CVE-2005-2708
CVSS2.1
发布时间 :2005-10-25 14:02:00
修订时间 :2010-11-12 00:00:00
NMCOS    

[原文]The search_binary_handler function in exec.c in Linux 2.4 kernel on 64-bit x86 architectures does not check a return code for a particular function call when virtual memory is low, which allows local users to cause a denial of service (panic), as demonstrated by running a process using the bash ulimit -v command.


[CNNVD]Linux Kernel SEARCH_BINARY_HANDLER本地拒绝服务漏洞(CNNVD-200510-205)

        Linux Kernel是开放源码操作系统Linux所使用的内核。
        64-bit x86架构上Linux 2.4 kernel的exec.c中的search_binary_handler函数在虚拟内存低时不能校验特定函数调用的返回代码,可以使本地用户引起拒绝服务(panic), 比如使用bash ulimit -v命令运行进程。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-399 [资源管理错误]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.4.1Linux Kernel 2.4.1
cpe:/o:linux:linux_kernel:2.4.17Linux Kernel 2.4.17
cpe:/o:linux:linux_kernel:2.4.14Linux Kernel 2.4.14
cpe:/o:linux:linux_kernel:2.4.27Linux Kernel 2.4.27
cpe:/o:linux:linux_kernel:2.4.10Linux Kernel 2.4.10
cpe:/o:linux:linux_kernel:2.4.18:pre5Linux Kernel 2.4.18 pre5
cpe:/o:linux:linux_kernel:2.4.28Linux Kernel 2.4.28
cpe:/o:linux:linux_kernel:2.4.24_ow1
cpe:/o:linux:linux_kernel:2.4.0:test3Linux Kernel 2.4.0 test3
cpe:/o:linux:linux_kernel:2.4.23:pre9Linux Kernel 2.4.23 pre9
cpe:/o:linux:linux_kernel:2.4.29:rc1Linux Kernel 2.4.29 rc1
cpe:/o:linux:linux_kernel:2.4.0:test7Linux Kernel 2.4.0 test7
cpe:/o:linux:linux_kernel:2.4.19:pre6Linux Kernel 2.4.19 pre6
cpe:/o:linux:linux_kernel:2.4.21:pre1Linux Kernel 2.4.21 pre1
cpe:/o:linux:linux_kernel:2.4.27:pre3Linux Kernel 2.4.27 pre3
cpe:/o:linux:linux_kernel:2.4.18:pre3Linux Kernel 2.4.18 pre3
cpe:/o:linux:linux_kernel:2.4.32:pre1Linux Kernel 2.4.32 pre1
cpe:/o:linux:linux_kernel:2.4.5Linux Kernel 2.4.5
cpe:/o:linux:linux_kernel:2.4.19:pre2Linux Kernel 2.4.19 pre2
cpe:/o:linux:linux_kernel:2.4.29:rc2Linux Kernel 2.4.29 rc2
cpe:/o:linux:linux_kernel:2.4.32Linux Kernel 2.4.32
cpe:/o:linux:linux_kernel:2.4.12Linux Kernel 2.4.12
cpe:/o:linux:linux_kernel:2.4.18::x86
cpe:/o:linux:linux_kernel:2.4.0:test8Linux Kernel 2.4.0 test8
cpe:/o:linux:linux_kernel:2.4.0:test9Linux Kernel 2.4.0 test9
cpe:/o:linux:linux_kernel:2.4.18:pre7Linux Kernel 2.4.18 pre7
cpe:/o:linux:linux_kernel:2.4.19:pre3Linux Kernel 2.4.19 pre3
cpe:/o:linux:linux_kernel:2.4.23_ow2
cpe:/o:linux:linux_kernel:2.4.2Linux Kernel 2.4.2
cpe:/o:linux:linux_kernel:2.4.3Linux Kernel 2.4.3
cpe:/o:linux:linux_kernel:2.4.0:test11Linux Kernel 2.4.0 test11
cpe:/o:linux:linux_kernel:2.4.27:pre1Linux Kernel 2.4.27 pre1
cpe:/o:linux:linux_kernel:2.4.16Linux Kernel 2.4.16
cpe:/o:linux:linux_kernel:2.4.6Linux Kernel 2.4.6
cpe:/o:linux:linux_kernel:2.4.30:rc2Linux Kernel 2.4.30 rc2
cpe:/o:linux:linux_kernel:2.4.0:test10Linux Kernel 2.4.0 test10
cpe:/o:linux:linux_kernel:2.4.23Linux Kernel 2.4.23
cpe:/o:linux:linux_kernel:2.4.30Linux Kernel 2.4.30
cpe:/o:linux:linux_kernel:2.4.24Linux Kernel 2.4.24
cpe:/o:linux:linux_kernel:2.4.7Linux Kernel 2.4.7
cpe:/o:linux:linux_kernel:2.4.0:test1Linux Kernel 2.4.0 test1
cpe:/o:linux:linux_kernel:2.4.27:pre2Linux Kernel 2.4.27 pre2
cpe:/o:linux:linux_kernel:2.4.18:pre4Linux Kernel 2.4.18 pre4
cpe:/o:linux:linux_kernel:2.4.11Linux Kernel 2.4.11
cpe:/o:linux:linux_kernel:2.4.4Linux Kernel 2.4.4
cpe:/o:linux:linux_kernel:2.4.13Linux Kernel 2.4.13
cpe:/o:linux:linux_kernel:2.4.0:test12Linux Kernel 2.4.0 test12
cpe:/o:linux:linux_kernel:2.4.18:pre8Linux Kernel 2.4.18 pre8
cpe:/o:linux:linux_kernel:2.4.0:test2Linux Kernel 2.4.0 test2
cpe:/o:linux:linux_kernel:2.4.19Linux Kernel 2.4.19
cpe:/o:linux:linux_kernel:2.4.18:pre1Linux Kernel 2.4.18 pre1
cpe:/o:linux:linux_kernel:2.4.32:pre2Linux Kernel 2.4.32 pre2
cpe:/o:linux:linux_kernel:2.4.18:pre6Linux Kernel 2.4.18 pre6
cpe:/o:linux:linux_kernel:2.4.9Linux Kernel 2.4.9
cpe:/o:linux:linux_kernel:2.4.21:pre4Linux Kernel 2.4.21 pre4
cpe:/o:linux:linux_kernel:2.4.8Linux Kernel 2.4.8
cpe:/o:linux:linux_kernel:2.4.18Linux Kernel 2.4.18
cpe:/o:linux:linux_kernel:2.4.19:pre4Linux Kernel 2.4.19 pre4
cpe:/o:linux:linux_kernel:2.4.20Linux Kernel 2.4.20
cpe:/o:linux:linux_kernel:2.4.27:pre4Linux Kernel 2.4.27 pre4
cpe:/o:linux:linux_kernel:2.4.0:test4Linux Kernel 2.4.0 test4
cpe:/o:linux:linux_kernel:2.4.0:test5Linux Kernel 2.4.0 test5
cpe:/o:linux:linux_kernel:2.4.27:pre5Linux Kernel 2.4.27 pre5
cpe:/o:linux:linux_kernel:2.4.21:pre7Linux Kernel 2.4.21 pre7
cpe:/o:linux:linux_kernel:2.4.19:pre1Linux Kernel 2.4.19 pre1
cpe:/o:linux:linux_kernel:2.4.18:pre2Linux Kernel 2.4.18 pre2
cpe:/o:linux:linux_kernel:2.4.22Linux Kernel 2.4.22
cpe:/o:linux:linux_kernel:2.4.31:pre1Linux Kernel 2.4.31 pre1
cpe:/o:linux:linux_kernel:2.4.26Linux Kernel 2.4.26
cpe:/o:linux:linux_kernel:2.4.30:rc3Linux Kernel 2.4.30 rc3
cpe:/o:linux:linux_kernel:2.4.19:pre5Linux Kernel 2.4.19 pre5
cpe:/o:linux:linux_kernel:2.4.21Linux Kernel 2.4.21
cpe:/o:linux:linux_kernel:2.4.0:test6Linux Kernel 2.4.0 test6
cpe:/o:linux:linux_kernel:2.4.29Linux Kernel 2.4.29
cpe:/o:linux:linux_kernel:2.4.31Linux Kernel 2.4.31
cpe:/o:linux:linux_kernel:2.4.25Linux Kernel 2.4.25
cpe:/o:linux:linux_kernel:2.4.15Linux Kernel 2.4.15
cpe:/o:linux:linux_kernel:2.4.0Linux Kernel 2.4.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10649The search_binary_handler function in exec.c in Linux 2.4 kernel on 64-bit x86 architectures does not check a return code for a particular f...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2708
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2708
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200510-205
(官方数据源) CNNVD

- 其它链接及资源

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161925
(VENDOR_ADVISORY)  CONFIRM  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161925
http://www.securityfocus.com/bid/16320
(UNKNOWN)  BID  16320
http://www.securityfocus.com/archive/1/archive/1/428058/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:157459-2
http://www.securityfocus.com/archive/1/archive/1/428028/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:157459-1
http://www.redhat.com/support/errata/RHSA-2006-0190.html
(UNKNOWN)  REDHAT  RHSA-2006:0190
http://www.redhat.com/support/errata/RHSA-2006-0140.html
(UNKNOWN)  REDHAT  RHSA-2006:0140
http://secunia.com/advisories/18684
(VENDOR_ADVISORY)  SECUNIA  18684
http://secunia.com/advisories/18562
(VENDOR_ADVISORY)  SECUNIA  18562
http://secunia.com/advisories/18523
(VENDOR_ADVISORY)  SECUNIA  18523

- 漏洞信息

Linux Kernel SEARCH_BINARY_HANDLER本地拒绝服务漏洞
低危 设计错误
2005-10-25 00:00:00 2006-06-13 00:00:00
本地  
        Linux Kernel是开放源码操作系统Linux所使用的内核。
        64-bit x86架构上Linux 2.4 kernel的exec.c中的search_binary_handler函数在虚拟内存低时不能校验特定函数调用的返回代码,可以使本地用户引起拒绝服务(panic), 比如使用bash ulimit -v命令运行进程。

- 公告与补丁

        暂无数据

- 漏洞信息

22668
Linux Kernel search_binary_handler() Function Local DoS
Denial of Service
Loss of Availability
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-06-28 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux Kernel SEARCH_BINARY_HANDLER Local Denial of Service Vulnerability
Design Error 16320
No Yes
2005-06-28 12:00:00 2006-11-13 08:16:00
Reported by blossom.

- 受影响的程序版本

Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
Linux kernel 2.4.32 -pre2
Linux kernel 2.4.32 -pre1
Linux kernel 2.4.32
Linux kernel 2.4.31 -pre1
Linux kernel 2.4.31
Linux kernel 2.4.30 rc3
Linux kernel 2.4.30 rc2
Linux kernel 2.4.30
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
Linux kernel 2.4.29 -rc2
Linux kernel 2.4.29 -rc1
Linux kernel 2.4.29
Linux kernel 2.4.28
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Linux kernel 2.4.27 -pre5
Linux kernel 2.4.27 -pre4
Linux kernel 2.4.27 -pre3
Linux kernel 2.4.27 -pre2
Linux kernel 2.4.27 -pre1
Linux kernel 2.4.27
Linux kernel 2.4.26
Linux kernel 2.4.25
Linux kernel 2.4.24 -ow1
Linux kernel 2.4.24
Linux kernel 2.4.23 -pre9
Linux kernel 2.4.23 -ow2
Linux kernel 2.4.23
+ Trustix Secure Linux 2.0
Linux kernel 2.4.22
+ Devil-Linux Devil-Linux 1.0.5
+ Devil-Linux Devil-Linux 1.0.4
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Red Hat Fedora Core1
+ Slackware Linux 9.1
Linux kernel 2.4.21 pre7
Linux kernel 2.4.21 pre4
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
Linux kernel 2.4.21 pre1
Linux kernel 2.4.21
+ Conectiva Linux 9.0
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ SuSE SUSE Linux Enterprise Server 8
Linux kernel 2.4.20
+ CRUX CRUX Linux 1.0
+ Gentoo Linux 1.4
+ Gentoo Linux 1.2
+ RedHat Linux 9.0 i386
+ Slackware Linux 9.0
+ WOLK WOLK 4.4 s
Linux kernel 2.4.19 -pre6
Linux kernel 2.4.19 -pre5
Linux kernel 2.4.19 -pre4
Linux kernel 2.4.19 -pre3
Linux kernel 2.4.19 -pre2
Linux kernel 2.4.19 -pre1
Linux kernel 2.4.19
+ Conectiva Linux 8.0
+ Conectiva Linux Enterprise Edition 1.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux 8.1
+ Slackware Linux -current
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7
Linux kernel 2.4.18 pre-8
Linux kernel 2.4.18 pre-7
Linux kernel 2.4.18 pre-6
Linux kernel 2.4.18 pre-5
Linux kernel 2.4.18 pre-4
Linux kernel 2.4.18 pre-3
Linux kernel 2.4.18 pre-2
Linux kernel 2.4.18 pre-1
Linux kernel 2.4.18 x86
+ Debian Linux 3.0 ia-32
Linux kernel 2.4.18
+ Astaro Security Linux 2.0 23
+ Astaro Security Linux 2.0 16
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
+ Red Hat Enterprise Linux AS 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Linux 8.0
+ RedHat Linux 7.3
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. Linux Office Server
+ S.u.S.E. Linux Openexchange Server
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. SuSE eMail Server 3.1
+ S.u.S.E. SuSE eMail Server III
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
Linux kernel 2.4.17
Linux kernel 2.4.16
+ Sun Cobalt RaQ 550
Linux kernel 2.4.15
Linux kernel 2.4.14
Linux kernel 2.4.13
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
Linux kernel 2.4.12
+ Conectiva Linux 7.0
Linux kernel 2.4.11
Linux kernel 2.4.10
+ S.u.S.E. Linux 7.3
Linux kernel 2.4.9
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0
Linux kernel 2.4.8
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.7
+ RedHat Linux 7.2
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
Linux kernel 2.4.6
Linux kernel 2.4.5
+ Slackware Linux 8.0
Linux kernel 2.4.4
+ S.u.S.E. Linux 7.2
Linux kernel 2.4.3
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.2
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
Linux kernel 2.4.1
Linux kernel 2.4 .0-test9
Linux kernel 2.4 .0-test8
Linux kernel 2.4 .0-test7
Linux kernel 2.4 .0-test6
Linux kernel 2.4 .0-test5
Linux kernel 2.4 .0-test4
Linux kernel 2.4 .0-test3
Linux kernel 2.4 .0-test2
Linux kernel 2.4 .0-test12
Linux kernel 2.4 .0-test11
Linux kernel 2.4 .0-test10
Linux kernel 2.4 .0-test1
Linux kernel 2.4
Linux kernel 2.4.33 -pre1

- 不受影响的程序版本

Linux kernel 2.4.33 -pre1

- 漏洞讨论

Linux kernel is susceptible to a local denial-of-service vulnerability.

This issue presents itself in the 'search_binary_handler' function of 'exec.c'.

This issue allows local users to crash the kernel due to a panic, denying service to legitimate users.

Linux kernel 2.4 versions on 64-bit x86 architectures prior to 2.4.33-pre1 are affected.

- 漏洞利用

A proof of concept is available at the following location:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161925

- 解决方案


The vendor has released kernel version 2.4.33-pre1 to address this issue.

Please see the referenced advisories for more information:

- Red Hat has released advisory RHSA-2006:0140-9 to address various issues in Red Hat Enterprise Linux 3.
- Red Hat has released advisory RHSA-2006:0190-5 to address this and other issues.


Linux kernel 2.4.27

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站