CVE-2005-4881
CVSS4.9
发布时间 :2009-10-19 16:00:00
修订时间 :2012-03-19 00:00:00
NMCO    

[原文]The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the (1) tc_fill_qdisc, (2) tcf_fill_node, (3) neightbl_fill_info, (4) neightbl_fill_param_info, (5) neigh_fill_info, (6) rtnetlink_fill_ifinfo, (7) rtnetlink_fill_iwinfo, (8) vif_delete, (9) ipmr_destroy_unres, (10) ipmr_cache_alloc_unres, (11) ipmr_cache_resolve, (12) inet6_fill_ifinfo, (13) tca_get_fill, (14) tca_action_flush, (15) tcf_add_notify, (16) tc_dump_action, (17) cbq_dump_police, (18) __nlmsg_put, (19) __rta_fill, (20) __rta_reserve, (21) inet6_fill_prefix, (22) rsvp_dump, and (23) cbq_dump_ovl functions.


[CNNVD]linux kernel 填充字段未初始化 内存敏感信息泄露漏洞(CNNVD-200910-262)

        Linux kernel 2.4.37.6版本之前的2.4.x版本以及2.6.13-rc1版本之前的2.6.x版本中的netlink子系统没有初始化某些结构中的填充字段,这可能会允许本地用户可以借助未明向量,获得内核内存中的敏感信息。这些向量与(1)tc_fill_qdisc,(2)tcf_fill_node,(3)neightbl_fill_info,(4)neightbl_fill_param_info,(5) neigh_fill_info,(6)rtnetlink_fill_ifinfo,(7)rtnetlink_fill_iwinfo,(8)vif_delete,(9)ipmr_destroy_unres,(10)ipmr_cache_alloc_unres,(11)ipmr_cache_resolve,(12)inet6_fill_ifinfo,(13)tca_get_fill,(14)tca_action_flush,(15)tcf_add_notify,(16)tc_dump_action,(17)cbq_dump_police,(18)__nlmsg_put,(19) __rta_fill,(20)__rta_reserve,(21)inet6_fill_prefix,(22)rsvp_dump,以及(23)cbq_dump_ovl函数相关。

- CVSS (基础分值)

CVSS分值: 4.9 [中等(MEDIUM)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-200 [信息暴露]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.6.12.2Linux Kernel 2.6.12.2
cpe:/o:linux:linux_kernel:2.6.1Linux Kernel 2.6.1
cpe:/o:linux:linux_kernel:2.4.27::-pre5
cpe:/o:linux:linux_kernel:2.4.1Linux Kernel 2.4.1
cpe:/o:linux:linux_kernel:2.4.35.5
cpe:/o:linux:linux_kernel:2.4.17Linux Kernel 2.4.17
cpe:/o:linux:linux_kernel:2.4.34.1Linux Kernel 2.4.34.1
cpe:/o:linux:linux_kernel:2.4.34.5
cpe:/o:linux:linux_kernel:2.4.14Linux Kernel 2.4.14
cpe:/o:linux:linux_kernel:2.4.33.4Linux Kernel 2.4.33.4
cpe:/o:linux:linux_kernel:2.4.36.4
cpe:/o:linux:linux_kernel:2.4.27Linux Kernel 2.4.27
cpe:/o:linux:linux_kernel:2.4.10Linux Kernel 2.4.10
cpe:/o:linux:linux_kernel:2.4.33.7
cpe:/o:linux:linux_kernel:2.6.11.6Linux Kernel 2.6.11.6
cpe:/o:linux:linux_kernel:2.4.33.2Linux Kernel 2.4.33.2
cpe:/o:linux:linux_kernel:2.4.37.1
cpe:/o:linux:linux_kernel:2.4.35.1
cpe:/o:linux:linux_kernel:2.4.28Linux Kernel 2.4.28
cpe:/o:linux:linux_kernel:2.6.12Linux Kernel 2.6.12
cpe:/o:linux:linux_kernel:2.4.36.3
cpe:/o:linux:linux_kernel:2.4.34.6
cpe:/o:linux:linux_kernel:2.6.11Linux Kernel 2.6.11
cpe:/o:linux:linux_kernel:2.4.36.8
cpe:/o:linux:linux_kernel:2.4.36.5
cpe:/o:linux:linux_kernel:2.4.34.4
cpe:/o:linux:linux_kernel:2.4.27::-pre3
cpe:/o:linux:linux_kernel:2.4.5Linux Kernel 2.4.5
cpe:/o:linux:linux_kernel:2.6.12.5Linux Kernel 2.6.12.5
cpe:/o:linux:linux_kernel:2.4.32Linux Kernel 2.4.32
cpe:/o:linux:linux_kernel:2.4.34.2Linux Kernel 2.4.34.2
cpe:/o:linux:linux_kernel:2.4.12Linux Kernel 2.4.12
cpe:/o:linux:linux_kernel:2.6.11.3Linux Kernel 2.6.11.3
cpe:/o:linux:linux_kernel:2.4.33.3Linux Kernel 2.4.33.3
cpe:/o:linux:linux_kernel:2.4.33.5Linux Kernel 2.4.33.5
cpe:/o:linux:linux_kernel:2.4.36.6
cpe:/o:linux:linux_kernel:2.6.12.6Linux Kernel 2.6.12.6
cpe:/o:linux:linux_kernel:2.4.2Linux Kernel 2.4.2
cpe:/o:linux:linux_kernel:2.6.12.4Linux Kernel 2.6.12.4
cpe:/o:linux:linux_kernel:2.4.3Linux Kernel 2.4.3
cpe:/o:linux:linux_kernel:2.4.16Linux Kernel 2.4.16
cpe:/o:linux:linux_kernel:2.6.11.9Linux Kernel 2.6.11.9
cpe:/o:linux:linux_kernel:2.4.37.5
cpe:/o:linux:linux_kernel:2.4.27::-pre4
cpe:/o:linux:linux_kernel:2.4.6Linux Kernel 2.4.6
cpe:/o:linux:linux_kernel:2.4.30:rc2Linux Kernel 2.4.30 rc2
cpe:/o:linux:linux_kernel:2.4.23Linux Kernel 2.4.23
cpe:/o:linux:linux_kernel:2.6.11.8Linux Kernel 2.6.11.8
cpe:/o:linux:linux_kernel:2.4.30Linux Kernel 2.4.30
cpe:/o:linux:linux_kernel:2.6.12.1Linux Kernel 2.6.12.1
cpe:/o:linux:linux_kernel:2.4.24Linux Kernel 2.4.24
cpe:/o:linux:linux_kernel:2.4.7Linux Kernel 2.4.7
cpe:/o:linux:linux_kernel:2.4.27::-pre1
cpe:/o:linux:linux_kernel:2.4.27::-pre2
cpe:/o:linux:linux_kernel:2.4.37.4
cpe:/o:linux:linux_kernel:2.4.36.7
cpe:/o:linux:linux_kernel:2.4.35.4
cpe:/o:linux:linux_kernel:2.4.11Linux Kernel 2.4.11
cpe:/o:linux:linux_kernel:2.4.4Linux Kernel 2.4.4
cpe:/o:linux:linux_kernel:2.4.33.1
cpe:/o:linux:linux_kernel:2.4.13Linux Kernel 2.4.13
cpe:/o:linux:linux_kernel:2.4.34.3
cpe:/o:linux:linux_kernel:2.4.19Linux Kernel 2.4.19
cpe:/o:linux:linux_kernel:2.6.11.5Linux Kernel 2.6.11.5
cpe:/o:linux:linux_kernel:2.4.36.9
cpe:/o:linux:linux_kernel:2.4.35.3
cpe:/o:linux:linux_kernel:2.4.9Linux Kernel 2.4.9
cpe:/o:linux:linux_kernel:2.4.8Linux Kernel 2.4.8
cpe:/o:linux:linux_kernel:2.4.18Linux Kernel 2.4.18
cpe:/o:linux:linux_kernel:2.4.20Linux Kernel 2.4.20
cpe:/o:linux:linux_kernel:2.4.37.3
cpe:/o:linux:linux_kernel:2.6.11.2Linux Kernel 2.6.11.2
cpe:/o:linux:linux_kernel:2.4.33Linux Kernel 2.4.33
cpe:/o:linux:linux_kernel:2.6.0Linux Kernel 2.6.0
cpe:/o:linux:linux_kernel:2.6.11.11Linux Kernel 2.6.11.11
cpe:/o:linux:linux_kernel:2.4.22Linux Kernel 2.4.22
cpe:/o:linux:linux_kernel:2.6.12.3Linux Kernel 2.6.12.3
cpe:/o:linux:linux_kernel:2.6.11.4Linux Kernel 2.6.11.4
cpe:/o:linux:linux_kernel:2.4.36
cpe:/o:linux:linux_kernel:2.6.11.7Linux Kernel 2.6.11.7
cpe:/o:linux:linux_kernel:2.6.11.12Linux Kernel 2.6.11.12
cpe:/o:linux:linux_kernel:2.6.10Linux Kernel 2.6.10
cpe:/o:linux:linux_kernel:2.4.37
cpe:/o:linux:linux_kernel:2.4.26Linux Kernel 2.4.26
cpe:/o:linux:linux_kernel:2.4.30:rc3Linux Kernel 2.4.30 rc3
cpe:/o:linux:linux_kernel:2.4.21Linux Kernel 2.4.21
cpe:/o:linux:linux_kernel:2.6.11.1Linux Kernel 2.6.11.1
cpe:/o:linux:linux_kernel:2.4.34Linux Kernel 2.4.34
cpe:/o:linux:linux_kernel:2.4.37.2
cpe:/o:linux:linux_kernel:2.4.36.2
cpe:/o:linux:linux_kernel:2.4.29Linux Kernel 2.4.29
cpe:/o:linux:linux_kernel:2.4.35.2Linux Kernel 2.4.35.2
cpe:/o:linux:linux_kernel:2.4.15Linux Kernel 2.4.15
cpe:/o:linux:linux_kernel:2.4.25Linux Kernel 2.4.25
cpe:/o:linux:linux_kernel:2.4.31Linux Kernel 2.4.31
cpe:/o:linux:linux_kernel:2.6.11.10Linux Kernel 2.6.11.10
cpe:/o:linux:linux_kernel:2.4.36.1

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11744The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in st...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4881
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4881
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200910-262
(官方数据源) CNNVD

- 其它链接及资源

http://www.openwall.com/lists/oss-security/2009/09/17/9
(PATCH)  MLIST  [oss-security] 20090917 Re: CVE request: kernel: tc: uninitialised kernel memory leak
http://www.openwall.com/lists/oss-security/2009/09/17/1
(PATCH)  MLIST  [oss-security] 20090916 Re: CVE request: kernel: tc: uninitialised kernel memory leak
http://www.openwall.com/lists/oss-security/2009/09/07/2
(PATCH)  MLIST  [oss-security] 20090907 Re: CVE request: kernel: tc: uninitialised kernel memory leak
http://www.openwall.com/lists/oss-security/2009/09/06/2
(PATCH)  MLIST  [oss-security] 20090906 Re: CVE request: kernel: tc: uninitialised kernel memory leak
http://www.openwall.com/lists/oss-security/2009/09/05/2
(PATCH)  MLIST  [oss-security] 20090905 Re: CVE request: kernel: tc: uninitialised kernel memory leak
http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.13/ChangeLog-2.6.13-rc1
(VENDOR_ADVISORY)  CONFIRM  http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.13/ChangeLog-2.6.13-rc1
http://marc.info/?l=git-commits-head&m=112002138324380
(PATCH)  MLIST  [bk-commits-head] 20050629 [NETLINK]: Missing initializations in dumped data
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b3563c4fbff906991a1b4ef4609f99cca2a0de6a
(PATCH)  CONFIRM  http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b3563c4fbff906991a1b4ef4609f99cca2a0de6a
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9ef1d4c7c7aca1cd436612b6ca785b726ffb8ed8
(PATCH)  CONFIRM  http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9ef1d4c7c7aca1cd436612b6ca785b726ffb8ed8
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a47077a0b5aa2649751c46e7a27884e6686ccbf
(PATCH)  CONFIRM  http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a47077a0b5aa2649751c46e7a27884e6686ccbf
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=3408cce0c2f380884070896420ca566704452fb5
(PATCH)  CONFIRM  http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=3408cce0c2f380884070896420ca566704452fb5
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=30e744716c4a6cc4e8ecaaddf68f20057c03dc8d
(PATCH)  CONFIRM  http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=30e744716c4a6cc4e8ecaaddf68f20057c03dc8d
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=0f3f2328f63c521fe4b435f148687452f98b2349
(PATCH)  CONFIRM  http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=0f3f2328f63c521fe4b435f148687452f98b2349
https://bugzilla.redhat.com/show_bug.cgi?id=521601
(UNKNOWN)  CONFIRM  https://bugzilla.redhat.com/show_bug.cgi?id=521601
http://www.redhat.com/support/errata/RHSA-2009-1522.html
(UNKNOWN)  REDHAT  RHSA-2009:1522
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6
(VENDOR_ADVISORY)  CONFIRM  http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6
http://secunia.com/advisories/37909
(UNKNOWN)  SECUNIA  37909
http://secunia.com/advisories/37084
(UNKNOWN)  SECUNIA  37084
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
(UNKNOWN)  SUSE  SUSE-SA:2009:064

- 漏洞信息

linux kernel 填充字段未初始化 内存敏感信息泄露漏洞
中危 信息泄露
2009-10-19 00:00:00 2009-10-20 00:00:00
本地  
        Linux kernel 2.4.37.6版本之前的2.4.x版本以及2.6.13-rc1版本之前的2.6.x版本中的netlink子系统没有初始化某些结构中的填充字段,这可能会允许本地用户可以借助未明向量,获得内核内存中的敏感信息。这些向量与(1)tc_fill_qdisc,(2)tcf_fill_node,(3)neightbl_fill_info,(4)neightbl_fill_param_info,(5) neigh_fill_info,(6)rtnetlink_fill_ifinfo,(7)rtnetlink_fill_iwinfo,(8)vif_delete,(9)ipmr_destroy_unres,(10)ipmr_cache_alloc_unres,(11)ipmr_cache_resolve,(12)inet6_fill_ifinfo,(13)tca_get_fill,(14)tca_action_flush,(15)tcf_add_notify,(16)tc_dump_action,(17)cbq_dump_police,(18)__nlmsg_put,(19) __rta_fill,(20)__rta_reserve,(21)inet6_fill_prefix,(22)rsvp_dump,以及(23)cbq_dump_ovl函数相关。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T
        http://download.novell.com/index.jsp?...ords=d74d39d05b86ecd47749efef4c5cc4da
        SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM zSeries 64bit
        http://download.novell.com/index.jsp?...ords=45980610ac351edf8925bf87ded45696
        SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM POWER
        http://download.novell.com/index.jsp?...ords=3394af4142e32b1fc8e96d64e36d50aa
        SUSE Linux Enterprise 10 SP2 DEBUGINFO for IPF
        http://download.novell.com/index.jsp?...ords=49abe3090200555e6b5936a6ebf5473f
        SUSE Linux Enterprise Server 10 SP2
        http://download.novell.com/index.jsp?...ords=d74d39d05b86ecd47749efef4c5cc4da
        http://download.novell.com/index.jsp?...ords=45980610ac351edf8925bf87ded45696
        http://download.novell.com/index.jsp?...ords=3394af4142e32b1fc8e96d64e36d50aa
        http://download.novell.com/index.jsp?...ords=49abe3090200555e6b5936a6ebf5473f
        http://download.novell.com/index.jsp?...ords=b3eb24d74bdd653ada797067c8107a34
        SLE SDK 10 SP2
        http://download.novell.com/index.jsp?...ords=d74d39d05b86ecd47749efef4c5cc4da
        http://download.novell.com/index.jsp?...ords=3394af4142e32b1fc8e96d64e36d50aa
        http://download.novell.com/index.jsp?...ords=49abe3090200555e6b5936a6ebf5473f
        http://download.novell.com/index.jsp?...ords=b3eb24d74bdd653ada797067c8107a34
        SUSE Linux Enterprise 10 SP2 DEBUGINFO
        http://download.novell.com/index.jsp?...ords=d74d39d05b86ecd47749efef4c5cc4da
        http://download.novell.com/index.jsp?...ords=3394af4142e32b1fc8e96d64e36d50aa
        http://download.novell.com/index.jsp?...ords=49abe3090200555e6b5936a6ebf5473f
        http://download.novell.com/index.jsp?...ords=b3eb24d74bdd653ada797067c8107a34
        SUSE Linux Enterprise Desktop 10 SP2
        http://download.novell.com/index.jsp?...ords=d74d39d05b86ecd47749efef4c5cc4da
        http://download.novell.com/index.jsp?...ords=b3eb24d74bdd653ada797067c8107a34
        SUSE Linux Enterprise Desktop 10 SP2 for x86
        http://download.novell.com/index.jsp?...ords=b3eb24d74bdd653ada797067c8107a34
        

- 漏洞信息

59221
Linux Kernel netlink Subsystem Multiple Function Local Kernel Memory Disclosure
Local Access Required Information Disclosure
Loss of Confidentiality Upgrade
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-06-29 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站