CVE-2006-0095
CVSS2.1
发布时间 :2006-01-06 06:03:00
修订时间 :2016-10-17 23:38:46
NMCOS    

[原文]dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key.


[CNNVD]Linux Kernel DM-Crypt本地信息泄露漏洞(CNNVD-200601-047)

        Linux kernel 2.6.15及更早版本中的dm-crypt在释放之前不清除结构,这会导致内存信息披露,本地用户可以获取关于cryptographic密钥的敏感信息。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.6.15:rc3Linux Kernel 2.6.15 Release Candidate 3
cpe:/o:linux:linux_kernel:2.6.15:rc4Linux Kernel 2.6.15 Release Candidate 4
cpe:/o:linux:linux_kernel:2.6.11.7Linux Kernel 2.6.11.7
cpe:/o:linux:linux_kernel:2.6.14.4Linux Kernel 2.6.14.4
cpe:/o:linux:linux_kernel:2.6.15:rc1Linux Kernel 2.6.15 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.11.6Linux Kernel 2.6.11.6
cpe:/o:linux:linux_kernel:2.6.14.3Linux Kernel 2.6.14.3
cpe:/o:linux:linux_kernel:2.6.8Linux Kernel 2.6.8
cpe:/o:linux:linux_kernel:2.6.11.5Linux Kernel 2.6.11.5
cpe:/o:linux:linux_kernel:2.6.12.4Linux Kernel 2.6.12.4
cpe:/o:linux:linux_kernel:2.6.13Linux Kernel 2.6.13
cpe:/o:linux:linux_kernel:2.6.14.2Linux Kernel 2.6.14.2
cpe:/o:linux:linux_kernel:2.6.11.4Linux Kernel 2.6.11.4
cpe:/o:linux:linux_kernel:2.6.12.3Linux Kernel 2.6.12.3
cpe:/o:linux:linux_kernel:2.6.14Linux Kernel 2.6.14
cpe:/o:linux:linux_kernel:2.6.14.1Linux Kernel 2.6.14.1
cpe:/o:linux:linux_kernel:2.6.11.9Linux Kernel 2.6.11.9
cpe:/o:linux:linux_kernel:2.6.10Linux Kernel 2.6.10
cpe:/o:linux:linux_kernel:2.6.11.8Linux Kernel 2.6.11.8
cpe:/o:linux:linux_kernel:2.6.11.3Linux Kernel 2.6.11.3
cpe:/o:linux:linux_kernel:2.6.12.2Linux Kernel 2.6.12.2
cpe:/o:linux:linux_kernel:2.6.11.2Linux Kernel 2.6.11.2
cpe:/o:linux:linux_kernel:2.6.12.1Linux Kernel 2.6.12.1
cpe:/o:linux:linux_kernel:2.6.15Linux Kernel 2.6.15
cpe:/o:linux:linux_kernel:2.6.11.1Linux Kernel 2.6.11.1
cpe:/o:linux:linux_kernel:2.6.3Linux Kernel 2.6.3
cpe:/o:linux:linux_kernel:2.6.2Linux Kernel 2.6.2
cpe:/o:linux:linux_kernel:2.6.11Linux Kernel 2.6.11
cpe:/o:linux:linux_kernel:2.6.12Linux Kernel 2.6.12
cpe:/o:linux:linux_kernel:2.6.1Linux Kernel 2.6.1
cpe:/o:linux:linux_kernel:2.6.0Linux Kernel 2.6.0
cpe:/o:linux:linux_kernel:2.6.8.1Linux Kernel 2.6.8.1
cpe:/o:linux:linux_kernel:2.6.9:2.6.20
cpe:/o:linux:linux_kernel:2.6.14:rc2Linux Kernel 2.6.14 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.7Linux Kernel 2.6.7
cpe:/o:linux:linux_kernel:2.6.6Linux Kernel 2.6.6
cpe:/o:linux:linux_kernel:2.6.11.12Linux Kernel 2.6.11.12
cpe:/o:linux:linux_kernel:2.6.11.11Linux Kernel 2.6.11.11
cpe:/o:linux:linux_kernel:2.6.11.10Linux Kernel 2.6.11.10
cpe:/o:linux:linux_kernel:2.6.15:rc7Linux Kernel 2.6.15 Release Candidate 7
cpe:/o:linux:linux_kernel:2.6.14:rc3Linux Kernel 2.6.14 Release Candidate 3
cpe:/o:linux:linux_kernel:2.6.14:rc4Linux Kernel 2.6.14 Release Candidate 4
cpe:/o:linux:linux_kernel:2.6.15:rc5Linux Kernel 2.6.15 Release Candidate 5
cpe:/o:linux:linux_kernel:2.6.5Linux Kernel 2.6.5
cpe:/o:linux:linux_kernel:2.6.14:rc1Linux Kernel 2.6.14 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.15:rc6Linux Kernel 2.6.15 Release Candidate 6
cpe:/o:linux:linux_kernel:2.6.4Linux Kernel 2.6.4

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11192dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could all...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0095
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0095
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200601-047
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=linux-kernel&m=113640535312572&w=2
(UNKNOWN)  MLIST  [linux-kernel] 20060104 [Patch 2.6] dm-crypt: zero key before freeing it
http://marc.info/?l=linux-kernel&m=113641114812886&w=2
(UNKNOWN)  MLIST  [linux-kernel] 20060104 [Patch 2.6] dm-crypt: Zero key material before free to avoid information leak
http://securityreason.com/securityalert/388
(UNKNOWN)  SREASON  388
http://securitytracker.com/id?1015740
(UNKNOWN)  SECTRACK  1015740
http://www.debian.org/security/2006/dsa-1017
(UNKNOWN)  DEBIAN  DSA-1017
http://www.mandriva.com/security/advisories?name=MDKSA-2006:040
(UNKNOWN)  MANDRIVA  MDKSA-2006:040
http://www.novell.com/linux/security/advisories/2006-05-31.html
(UNKNOWN)  SUSE  SUSE-SA:2006:028
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00037.html
(UNKNOWN)  FEDORA  FEDORA-2006-102
http://www.redhat.com/support/errata/RHSA-2006-0132.html
(UNKNOWN)  REDHAT  RHSA-2006:0132
http://www.securityfocus.com/archive/1/archive/1/427981/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:157459-4
http://www.securityfocus.com/bid/16301
(UNKNOWN)  BID  16301
http://www.trustix.org/errata/2006/0004
(UNKNOWN)  TRUSTIX  2006-0004
http://www.ubuntulinux.org/support/documentation/usn/usn-244-1
(UNKNOWN)  UBUNTU  USN-244-1
http://www.vupen.com/english/advisories/2006/0235
(UNKNOWN)  VUPEN  ADV-2006-0235
http://xforce.iss.net/xforce/xfdb/24189
(UNKNOWN)  XF  kernel-dmcrypt-information-disclosure(24189)

- 漏洞信息

Linux Kernel DM-Crypt本地信息泄露漏洞
低危 设计错误
2006-01-06 00:00:00 2006-01-09 00:00:00
本地  
        Linux kernel 2.6.15及更早版本中的dm-crypt在释放之前不清除结构,这会导致内存信息披露,本地用户可以获取关于cryptographic密钥的敏感信息。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Linux kernel 2.6 -test6
        Linux patch-2.6.16-rc1.bz2
        http://kernel.org/pub/linux/kernel/v2.6/testing/patch-2.6.16-rc1.bz2
        Linux kernel 2.6 -test4
        Linux patch-2.6.16-rc1.bz2
        http://kernel.org/pub/linux/kernel/v2.6/testing/patch-2.6.16-rc1.bz2
        Linux kernel 2.6 -test2
        Linux patch-2.6.16-rc1.bz2
        http://kernel.org/pub/linux/kernel/v2.6/testing/patch-2.6.16-rc1.bz2
        Linux kernel 2.6 -test11
        Linux patch-2.6.16-rc1.bz2
        http://kernel.org/pub/linux/kernel/v2.6/testing/patch-2.6.16-rc1.bz2
        Linux kernel 2.6 -test9-CVS
        Linux patch-2.6.16-rc1.bz2
        http://kernel.org/pub/linux/kernel/v2.6/testing/patch-2.6.16-rc1.bz2
        Linux kernel 2.6
        Debian kernel-headers-2.6-amd64-generic_103sarge1_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64 /kernel-headers-2.6-amd64-generic_103sarge1_amd64.deb
        Debian kernel-headers-2.6-amd64-k8-smp_103sarge1_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64 /kernel-headers-2.6-amd64-k8-smp_103sarge1_amd64.deb
        Debian kernel-headers-2.6-amd64-k8_103sarge1_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64 /kernel-headers-2.6-amd64-k8_103sarge1_amd64.deb
        Debian kernel-headers-2.6-em64t-p4-smp_103sarge1_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64 /kernel-headers-2.6-em64t-p4-smp_103sarge1_amd64.deb
        Debian kernel-headers-2.6-em64t-p4_103sarge1_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64 /kernel-headers-2.6-em64t-p4_103sarge1_amd64.deb
        Debian kernel-headers-2.6-generic_101sarge1_alpha.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-alpha /kernel-headers-2.6-generic_101sarge1_alpha.deb
        Debian kernel-headers-2.6-itanium-smp_2.6.8-14sarge2_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64 /kernel-headers-2.6-itanium-smp_2.6.8-14sarge2_ia64.deb
        Debian kernel-headers-2.6-itanium_2.6.8-14sarge2_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64 /kernel-headers-2.6-itanium_2.6.8-14sarge2_ia64.deb
        Debian kernel-headers-2.6-smp_101sarge1_alpha.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-alpha /kernel-headers-2.6-smp_101sarge1_alpha.deb
        Debian kernel-headers-2.6-sparc32_101sarge1_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-sparc /kernel-headers-2.6-sparc32_101sarge1_sparc.deb
        Debian kernel-headers-2.6-sparc64-smp_101sarge1_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-sparc /kernel-headers-2.6-sparc64-smp_101sarge1_sparc.deb
        Debian kernel-headers-2.6-sparc64_101sarge1_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-sparc /kernel-headers-2.6-sparc64_101sarge1_sparc.deb
        Debian kernel-image-2.4-powerpc_102sarge1_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/k ernel-image-2.4-powerpc_102sarge1_powerpc.deb
        Debian kernel-image-2.6-amd64-generic_103sarge1_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64 /kernel-image-2.6-amd64-generic_103sarge1_amd64.deb
        Debian kernel-image-2.6-amd64-k8-smp_103sarge1_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64 /kernel-image-2.6-amd64-k8-smp_103sarge1_amd64.deb
        Debian kernel-image-2.6-amd64-k8_103sarge1_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64 /kernel-image-2.6-amd64-k8_103sarge1_amd64.deb

- 漏洞信息

22418
Linux Kernel dm-crypt crypt_config Structure Cryptographic Key Local Disclosure
Local Access Required Information Disclosure
Loss of Confidentiality
Exploit Unknown Vendor Verified

- 漏洞描述

The Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because 'dm-crypt' does not zero out the 'struct crypt_config' structure before it is freed, potentially leaking cryptographic key information, resulting in a loss of confidentiality.

- 时间线

2006-01-04 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.6.16-rc1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Linux Kernel DM-Crypt Local Information Disclosure Vulnerability
Design Error 16301
No Yes
2006-01-18 12:00:00 2007-01-18 02:42:00
Stefan Rompf <stefan@loplof.de> reported this issue to the vendor.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
S.u.S.E. UnitedLinux 1.0
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Fedora Core4
Red Hat Enterprise Linux AS 4
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Linux kernel 2.6.15 -rc3
Linux kernel 2.6.15 -rc2
Linux kernel 2.6.15 -rc1
Linux kernel 2.6.15
Linux kernel 2.6.14 .3
Linux kernel 2.6.14 .2
Linux kernel 2.6.14 .1
Linux kernel 2.6.14 -rc4
Linux kernel 2.6.14 -rc3
Linux kernel 2.6.14 -rc2
Linux kernel 2.6.14 -rc1
Linux kernel 2.6.14
Linux kernel 2.6.13 .4
Linux kernel 2.6.13 .3
Linux kernel 2.6.13 .2
Linux kernel 2.6.13 .1
Linux kernel 2.6.13 -rc7
Linux kernel 2.6.13 -rc6
Linux kernel 2.6.13 -rc4
Linux kernel 2.6.13 -rc1
Linux kernel 2.6.13
Linux kernel 2.6.12 .6
Linux kernel 2.6.12 .5
Linux kernel 2.6.12 .4
Linux kernel 2.6.12 .3
Linux kernel 2.6.12 .2
Linux kernel 2.6.12 .1
Linux kernel 2.6.12 -rc5
Linux kernel 2.6.12 -rc4
Linux kernel 2.6.12 -rc1
Linux kernel 2.6.11 .8
Linux kernel 2.6.11 .7
Linux kernel 2.6.11 .6
Linux kernel 2.6.11 .5
Linux kernel 2.6.11 .12
Linux kernel 2.6.11 .11
Linux kernel 2.6.11 -rc4
Linux kernel 2.6.11 -rc3
Linux kernel 2.6.11 -rc2
Linux kernel 2.6.11
+ Red Hat Fedora Core4
Linux kernel 2.6.10 rc2
Linux kernel 2.6.10
Linux kernel 2.6.9
Linux kernel 2.6.8 rc3
Linux kernel 2.6.8 rc2
Linux kernel 2.6.8 rc1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.8
Linux kernel 2.6.7 rc1
Linux kernel 2.6.7
Linux kernel 2.6.6 rc1
Linux kernel 2.6.6
Linux kernel 2.6.5
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 2.6.1 -rc2
Linux kernel 2.6.1 -rc1
Linux kernel 2.6.1
Linux kernel 2.6 .10
Linux kernel 2.6 -test9-CVS
Linux kernel 2.6 -test9
Linux kernel 2.6 -test8
Linux kernel 2.6 -test7
Linux kernel 2.6 -test6
Linux kernel 2.6 -test5
Linux kernel 2.6 -test4
Linux kernel 2.6 -test3
Linux kernel 2.6 -test2
Linux kernel 2.6 -test11
Linux kernel 2.6 -test10
Linux kernel 2.6 -test1
Linux kernel 2.6
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Linux kernel 2.6.16 -rc1

- 不受影响的程序版本

Linux kernel 2.6.16 -rc1

- 漏洞讨论

The Linux kernel 'dm-crypt' module is susceptible to a local information-disclosure vulnerability. This issue is due to the module's failure to properly zero-sensitive memory buffers before freeing the memory.

This issue may allow local attackers to gain access to potentially sensitive memory that contains information on the cryptographic key used for the encrypted storage. This may aid attackers in further attacks.

This issue affects the 2.6 series of the Linux kernel.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

Please see the referenced vendor advisories for details on obtaining and applying fixes.


Linux kernel 2.6 -test6

Linux kernel 2.6 -test4

Linux kernel 2.6 -test2

Linux kernel 2.6 -test11

Linux kernel 2.6 -test9-CVS

Linux kernel 2.6

Linux kernel 2.6 -test3

Linux kernel 2.6 .10

Linux kernel 2.6 -test5

Linux kernel 2.6 -test1

Linux kernel 2.6 -test7

Linux kernel 2.6 -test9

Linux kernel 2.6 -test8

Linux kernel 2.6.1 -rc1

Linux kernel 2.6.1 -rc2

Linux kernel 2.6.10 rc2

Linux kernel 2.6.11

Linux kernel 2.6.11 .6

Linux kernel 2.6.11 .12

Linux kernel 2.6.11 -rc2

Linux kernel 2.6.11 .5

Linux kernel 2.6.11 -rc3

Linux kernel 2.6.11 -rc4

Linux kernel 2.6.12 .4

Linux kernel 2.6.12 .3

Linux kernel 2.6.12 .1

Linux kernel 2.6.12 .5

Linux kernel 2.6.12 -rc4

Linux kernel 2.6.12 .2

Linux kernel 2.6.12 .6

Linux kernel 2.6.12 -rc5

Linux kernel 2.6.13 -rc4

Linux kernel 2.6.13 .3

Linux kernel 2.6.13

Linux kernel 2.6.13 -rc7

Linux kernel 2.6.13 -rc1

Linux kernel 2.6.13 .2

Linux kernel 2.6.14 -rc2

Linux kernel 2.6.14 -rc3

Linux kernel 2.6.14

Linux kernel 2.6.14 -rc1

Linux kernel 2.6.14 -rc4

Linux kernel 2.6.14 .2

Linux kernel 2.6.15

Linux kernel 2.6.15 -rc1

Linux kernel 2.6.15 -rc3

Linux kernel 2.6.15 -rc2

Linux kernel 2.6.2

Linux kernel 2.6.4

Linux kernel 2.6.7 rc1

Linux kernel 2.6.7

Linux kernel 2.6.8 rc3

Linux kernel 2.6.8 rc2

Linux kernel 2.6.8 rc1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站