CVE-2005-1036
CVSS7.2
发布时间 :2005-05-02 00:00:00
修订时间 :2008-09-05 16:48:02
NMCOS    

[原文]FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges.


[CNNVD]FreeBSD Kernel AMD64非特权硬件访问漏洞(CNNVD-200505-170)

        FreeBSD就是一种运行在Intel平台上,可以自由使用的Unix系统。
        AMD64架构有两种允许进程访问硬件的机制:Kernel代码由于其提升的权限级别可以直接访问硬件,而用户代码可以访问由位图确定的硬件子集。由于确定非特权进程可以访问哪些硬件的位图没有正确的初始化,amd64系统上的非特权用户可以直接访问某些硬件,导致拒绝服务,泄漏敏感信息,或权限提升。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:freebsd:freebsd:5.1FreeBSD 5.1
cpe:/o:freebsd:freebsd:5.4FreeBSD 5.4
cpe:/o:freebsd:freebsd:5.2.1FreeBSD 5.2.1
cpe:/o:freebsd:freebsd:5.3FreeBSD 5.3
cpe:/o:freebsd:freebsd:5.0FreeBSD 5.0
cpe:/o:freebsd:freebsd:5.2FreeBSD 5.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1036
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1036
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-170
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:03.amd64.asc
(UNKNOWN)  FREEBSD  FreeBSD-SA-05:03

- 漏洞信息

FreeBSD Kernel AMD64非特权硬件访问漏洞
高危 访问验证错误
2005-05-02 00:00:00 2005-10-20 00:00:00
本地  
        FreeBSD就是一种运行在Intel平台上,可以自由使用的Unix系统。
        AMD64架构有两种允许进程访问硬件的机制:Kernel代码由于其提升的权限级别可以直接访问硬件,而用户代码可以访问由位图确定的硬件子集。由于确定非特权进程可以访问哪些硬件的位图没有正确的初始化,amd64系统上的非特权用户可以直接访问某些硬件,导致拒绝服务,泄漏敏感信息,或权限提升。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:03.amd64.asc" target="_blank"

- 漏洞信息

15288
FreeBSD amd64 Direct Hardware Access Privilege Escalation
Local Access Required Other
Loss of Confidentiality

- 漏洞描述

FreeBSD amd64 contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is caused by an incorrect initialization of bitmap used for determinatig the hardware access of unprivileged processes. This flaw may lead to a loss of confidentitaliy.

- 时间线

2005-04-06 Unknow
Unknow Unknow

- 解决方案

Upgrade to 5-STABLE or to the RELENG_5_3 security branch dated after the correction date. Alternatively, apply the patches proposed by the FreeBSD Project.

- 相关参考

- 漏洞作者

- 漏洞信息

FreeBSD Kernel AMD64 Unprivileged Hardware Access Vulnerability
Access Validation Error 13021
No Yes
2005-04-06 12:00:00 2009-07-12 11:56:00
The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor reported this issue.

- 受影响的程序版本

FreeBSD FreeBSD 5.4 -PRERELEASE
FreeBSD FreeBSD 5.3 -STABLE
FreeBSD FreeBSD 5.3 -RELENG
FreeBSD FreeBSD 5.3 -RELEASE
FreeBSD FreeBSD 5.3
FreeBSD FreeBSD 5.2.1 -RELEASE
FreeBSD FreeBSD 5.2 -RELENG
FreeBSD FreeBSD 5.2 -RELEASE
FreeBSD FreeBSD 5.2
FreeBSD FreeBSD 5.1 -RELENG
FreeBSD FreeBSD 5.1 -RELEASE/Alpha
FreeBSD FreeBSD 5.1 -RELEASE-p5
FreeBSD FreeBSD 5.1 -RELEASE
FreeBSD FreeBSD 5.1
FreeBSD FreeBSD 5.0 -RELENG
FreeBSD FreeBSD 5.0 -RELEASE-p14
FreeBSD FreeBSD 5.0 alpha
FreeBSD FreeBSD 5.0
FreeBSD FreeBSD 4.11 -STABLE
FreeBSD FreeBSD 4.10 -RELENG
FreeBSD FreeBSD 4.10 -RELEASE
FreeBSD FreeBSD 4.10
FreeBSD FreeBSD 4.9 -RELENG
FreeBSD FreeBSD 4.9 -PRERELEASE
FreeBSD FreeBSD 4.9
FreeBSD FreeBSD 4.8 -RELENG
FreeBSD FreeBSD 4.8 -RELEASE-p7
FreeBSD FreeBSD 4.8 -PRERELEASE
FreeBSD FreeBSD 4.8
FreeBSD FreeBSD 4.7 -STABLE
FreeBSD FreeBSD 4.7 -RELENG
FreeBSD FreeBSD 4.7 -RELEASE-p17
FreeBSD FreeBSD 4.7 -RELEASE
FreeBSD FreeBSD 4.7
FreeBSD FreeBSD 4.6.2
FreeBSD FreeBSD 4.6 -STABLE
FreeBSD FreeBSD 4.6 -RELENG
FreeBSD FreeBSD 4.6 -RELEASE-p20
FreeBSD FreeBSD 4.6 -RELEASE
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07
FreeBSD FreeBSD 4.5 -STABLE
FreeBSD FreeBSD 4.5 -RELENG
FreeBSD FreeBSD 4.5 -RELEASE-p32
FreeBSD FreeBSD 4.5 -RELEASE
FreeBSD FreeBSD 4.5
FreeBSD FreeBSD 4.4 -STABLE
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELEASE-p42
FreeBSD FreeBSD 4.4
FreeBSD FreeBSD 4.3 -STABLE
FreeBSD FreeBSD 4.3 -RELENG
FreeBSD FreeBSD 4.3 -RELEASE-p38
FreeBSD FreeBSD 4.3 -RELEASE
FreeBSD FreeBSD 4.3
FreeBSD FreeBSD 4.2 -STABLEpre122300
FreeBSD FreeBSD 4.2 -STABLEpre050201
FreeBSD FreeBSD 4.2 -STABLE
FreeBSD FreeBSD 4.2 -RELEASE
FreeBSD FreeBSD 4.2
FreeBSD FreeBSD 4.1.1 -STABLE
FreeBSD FreeBSD 4.1.1 -RELEASE
FreeBSD FreeBSD 4.1.1
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 4.0 .x
FreeBSD FreeBSD 4.0 -RELENG
FreeBSD FreeBSD 4.0 alpha
FreeBSD FreeBSD 4.0
FreeBSD FreeBSD 5.4 -RELEASE

- 不受影响的程序版本

FreeBSD FreeBSD 5.4 -RELEASE

- 漏洞讨论

An unprivileged hardware access vulnerability affects the FreeBSD kernel. This issue is due to a failure of the affected kernel to properly implement access restriction on hardware.

An attacker may leverage this issue to gain direct access to hardware devices on an affected computer. This may facilitate denial of service attacks, disclosure of sensitive information, and potentially privilege escalation.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

FreeBSD has released advisory FreeBSD-SA-05:03 along with a patch dealing with this issue. Please see the referenced advisory for more information.


FreeBSD FreeBSD 5.3

FreeBSD FreeBSD 5.3 -RELENG

FreeBSD FreeBSD 5.3 -STABLE

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站