CVE-2005-1763
CVSS7.2
发布时间 :2005-06-09 00:00:00
修订时间 :2010-08-21 00:29:33
NMCOS    

[原文]Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write bytes into kernel memory.


[CNNVD]Linux Kernel 内存访问漏洞(CNNVD-200506-062)

        Linux Kernel是Linux操作系统所使用的内核。
        x86-64 ptrace代码中的溢出漏洞允许本地用户向他们正常情况下不可访问的Jernel内存页面写入一些字节。这个漏洞仅存在于64位平台上。
        有关这一漏洞的更多细节目前不详。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:suse:suse_linux:8::enterprise_server
cpe:/o:novell:linux_desktop:9Novell Linux Desktop 9
cpe:/o:suse:suse_linux:9.0::enterprise_server
cpe:/o:suse:suse_linux:1.0::desktop

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10182Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write bytes into kernel memory.
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1763
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1763
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200506-062
(官方数据源) CNNVD

- 其它链接及资源

http://www.novell.com/linux/security/advisories/2005_29_kernel.html
(VENDOR_ADVISORY)  SUSE  SUSE-SA:2005:029
http://www.securityfocus.com/bid/13903
(UNKNOWN)  BID  13903
http://www.securityfocus.com/archive/1/archive/1/427980/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:157459-3
http://www.redhat.com/support/errata/RHSA-2005-514.html
(UNKNOWN)  REDHAT  RHSA-2005:514
http://www.debian.org/security/2005/dsa-922
(UNKNOWN)  DEBIAN  DSA-922
http://secunia.com/advisories/18056
(UNKNOWN)  SECUNIA  18056
http://secunia.com/advisories/17073
(UNKNOWN)  SECUNIA  17073

- 漏洞信息

Linux Kernel 内存访问漏洞
高危 缓冲区溢出
2005-06-09 00:00:00 2005-10-20 00:00:00
本地  
        Linux Kernel是Linux操作系统所使用的内核。
        x86-64 ptrace代码中的溢出漏洞允许本地用户向他们正常情况下不可访问的Jernel内存页面写入一些字节。这个漏洞仅存在于64位平台上。
        有关这一漏洞的更多细节目前不详。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.novell.com/linux/security/advisories/2005_29_kernel.html

- 漏洞信息

17546
Linux Kernel on 64Bit ptrace Function Local Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-06-09 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux Kernel 64 Bit PTrace Kernel Memory Access Vulnerability
Boundary Condition Error 13903
No Yes
2005-06-09 12:00:00 2007-03-02 07:35:00
This issue was reported by SUSE.

- 受影响的程序版本

S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Enterprise Server 9
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Enterprise Linux AS 4
Linux kernel 2.6.11
+ Red Hat Fedora Core4
Linux kernel 2.6.8
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.5
+ S.u.S.E. Linux Enterprise Server 9
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1

- 漏洞讨论

The Linux kernel is prone to a vulnerability that may allow local attackers to write into kernel memory pages. This issue occurs only on 64-bit platforms.

The specific details about this vulnerability are currently unknown.

This BID will be updated when more information is available.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.

- 解决方案

Please see the referenced advisories for more information.


Linux kernel 2.6.11

Linux kernel 2.6.8

S.u.S.E. Linux Personal 9.3 x86_64

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站