CVE-2005-2492
CVSS3.6
发布时间 :2005-09-14 15:03:00
修订时间 :2016-11-18 11:50:59
NMCOS    

[原文]The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input.


[CNNVD]Linux Kernel Raw_sendmsg() Kernel内存访问漏洞(CNNVD-200509-129)

        Linux Kernel是开放源码操作系统Linux所使用的内核。
        Linux Kernel的raw_sendmsg()函数中存在漏洞。本地攻击者可以以特制的参数调用这个函数,导致读取kernel内存内容(信息泄漏)或通过读取某些IO端口控制硬件状态。

- CVSS (基础分值)

CVSS分值: 3.6 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-264 [权限、特权与访问控制]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.6.11:rc4Linux Kernel 2.6.11 Release Candidate 4
cpe:/o:linux:linux_kernel:2.6.12:rc1Linux Kernel 2.6.12 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.11:rc3Linux Kernel 2.6.11 Release Candidate 3
cpe:/o:linux:linux_kernel:2.6.12:rc4Linux Kernel 2.6.12 Release Candidate 4
cpe:/o:linux:linux_kernel:2.6.6Linux Kernel 2.6.6
cpe:/o:linux:linux_kernel:2.6.7Linux Kernel 2.6.7
cpe:/o:linux:linux_kernel:2.6.11Linux Kernel 2.6.11
cpe:/o:linux:linux_kernel:2.6.6:rc1Linux Kernel 2.6.6 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.7:rc1Linux Kernel 2.6.7 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.9:2.6.20
cpe:/o:linux:linux_kernel:2.6.8:rc2Linux Kernel 2.6.8 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.0:test5Linux Kernel 2.6 test5
cpe:/o:linux:linux_kernel:2.6.0:test2Linux Kernel 2.6 test2
cpe:/o:linux:linux_kernel:2.6.0:test4Linux Kernel 2.6 test4
cpe:/o:linux:linux_kernel:2.6.11.5Linux Kernel 2.6.11.5
cpe:/o:linux:linux_kernel:2.6.0:test9Linux Kernel 2.6 test9
cpe:/o:linux:linux_kernel:2.6.1:rc2Linux Kernel 2.6.1 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.11.11Linux Kernel 2.6.11.11
cpe:/o:linux:linux_kernel:2.6.4Linux Kernel 2.6.4
cpe:/o:linux:linux_kernel:2.6.0:test6Linux Kernel 2.6 test6
cpe:/o:linux:linux_kernel:2.6.1:rc1Linux Kernel 2.6.1 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.5Linux Kernel 2.6.5
cpe:/o:linux:linux_kernel:2.6.0:test3Linux Kernel 2.6 test3
cpe:/o:linux:linux_kernel:2.6.11.8Linux Kernel 2.6.11.8
cpe:/o:linux:linux_kernel:2.6.0:test8Linux Kernel 2.6 test8
cpe:/o:linux:linux_kernel:2.6.11:rc2Linux Kernel 2.6.11 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.11.6Linux Kernel 2.6.11.6
cpe:/o:linux:linux_kernel:2.6.8Linux Kernel 2.6.8
cpe:/o:linux:linux_kernel:2.6_test9_cvs
cpe:/o:linux:linux_kernel:2.6.11.7Linux Kernel 2.6.11.7
cpe:/o:linux:linux_kernel:2.6.0:test7Linux Kernel 2.6 test7
cpe:/o:linux:linux_kernel:2.6.10:rc2Linux Kernel 2.6.10 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.0:test1Linux Kernel 2.6 test1
cpe:/o:linux:linux_kernel:2.6.0:test11Linux Kernel 2.6 test11
cpe:/o:canonical:ubuntu_linux:4.10Canonical Ubuntu Linux 4.10
cpe:/o:redhat:enterprise_linux:4.0Red Hat Enterprise Linux 4.0
cpe:/o:canonical:ubuntu_linux:5.04Canonical Ubuntu Linux 5.04
cpe:/o:linux:linux_kernel:2.6.0:test10Linux Kernel 2.6 test10
cpe:/o:linux:linux_kernel:2.6.8:rc1Linux Kernel 2.6.8 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.10Linux Kernel 2.6.10
cpe:/o:linux:linux_kernel:2.6.2Linux Kernel 2.6.2
cpe:/o:linux:linux_kernel:2.6.8:rc3Linux Kernel 2.6.8 Release Candidate 3
cpe:/o:linux:linux_kernel:2.6.3Linux Kernel 2.6.3
cpe:/o:linux:linux_kernel:2.6.0Linux Kernel 2.6.0
cpe:/o:linux:linux_kernel:2.6.1Linux Kernel 2.6.1

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11031The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2492
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2492
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200509-129
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=112690609622266&w=2
(UNKNOWN)  TRUSTIX  2005-0049
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.1
(UNKNOWN)  CONFIRM  http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.1
http://www.mandriva.com/security/advisories?name=MDKSA-2005:235
(VENDOR_ADVISORY)  MANDRIVA  MDKSA-2005:235
http://www.redhat.com/support/errata/RHSA-2005-514.html
(UNKNOWN)  REDHAT  RHSA-2005:514
http://www.securityfocus.com/archive/1/archive/1/419522/100/0/threaded
(VENDOR_ADVISORY)  SUSE  SUSE-SA:2005:068
http://www.securityfocus.com/archive/1/archive/1/427980/100/0/threaded
(VENDOR_ADVISORY)  FEDORA  FLSA:157459-3
http://www.securityfocus.com/bid/14787
(VENDOR_ADVISORY)  BID  14787
http://www.ubuntu.com/usn/usn-178-1
(VENDOR_ADVISORY)  UBUNTU  USN-178-1
http://xforce.iss.net/xforce/xfdb/22218
(VENDOR_ADVISORY)  XF  kernel-rawsendmsg-obtain-information(22218)
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166830
(PATCH)  MISC  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166830

- 漏洞信息

Linux Kernel Raw_sendmsg() Kernel内存访问漏洞
低危 设计错误
2005-09-14 00:00:00 2005-10-20 00:00:00
本地  
        Linux Kernel是开放源码操作系统Linux所使用的内核。
        Linux Kernel的raw_sendmsg()函数中存在漏洞。本地攻击者可以以特制的参数调用这个函数,导致读取kernel内存内容(信息泄漏)或通过读取某些IO端口控制硬件状态。

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://www.kernel.org/

- 漏洞信息

19261
Linux Kernel raw_sendmsg() Unspecified Memory Manipulation
Local Access Required Information Disclosure
Loss of Confidentiality, Loss of Availability
Exploit Unknown Vendor Verified

- 漏洞描述

Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by an error in the "raw_sendmsg()" function, which may allow a local unprivileged user to read kernel memory contents to obtain sensitive information or on some architectures cause a denial of service by manipulating hardware state, resulting in a loss of confidentiality and/or availability.

- 时间线

2005-09-09 2005-08-26
Unknow Unknow

- 解决方案

Upgrade to kernel version 2.6.13.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Linux Kernel Raw_sendmsg() Kernel Memory Access Vulnerability
Design Error 14787
No Yes
2005-09-09 12:00:00 2006-05-26 11:13:00
Discovery is credited to Alexander Viro.

- 受影响的程序版本

SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
S.u.S.E. UnitedLinux 1.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Enterprise Linux AS 4
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Linux kernel 2.6.11
+ Red Hat Fedora Core4
Linux kernel 2.6.10
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
+ Trustix Secure Linux 3.0
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
Linux kernel 2.6.9
Conectiva Linux 10.0

- 漏洞讨论

Linux Kernel is prone to a kernel memory-access vulnerability.

This issue affects the 'raw_sendmsg()' function and can allow a local attacker to access kernel memory or manipulate the hardware state due to unauthorized access to I/O ports.

Linux kernel 2.6.10 is reportedly vulnerable, but other versions are likely to be affected as well.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

Please see the referenced advisories for further information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com


Linux kernel 2.6.10

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站