发布时间 :2005-09-14 15:03:00
修订时间 :2017-10-10 21:30:17

[原文]The raw_sendmsg function in the Linux kernel 2.6 before allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input.

[CNNVD]Linux Kernel Raw_sendmsg() Kernel内存访问漏洞(CNNVD-200509-129)

        Linux Kernel是开放源码操作系统Linux所使用的内核。
        Linux Kernel的raw_sendmsg()函数中存在漏洞。本地攻击者可以以特制的参数调用这个函数,导致读取kernel内存内容(信息泄漏)或通过读取某些IO端口控制硬件状态。

- CVSS (基础分值)

CVSS分值: 3.6 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-264 [权限、特权与访问控制]

- CPE (受影响的平台与产品)

cpe:/o:canonical:ubuntu_linux:4.10Canonical Ubuntu Linux 4.10
cpe:/o:canonical:ubuntu_linux:5.04Canonical Ubuntu Linux 5.04
cpe:/o:linux:linux_kernel:2.6.0Linux Kernel 2.6.0
cpe:/o:linux:linux_kernel:2.6.0:test1Linux Kernel 2.6 test1
cpe:/o:linux:linux_kernel:2.6.0:test10Linux Kernel 2.6 test10
cpe:/o:linux:linux_kernel:2.6.0:test11Linux Kernel 2.6 test11
cpe:/o:linux:linux_kernel:2.6.0:test2Linux Kernel 2.6 test2
cpe:/o:linux:linux_kernel:2.6.0:test3Linux Kernel 2.6 test3
cpe:/o:linux:linux_kernel:2.6.0:test4Linux Kernel 2.6 test4
cpe:/o:linux:linux_kernel:2.6.0:test5Linux Kernel 2.6 test5
cpe:/o:linux:linux_kernel:2.6.0:test6Linux Kernel 2.6 test6
cpe:/o:linux:linux_kernel:2.6.0:test7Linux Kernel 2.6 test7
cpe:/o:linux:linux_kernel:2.6.0:test8Linux Kernel 2.6 test8
cpe:/o:linux:linux_kernel:2.6.0:test9Linux Kernel 2.6 test9
cpe:/o:linux:linux_kernel:2.6.1Linux Kernel 2.6.1
cpe:/o:linux:linux_kernel:2.6.1:rc1Linux Kernel 2.6.1 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.1:rc2Linux Kernel 2.6.1 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.2Linux Kernel 2.6.2
cpe:/o:linux:linux_kernel:2.6.3Linux Kernel 2.6.3
cpe:/o:linux:linux_kernel:2.6.4Linux Kernel 2.6.4
cpe:/o:linux:linux_kernel:2.6.5Linux Kernel 2.6.5
cpe:/o:linux:linux_kernel:2.6.6Linux Kernel 2.6.6
cpe:/o:linux:linux_kernel:2.6.6:rc1Linux Kernel 2.6.6 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.7Linux Kernel 2.6.7
cpe:/o:linux:linux_kernel:2.6.7:rc1Linux Kernel 2.6.7 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.8Linux Kernel 2.6.8
cpe:/o:linux:linux_kernel:2.6.8:rc1Linux Kernel 2.6.8 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.8:rc2Linux Kernel 2.6.8 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.8:rc3Linux Kernel 2.6.8 Release Candidate 3
cpe:/o:linux:linux_kernel:2.6.10Linux Kernel 2.6.10
cpe:/o:linux:linux_kernel:2.6.10:rc2Linux Kernel 2.6.10 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.11Linux Kernel 2.6.11
cpe:/o:linux:linux_kernel:2.6.11:rc2Linux Kernel 2.6.11 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.11:rc3Linux Kernel 2.6.11 Release Candidate 3
cpe:/o:linux:linux_kernel:2.6.11:rc4Linux Kernel 2.6.11 Release Candidate 4
cpe:/o:linux:linux_kernel: Kernel
cpe:/o:linux:linux_kernel: Kernel
cpe:/o:linux:linux_kernel: Kernel
cpe:/o:linux:linux_kernel: Kernel
cpe:/o:linux:linux_kernel: Kernel
cpe:/o:linux:linux_kernel:2.6.12:rc1Linux Kernel 2.6.12 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.12:rc4Linux Kernel 2.6.12 Release Candidate 4
cpe:/o:redhat:enterprise_linux:4.0Red Hat Enterprise Linux 4.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11031The raw_sendmsg function in the Linux kernel 2.6 before allows local users to cause a denial of service (change hardware state) or ...

- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  TRUSTIX  2005-0049
(UNKNOWN)  XF  kernel-rawsendmsg-obtain-information(22218)

- 漏洞信息

Linux Kernel Raw_sendmsg() Kernel内存访问漏洞
低危 设计错误
2005-09-14 00:00:00 2005-10-20 00:00:00
        Linux Kernel是开放源码操作系统Linux所使用的内核。
        Linux Kernel的raw_sendmsg()函数中存在漏洞。本地攻击者可以以特制的参数调用这个函数,导致读取kernel内存内容(信息泄漏)或通过读取某些IO端口控制硬件状态。

- 公告与补丁


- 漏洞信息

Linux Kernel raw_sendmsg() Unspecified Memory Manipulation
Local Access Required Information Disclosure
Loss of Confidentiality, Loss of Availability
Exploit Unknown Vendor Verified

- 漏洞描述

Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by an error in the "raw_sendmsg()" function, which may allow a local unprivileged user to read kernel memory contents to obtain sensitive information or on some architectures cause a denial of service by manipulating hardware state, resulting in a loss of confidentiality and/or availability.

- 时间线

2005-09-09 2005-08-26
Unknow Unknow

- 解决方案

Upgrade to kernel version or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Linux Kernel Raw_sendmsg() Kernel Memory Access Vulnerability
Design Error 14787
No Yes
2005-09-09 12:00:00 2006-05-26 11:13:00
Discovery is credited to Alexander Viro.

- 受影响的程序版本

SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
S.u.S.E. UnitedLinux 1.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Enterprise Linux AS 4
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Linux kernel 2.6.11
+ Red Hat Fedora Core4
Linux kernel 2.6.10
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
+ Trustix Secure Linux 3.0
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
Linux kernel 2.6.9
Conectiva Linux 10.0

- 漏洞讨论

Linux Kernel is prone to a kernel memory-access vulnerability.

This issue affects the 'raw_sendmsg()' function and can allow a local attacker to access kernel memory or manipulate the hardware state due to unauthorized access to I/O ports.

Linux kernel 2.6.10 is reportedly vulnerable, but other versions are likely to be affected as well.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at:

- 解决方案

Please see the referenced advisories for further information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at:

Linux kernel 2.6.10

- 相关参考