFIRM  http://linux.bkbits.net:8080/linux-2.6/cset@421cfc11zFsK9gxvSJ2t__FCmuUd3Q
http://www.securityfocus.com/archive/1/archive/1/427980/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:157459-3
http://www.redhat.com/support/errata/RHSA-2005-420.html
(UNKNOWN)  REDHAT  RHSA-2005:420

- 漏洞信息

Linux Kernel Futex本地死锁拒绝服务漏洞
低危 设计错误
2005-02-22 00:00:00 2005-10-20 00:00:00
本地  
        Linux Kernel是开放源码操作系统Linux所使用的内核。
        Linux kernel 2.6.x的futex.c中的某些futex函数,在执行get_user调用的同时会保留mmap_sem信号灯,这可让本地用户通过在其他线程正在执行mmap或其他函数时触发get_user错误来导致do_page_fault中产生死锁条件。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Linux kernel 2.6.8 rc1
        Ubuntu linux-doc-2.6.8.1_2.6.8.1-16.14_all.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/lin ux-doc-2.6.8.1_2.6.8.1-16.14_all.deb
        Ubuntu linux-headers-2.6.8.1-5-386_2.6.8.1-16.14_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/lin ux-headers-2.6.8.1-5-386_2.6.8.1-16.14_i386.deb
        Ubuntu linux-headers-2.6.8.1-5-686-smp_2.6.8.1-16.14_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/lin ux-headers-2.6.8.1-5-686-smp_2.6.8.1-16.14_i386.deb
        Ubuntu linux-headers-2.6.8.1-5-686_2.6.8.1-16.14_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/lin ux-headers-2.6.8.1-5-686_2.6.8.1-16.14_i386.deb
        Ubuntu linux-headers-2.6.8.1-5-amd64-generic_2.6.8.1-16.14_amd64.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/lin ux-headers-2.6.8.1-5-amd64-generic_2.6.8.1-16.14_amd64.deb
        Ubuntu linux-headers-2.6.8.1-5-amd64-k8-smp_2.6.8.1-16.14_amd64.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/lin ux-headers-2.6.8.1-5-amd64-k8-smp_2.6.8.1-16.14_amd64.deb
        Ubuntu linux-headers-2.6.8.1-5-amd64-k8_2.6.8.1-16.14_amd64.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/lin ux-headers-2.6.8.1-5-amd64-k8_2.6.8.1-16.14_amd64.deb
        Ubuntu linux-headers-2.6.8.1-5-amd64-xeon_2.6.8.1-16.14_amd64.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/lin ux-headers-2.6.8.1-5-amd64-xeon_2.6.8.1-16.14_amd64.deb
        Ubuntu linux-headers-2.6.8.1-5-k7-smp_2.6.8.1-16.14_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/lin ux-headers-2.6.8.1-5-k7-smp_2.6.8.1-16.14_i386.deb
        Ubuntu linux-headers-2.6.8.1-5-k7_2.6.8.1-16.14_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/lin ux-headers-2.6.8.1-5-k7_2.6.8.1-16.14_i386.deb
        Ubuntu linux-headers-2.6.8.1-5-power3-smp_2.6.8.1-16.14_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/lin ux-headers-2.6.8.1-5-power3-smp_2.6.8.1-16.14_powerpc.deb
        Ubuntu linux-headers-2.6.8.1-5-power3_2.6.8.1-16.14_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/lin ux-headers-2.6.8.1-5-power3_2.6.8.1-16.14_powerpc.deb
        Ubuntu linux-headers-2.6.8.1-5-power4-smp_2.6.8.1-16.14_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/lin ux-headers-2.6.8.1-5-power4-smp_2.6.8.1-16.14_powerpc.deb
        Ubuntu linux-headers-2.6.8.1-5-power4_2.6.8.1-16.14_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/lin ux-headers-2.6.8.1-5-power4_2.6.8.1-16.14_powerpc.deb
        Ubuntu linux-headers-2.6.8.1-5-powerpc-smp_2.6.8.1-16.14_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/lin ux-headers-2.6.8.1-5-powerpc-smp_2.6.8.1-16.14_powerpc.deb
        Ubuntu linux-headers-2.6.8.1-5-powerpc_2.6.8.1-16.14_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/lin ux-headers-2.6.8.1-5-powerpc_2.6.8.1-16.14_powerpc.deb
        Ubuntu linux-headers-2.6.8.1-5_2.6.8.1-16.14_amd64.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/lin ux-headers-2.6.8.1-5_2.6.8.1-16.14_amd64.deb
        Ubuntu linux-headers-2.6.8.1-5_2.6.8.1-16.14_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/lin ux-headers-2.6.8.1-5_2.6.8.1-16.14_i386.deb
        Ubuntu linux-headers-2.6.8.1-5_2.6.8.1-16.14_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/

- 漏洞信息 (F37109)

Ubuntu Security Notice 110-1 (PacketStormID:F37109)
2005-04-18 00:00:00
Ubuntu  ubuntu.com
advisory,denial of service,overflow,arbitrary,kernel,local,root
linux,ubuntu
CVE-2005-0867,CVE-2005-0937
[点击下载]

Ubuntu Security Notice USN-110-1 - Alexander Nyberg discovered an integer overflow in the sysfs_write_file() function. A local attacker could exploit this to crash the kernel or possibly even execute arbitrary code with root privileges by writing to an user-writable file in /sys under certain low-memory conditions. However, there are very few cases where a user-writeable sysfs file actually exists. Olof Johansson discovered a Denial of Service vulnerability in the futex functions, which provide semaphores for exclusive locking of resources. A local attacker could possibly exploit this to cause a kernel deadlock.

===========================================================
Ubuntu Security Notice USN-110-1	     April 11, 2005
linux-source-2.6.8.1 vulnerabilities
CAN-2005-0867, CAN-2005-0937
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

linux-image-2.6.8.1-5-386
linux-image-2.6.8.1-5-686
linux-image-2.6.8.1-5-686-smp
linux-image-2.6.8.1-5-amd64-generic
linux-image-2.6.8.1-5-amd64-k8
linux-image-2.6.8.1-5-amd64-k8-smp
linux-image-2.6.8.1-5-amd64-xeon
linux-image-2.6.8.1-5-k7
linux-image-2.6.8.1-5-k7-smp
linux-image-2.6.8.1-5-power3
linux-image-2.6.8.1-5-power3-smp
linux-image-2.6.8.1-5-power4
linux-image-2.6.8.1-5-power4-smp
linux-image-2.6.8.1-5-powerpc
linux-image-2.6.8.1-5-powerpc-smp
linux-patch-debian-2.6.8.1
linux-source-2.6.8.1

The problem can be corrected by upgrading the affected package to
version 2.6.8.1-16.14. You need to reboot the computer after doing a
standard system upgrade to effect the necessary changes. 

Details follow:

Alexander Nyberg discovered an integer overflow in the
sysfs_write_file() function. A local attacker could exploit this to
crash the kernel or possibly even execute arbitrary code with root
privileges by writing to an user-writable file in /sys under certain
low-memory conditions. However, there are very few cases where a
user-writeable sysfs file actually exists. (CAN-2005-0867)

Olof Johansson discovered a Denial of Service vulnerability in the
futex functions, which provide semaphores for exclusive locking of
resources. A local attacker could possibly exploit this to cause a
kernel deadlock. (CAN-2005-0937)

In addition this update fixes two race conditions in the ext3 and jfs
file system drivers, which could lead to a kernel crash under certain
(unusual) conditions. However, these cannot easily be triggered by
users, thus they are not security sensitive.
(http://linux.bkbits.net:8080/linux-2.5/gnupatch@4248d87aETPJX79hVXl4owAUwu2SmQ,
http://linux.bkbits.net:8080/linux-2.6/cset@1.2181.46.242)

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.14.diff.gz
      Size/MD5:  3144256 0a80b5605fa16e50adf234c833e6bb68
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.14.dsc
      Size/MD5:     2121 6ad2c18460ca29e1a55106beca3c9c14
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1.orig.tar.gz
      Size/MD5: 44728688 79730a3ad4773ba65fab65515369df84

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-doc-2.6.8.1_2.6.8.1-16.14_all.deb
      Size/MD5:  6153992 3e521be7b01ba6eab67a17f81185c822
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-patch-debian-2.6.8.1_2.6.8.1-16.14_all.deb
      Size/MD5:  1500544 b243f0a773dfe2f62eb382ca4d89b9db
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.14_all.deb
      Size/MD5: 36720790 0b958d6a7e89602089cb8581f1f73032
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-tree-2.6.8.1_2.6.8.1-16.14_all.deb
      Size/MD5:   308474 a03542000c2858203be3d89997c4e45c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-generic_2.6.8.1-16.14_amd64.deb
      Size/MD5:   247974 bfbbe4b32ead1dde7a8561665cc5999b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-k8-smp_2.6.8.1-16.14_amd64.deb
      Size/MD5:   243990 3271780d4b3456de3338dffbaca1eb20
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-k8_2.6.8.1-16.14_amd64.deb
      Size/MD5:   247200 e6abe01f3199ec0f27eda709ce002df3
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-xeon_2.6.8.1-16.14_amd64.deb
      Size/MD5:   242362 ed9000e5985839c740e09e0c713ca350
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5_2.6.8.1-16.14_amd64.deb
      Size/MD5:  3179516 b369ff9b759448424a89332ecffd3b9b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-generic_2.6.8.1-16.14_amd64.deb
      Size/MD5: 14352682 2770849b44244c93be0d3db4cffc89bf
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-k8-smp_2.6.8.1-16.14_amd64.deb
      Size/MD5: 14829082 0e724f14e03b9f1eb1423b38a1ee1dae
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-k8_2.6.8.1-16.14_amd64.deb
      Size/MD5: 14862760 b725acf4facfcf8d3c824a84dbfe41c4
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-xeon_2.6.8.1-16.14_amd64.deb
      Size/MD5: 14686348 7ff1ce90107b9bc2e3e8f743e2115347

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-386_2.6.8.1-16.14_i386.deb
      Size/MD5:   277370 4d79f89950fffb6712304f1ace572f3e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-686-smp_2.6.8.1-16.14_i386.deb
      Size/MD5:   272128 288baa96ee39c2b2994068466efc8755
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-686_2.6.8.1-16.14_i386.deb
      Size/MD5:   275436 390c55b2454e5157a6094dd7d6add605
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-k7-smp_2.6.8.1-16.14_i386.deb
      Size/MD5:   272372 a94bcc0a5cd4bdc87b990ff065d9394a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-k7_2.6.8.1-16.14_i386.deb
      Size/MD5:   275300 7b597c48cf7697fe475ffd7270dd612e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5_2.6.8.1-16.14_i386.deb
      Size/MD5:  3220194 42366e9cd8611a887850c780b9f7b7b9
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-386_2.6.8.1-16.14_i386.deb
      Size/MD5: 15495908 98f76b18e2601d1b3d718d48eb7716a0
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-686-smp_2.6.8.1-16.14_i386.deb
      Size/MD5: 16345102 4b51792e685948a89accfee813a56d10
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-686_2.6.8.1-16.14_i386.deb
      Size/MD5: 16514792 9e54885c125f0140c36e99a00db7f299
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-k7-smp_2.6.8.1-16.14_i386.deb
      Size/MD5: 16449194 207a0e4785ac6b1af79d3ba0ecd216ef
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-k7_2.6.8.1-16.14_i386.deb
      Size/MD5: 16574272 ffa3ae15b3c1205b0f67006f4bca32f3

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power3-smp_2.6.8.1-16.14_powerpc.deb
      Size/MD5:   213042 f3cf4d851ce3b9fa5c929797083e83ac
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power3_2.6.8.1-16.14_powerpc.deb
      Size/MD5:   213700 0810291588aeba3c4d050cedbd7a8e9c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power4-smp_2.6.8.1-16.14_powerpc.deb
      Size/MD5:   212772 1ba6740023da09c0850599d639db9f4f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power4_2.6.8.1-16.14_powerpc.deb
      Size/MD5:   213472 df7d310054813452f7e06b6767a20175
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-powerpc-smp_2.6.8.1-16.14_powerpc.deb
      Size/MD5:   213378 974580a5d0f500e6a0beae66abcee54d
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-powerpc_2.6.8.1-16.14_powerpc.deb
      Size/MD5:   215064 67b77b71a38532be19f3f80058c42253
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5_2.6.8.1-16.14_powerpc.deb
      Size/MD5:  3297442 fc97df70b40c69c8490739c938baa1c0
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power3-smp_2.6.8.1-16.14_powerpc.deb
      Size/MD5: 16367876 0c0cbd53006d9ff381c6a8f36df58f26
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power3_2.6.8.1-16.14_powerpc.deb
      Size/MD5: 15942684 3206d593c9a6cce795a2443f685953e8
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power4-smp_2.6.8.1-16.14_powerpc.deb
      Size/MD5: 16356236 3f0320b5c8ffc4c2e71665f9eb55a3be
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power4_2.6.8.1-16.14_powerpc.deb
      Size/MD5: 15928378 872b638ca6204c238ffb7b4d98dc2176
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-powerpc-smp_2.6.8.1-16.14_powerpc.deb
      Size/MD5: 16290272 50a3fa177775e1ec7b82d9579f9e9ffe
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-powerpc_2.6.8.1-16.14_powerpc.deb
      Size/MD5: 15975756 1a2b899c563108c8e2d1a58074ccb145
    

- 漏洞信息

15188
Linux Kernel futex Function Local DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-03-31 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux Kernel Futex Local Deadlock Denial Of Service Vulnerability
Design Error 12959
No Yes
2005-03-31 12:00:00 2009-07-12 11:56:00
The discoverer of this issue is not known.

- 受影响的程序版本

RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Enterprise Linux AS 4
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Linux kernel 2.6.11 .6
Linux kernel 2.6.11 .5
Linux kernel 2.6.11 -rc4
Linux kernel 2.6.11 -rc3
Linux kernel 2.6.11 -rc2
Linux kernel 2.6.11
+ Red Hat Fedora Core4
Linux kernel 2.6.10 rc2
Linux kernel 2.6.10
Linux kernel 2.6.9
Linux kernel 2.6.8 rc3
Linux kernel 2.6.8 rc2
Linux kernel 2.6.8 rc1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.8
Linux kernel 2.6.7 rc1
Linux kernel 2.6.7
Linux kernel 2.6.6 rc1
Linux kernel 2.6.6
Linux kernel 2.6.5
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 2.6.1 -rc2
Linux kernel 2.6.1 -rc1
Linux kernel 2.6.1
Linux kernel 2.6 .10
Linux kernel 2.6 -test9-CVS
Linux kernel 2.6 -test9
Linux kernel 2.6 -test8
Linux kernel 2.6 -test7
Linux kernel 2.6 -test6
Linux kernel 2.6 -test5
Linux kernel 2.6 -test4
Linux kernel 2.6 -test3
Linux kernel 2.6 -test2
Linux kernel 2.6 -test11
Linux kernel 2.6 -test10
Linux kernel 2.6 -test1
Linux kernel 2.6
Linux kernel 2.5.69
Linux kernel 2.5.68
Linux kernel 2.5.67
Linux kernel 2.5.66
Linux kernel 2.5.65
Linux kernel 2.5.64
Linux kernel 2.5.63
Linux kernel 2.5.62
Linux kernel 2.5.61
Linux kernel 2.5.60
Linux kernel 2.5.59
Linux kernel 2.5.58
Linux kernel 2.5.57
Linux kernel 2.5.56
Linux kernel 2.5.55
Linux kernel 2.5.54
Linux kernel 2.5.53
Linux kernel 2.5.52
Linux kernel 2.5.51
Linux kernel 2.5.50
Linux kernel 2.5.49
Linux kernel 2.5.48
Linux kernel 2.5.47
Linux kernel 2.5.46
Linux kernel 2.5.45
Linux kernel 2.5.44
Linux kernel 2.5.43
Linux kernel 2.5.42
Linux kernel 2.5.41
Linux kernel 2.5.40
Linux kernel 2.5.39
Linux kernel 2.5.38
Linux kernel 2.5.37
Linux kernel 2.5.36
Linux kernel 2.5.35
Linux kernel 2.5.34
Linux kernel 2.5.33
Linux kernel 2.5.32
Linux kernel 2.5.31
Linux kernel 2.5.30
Linux kernel 2.5.29
Linux kernel 2.5.28
Linux kernel 2.5.27
Linux kernel 2.5.26
Linux kernel 2.5.25
Linux kernel 2.5.24
Linux kernel 2.5.23
Linux kernel 2.5.22
Linux kernel 2.5.21
Linux kernel 2.5.20
Linux kernel 2.5.19
Linux kernel 2.5.18
Linux kernel 2.5.17
Linux kernel 2.5.16
Linux kernel 2.5.15
Linux kernel 2.5.14
Linux kernel 2.5.13
Linux kernel 2.5.12
Linux kernel 2.5.11
Linux kernel 2.5.10
Linux kernel 2.5.9
Linux kernel 2.5.8
Linux kernel 2.5.7
Linux kernel 2.5.6
Linux kernel 2.5.5
Linux kernel 2.5.4
Linux kernel 2.5.3
Linux kernel 2.5.2
Linux kernel 2.5.1
Linux kernel 2.5 .0

- 漏洞讨论

The Linux kernel futex functions are reported prone to a local denial of service vulnerability. The issue is reported to manifest because several unspecified futex functions perform 'get_user()' calls and at the same time hold mmap_sem for reading purposes.

A local attacker may potentially leverage this issue to trigger a kernel deadlock and potentially deny service for legitimate users.

This vulnerability is reported to exist in the 2.6 Linux kernel tree.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Ubuntu Linux has released an advisory dealing with this issue. Please see the referenced advisory for more information.

Mandriva Linux has released advisory MDKSA-2005:110 addressing this issue. Please see the referenced advisory for further information.

Red Hat has released an updated advisory RHSA-2005:420-24 to address various issues affecting the kernel. Please see the advisory in Web references for more information.


Linux kernel 2.6.8 rc1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站