CVE-2006-0457
CVSS7.1
发布时间 :2006-03-13 21:02:00
修订时间 :2010-08-21 00:39:29
NMCOS    

[原文]Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service (crash) or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies the data into kernel memory.


[CNNVD]Linux Kernel安全键函数本地向用户复制比赛漏洞(CNNVD-200603-218)

        Linux kernel 2.6.x的(1) add_key,(2) request_key,和(3) keyctl函数中的竞态条件,可以让本地用户通过以下途径制造一个拒绝服务(崩溃)或读取敏感内核内存:修改一个介于内核计算长度时间和当其将数据复制到内核内存时之间的字符串参数的长度。

- CVSS (基础分值)

CVSS分值: 7.1 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.6.0:test2Linux Kernel 2.6 test2
cpe:/o:linux:linux_kernel:2.6.12.2Linux Kernel 2.6.12.2
cpe:/o:linux:linux_kernel:2.6.1Linux Kernel 2.6.1
cpe:/o:linux:linux_kernel:2.6.11:rc2Linux Kernel 2.6.11 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.15:rc7Linux Kernel 2.6.15 Release Candidate 7
cpe:/o:linux:linux_kernel:2.6.15:rc5Linux Kernel 2.6.15 Release Candidate 5
cpe:/o:linux:linux_kernel:2.6.7:rc1Linux Kernel 2.6.7 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.13.3Linux Kernel 2.6.13.3
cpe:/o:linux:linux_kernel:2.6.15:rc3Linux Kernel 2.6.15 Release Candidate 3
cpe:/o:linux:linux_kernel:2.6.15.1Linux Kernel 2.6.15.1
cpe:/o:linux:linux_kernel:2.6.15:rc4Linux Kernel 2.6.15 Release Candidate 4
cpe:/o:linux:linux_kernel:2.6.14:rc4Linux Kernel 2.6.14 Release Candidate 4
cpe:/o:linux:linux_kernel:2.6.0:test9Linux Kernel 2.6 test9
cpe:/o:linux:linux_kernel:2.6.11.6Linux Kernel 2.6.11.6
cpe:/o:linux:linux_kernel:2.6.0:test5Linux Kernel 2.6 test5
cpe:/o:linux:linux_kernel:2.6.11_rc1_bk6
cpe:/o:linux:linux_kernel:2.6.13.2Linux Kernel 2.6.13.2
cpe:/o:linux:linux_kernel:2.6.14:rc3Linux Kernel 2.6.14 Release Candidate 3
cpe:/o:linux:linux_kernel:2.6.8.1Linux Kernel 2.6.8.1
cpe:/o:linux:linux_kernel:2.6.11:rc3Linux Kernel 2.6.11 Release Candidate 3
cpe:/o:linux:linux_kernel:2.6.12Linux Kernel 2.6.12
cpe:/o:linux:linux_kernel:2.6.0:test1Linux Kernel 2.6 test1
cpe:/o:linux:linux_kernel:2.6.11:rc4Linux Kernel 2.6.11 Release Candidate 4
cpe:/o:linux:linux_kernel:2.6.14.2Linux Kernel 2.6.14.2
cpe:/o:linux:linux_kernel:2.6.11Linux Kernel 2.6.11
cpe:/o:linux:linux_kernel:2.6.14:rc1Linux Kernel 2.6.14 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.13:rc1Linux Kernel 2.6.13 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.0:test11Linux Kernel 2.6 test11
cpe:/o:linux:linux_kernel:2.6.9:2.6.20
cpe:/o:linux:linux_kernel:2.6.0:test7Linux Kernel 2.6 test7
cpe:/o:linux:linux_kernel:2.6.13.1Linux Kernel 2.6.13.1
cpe:/o:linux:linux_kernel:2.6.0:test6Linux Kernel 2.6 test6
cpe:/o:linux:linux_kernel:2.6.13:rc7Linux Kernel 2.6.13 Release Candidate 7
cpe:/o:linux:linux_kernel:2.6.12:rc5Linux Kernel 2.6.12 Release Candidate 5
cpe:/o:linux:linux_kernel:2.6.15:rc6Linux Kernel 2.6.15 Release Candidate 6
cpe:/o:linux:linux_kernel:2.6.12.5Linux Kernel 2.6.12.5
cpe:/o:linux:linux_kernel:2.6.15Linux Kernel 2.6.15
cpe:/o:linux:linux_kernel:2.6.15.5Linux Kernel 2.6.15.5
cpe:/o:linux:linux_kernel:2.6.15.3Linux Kernel 2.6.15.3
cpe:/o:linux:linux_kernel:2.6.11.3Linux Kernel 2.6.11.3
cpe:/o:linux:linux_kernel:2.6.13.4Linux Kernel 2.6.13.4
cpe:/o:linux:linux_kernel:2.6.5Linux Kernel 2.6.5
cpe:/o:linux:linux_kernel:2.6.13:rc4Linux Kernel 2.6.13 Release Candidate 4
cpe:/o:linux:linux_kernel:2.6.7Linux Kernel 2.6.7
cpe:/o:linux:linux_kernel:2.6.15:rc1Linux Kernel 2.6.15 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.11:rc1Linux Kernel 2.6.11 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.12.6Linux Kernel 2.6.12.6
cpe:/o:linux:linux_kernel:2.6.12:rc4Linux Kernel 2.6.12 Release Candidate 4
cpe:/o:linux:linux_kernel:2.6.12.4Linux Kernel 2.6.12.4
cpe:/o:linux:linux_kernel:2.6.14:rc2Linux Kernel 2.6.14 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.11.9Linux Kernel 2.6.11.9
cpe:/o:linux:linux_kernel:2.6.11.8Linux Kernel 2.6.11.8
cpe:/o:linux:linux_kernel:2.6.12.1Linux Kernel 2.6.12.1
cpe:/o:linux:linux_kernel:2.6.4Linux Kernel 2.6.4
cpe:/o:linux:linux_kernel:2.6.13Linux Kernel 2.6.13
cpe:/o:linux:linux_kernel:2.6.8:rc3Linux Kernel 2.6.8 Release Candidate 3
cpe:/o:linux:linux_kernel:2.6.8:rc2Linux Kernel 2.6.8 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.10:rc2Linux Kernel 2.6.10 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.11.5Linux Kernel 2.6.11.5
cpe:/o:linux:linux_kernel:2.6.12:rc1Linux Kernel 2.6.12 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.14.4Linux Kernel 2.6.14.4
cpe:/o:linux:linux_kernel:2.6.8.1.5
cpe:/o:linux:linux_kernel:2.6.1:rc1Linux Kernel 2.6.1 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.1:rc2Linux Kernel 2.6.1 Release Candidate 2
cpe:/o:linux:linux_kernel:2.6.11.2Linux Kernel 2.6.11.2
cpe:/o:linux:linux_kernel:2.6.15.4Linux Kernel 2.6.15.4
cpe:/o:linux:linux_kernel:2.6.0:test4Linux Kernel 2.6 test4
cpe:/o:linux:linux_kernel:2.6.0Linux Kernel 2.6.0
cpe:/o:linux:linux_kernel:2.6.8:rc1Linux Kernel 2.6.8 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.11.11Linux Kernel 2.6.11.11
cpe:/o:linux:linux_kernel:2.6.6:rc1Linux Kernel 2.6.6 Release Candidate 1
cpe:/o:linux:linux_kernel:2.6.11.4Linux Kernel 2.6.11.4
cpe:/o:linux:linux_kernel:2.6.12.3Linux Kernel 2.6.12.3
cpe:/o:linux:linux_kernel:2.6.3Linux Kernel 2.6.3
cpe:/o:linux:linux_kernel:2.6.11.12Linux Kernel 2.6.11.12
cpe:/o:linux:linux_kernel:2.6.11.7Linux Kernel 2.6.11.7
cpe:/o:linux:linux_kernel:2.6.15.2Linux Kernel 2.6.15.2
cpe:/o:linux:linux_kernel:2.6.10Linux Kernel 2.6.10
cpe:/o:linux:linux_kernel:2.6.0:test8Linux Kernel 2.6 test8
cpe:/o:linux:linux_kernel:2.6.14Linux Kernel 2.6.14
cpe:/o:linux:linux_kernel:2.6.0:test3Linux Kernel 2.6 test3
cpe:/o:linux:linux_kernel:2.6.8Linux Kernel 2.6.8
cpe:/o:linux:linux_kernel:2.6.0:test10Linux Kernel 2.6 test10
cpe:/o:linux:linux_kernel:2.6.11.1Linux Kernel 2.6.11.1
cpe:/o:linux:linux_kernel:2.6.14.1Linux Kernel 2.6.14.1
cpe:/o:linux:linux_kernel:2.6.14.3Linux Kernel 2.6.14.3
cpe:/o:linux:linux_kernel:2.6.13:rc6Linux Kernel 2.6.13 Release Candidate 6
cpe:/o:linux:linux_kernel:2.6.6Linux Kernel 2.6.6
cpe:/o:linux:linux_kernel:2.6.11.10Linux Kernel 2.6.11.10

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9566Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of s...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0457
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0457
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200603-218
(官方数据源) CNNVD

- 其它链接及资源

http://www.ubuntulinux.org/support/documentation/usn/usn-263-1
(VENDOR_ADVISORY)  UBUNTU  USN-263-1
http://xforce.iss.net/xforce/xfdb/25354
(UNKNOWN)  XF  kernel-addkey-dos(25354)
http://www.securityfocus.com/bid/17084
(UNKNOWN)  BID  17084
http://www.redhat.com/support/errata/RHSA-2006-0575.html
(UNKNOWN)  REDHAT  RHSA-2006:0575
http://www.osvdb.org/23894
(UNKNOWN)  OSVDB  23894
http://www.novell.com/linux/security/advisories/2006-05-31.html
(UNKNOWN)  SUSE  SUSE-SA:2006:028
http://www.mandriva.com/security/advisories?name=MDKSA-2006:059
(UNKNOWN)  MANDRIVA  MDKSA-2006:059
http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
http://secunia.com/advisories/22417
(UNKNOWN)  SECUNIA  22417
http://secunia.com/advisories/21465
(UNKNOWN)  SECUNIA  21465
http://secunia.com/advisories/20398
(UNKNOWN)  SECUNIA  20398
http://secunia.com/advisories/19220
(UNKNOWN)  SECUNIA  19220

- 漏洞信息

Linux Kernel安全键函数本地向用户复制比赛漏洞
高危 竞争条件
2006-03-13 00:00:00 2006-03-14 00:00:00
本地  
        Linux kernel 2.6.x的(1) add_key,(2) request_key,和(3) keyctl函数中的竞态条件,可以让本地用户通过以下途径制造一个拒绝服务(崩溃)或读取敏感内核内存:修改一个介于内核计算长度时间和当其将数据复制到内核内存时之间的字符串参数的长度。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Linux kernel 2.6 -test6
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6 -test4
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6 -test2
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6 -test9-CVS
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6 -test7
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6 -test9
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6 -test10
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6 -test11
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.1 -rc2
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.1
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.10 rc2
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.10
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.11 -rc3
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.11 .11
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.11 .7
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.11
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.11 .6
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.11 .12
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.11 -rc2
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.12 .4
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.12 .1
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.12 -rc4
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.12 .2
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.12 -rc1
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.12 .3
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.12 .5
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.13 -rc4
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.13 .3
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.13
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.13 -rc7
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.13 -rc1
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.14 .4
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
        Linux kernel 2.6.14 .1
        Linux linux-2.6.15.4.tar.bz2
        http://kernel.org/pub/linux/kern

- 漏洞信息

23894
Linux Kernel Multiple Function String Length Modification Race Condition Local Information Disclosure
Local Access Required Information Disclosure, Race Condition
Loss of Confidentiality

- 漏洞描述

The Linux Kernel contains a flaw that may allow a local denial of service. The issue is triggered when a race condition occurs that allows an attacker to modify an argument of a copy operation after is has been validated, but before it is used. This may present a window of opportunity for an attacker to gain access to sensitive information stored in memory.

- 时间线

2006-03-13 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.6.15.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Linux Kernel Security Key Functions Local Copy_To_User Race Vulnerability
Race Condition Error 17084
No Yes
2006-03-13 12:00:00 2006-12-22 03:52:00
David Howells <dhowells@redhat.com> is credited with the discovery of this issue.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
S.u.S.E. UnitedLinux 1.0
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Enterprise Linux AS 4
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Linux kernel 2.6.15 .3
Linux kernel 2.6.15 .2
Linux kernel 2.6.15 .1
Linux kernel 2.6.15 -rc3
Linux kernel 2.6.15 -rc2
Linux kernel 2.6.15 -rc1
Linux kernel 2.6.15
Linux kernel 2.6.14 .5
Linux kernel 2.6.14 .4
Linux kernel 2.6.14 .3
Linux kernel 2.6.14 .2
Linux kernel 2.6.14 .1
Linux kernel 2.6.14 -rc4
Linux kernel 2.6.14 -rc3
Linux kernel 2.6.14 -rc2
Linux kernel 2.6.14 -rc1
Linux kernel 2.6.14
Linux kernel 2.6.13 .4
Linux kernel 2.6.13 .3
Linux kernel 2.6.13 .2
Linux kernel 2.6.13 .1
Linux kernel 2.6.13 -rc7
Linux kernel 2.6.13 -rc6
Linux kernel 2.6.13 -rc4
Linux kernel 2.6.13 -rc1
Linux kernel 2.6.13
Linux kernel 2.6.12 .6
Linux kernel 2.6.12 .5
Linux kernel 2.6.12 .4
Linux kernel 2.6.12 .3
Linux kernel 2.6.12 .2
Linux kernel 2.6.12 .1
Linux kernel 2.6.12 -rc5
Linux kernel 2.6.12 -rc4
Linux kernel 2.6.12 -rc1
Linux kernel 2.6.11 .8
Linux kernel 2.6.11 .7
Linux kernel 2.6.11 .6
Linux kernel 2.6.11 .5
Linux kernel 2.6.11 .12
Linux kernel 2.6.11 .11
Linux kernel 2.6.11 -rc4
Linux kernel 2.6.11 -rc3
Linux kernel 2.6.11 -rc2
Linux kernel 2.6.11
+ Red Hat Fedora Core4
Linux kernel 2.6.10 rc2
Linux kernel 2.6.10
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
+ Trustix Secure Linux 3.0
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
Linux kernel 2.6.9
Linux kernel 2.6.8 rc3
Linux kernel 2.6.8 rc2
Linux kernel 2.6.8 rc1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.8
Linux kernel 2.6.7 rc1
Linux kernel 2.6.7
Linux kernel 2.6.6 rc1
Linux kernel 2.6.6
Linux kernel 2.6.5
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 2.6.1 -rc2
Linux kernel 2.6.1 -rc1
Linux kernel 2.6.1
Linux kernel 2.6 .10
Linux kernel 2.6 -test9-CVS
Linux kernel 2.6 -test9
Linux kernel 2.6 -test8
Linux kernel 2.6 -test7
Linux kernel 2.6 -test6
Linux kernel 2.6 -test5
Linux kernel 2.6 -test4
Linux kernel 2.6 -test3
Linux kernel 2.6 -test2
Linux kernel 2.6 -test11
Linux kernel 2.6 -test10
Linux kernel 2.6 -test1
Linux kernel 2.6
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8710 CM 3.1
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8700 CM 3.1
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8500 CM 3.1
Avaya S8500 0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya S8300 CM 3.1
Avaya S8300 0
Avaya Messaging Storage Server MM3.0
Avaya Converged Communications Server 2.0
Linux kernel 2.6.15 .4

- 不受影响的程序版本

Linux kernel 2.6.15 .4

- 漏洞讨论

The Linux kernel is susceptible to a local race-condition vulnerability in its security-key functionality. This issue is due to a race condition that allows attackers to modify an argument of a copy operation after is has been validated, but before it is used.

This vulnerability allows local attackers to crash the kernel, denying service to legitimate users. It may also allow attackers to read portions of kernel memory, and thus gain access to potentially sensitive information. This may aid them in further attacks.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

The Linux kernel version 2.6.15.4 has been released to address this issue.

Please see the referenced advisories for more information.


Linux kernel 2.6 -test6

Linux kernel 2.6 -test4

Linux kernel 2.6 -test2

Linux kernel 2.6 -test9-CVS

Linux kernel 2.6 -test7

Linux kernel 2.6 -test9

Linux kernel 2.6 -test10

Linux kernel 2.6 -test11

Linux kernel 2.6

Linux kernel 2.6.1 -rc2

Linux kernel 2.6.1

Linux kernel 2.6.10 rc2

Linux kernel 2.6.10

Linux kernel 2.6.11 -rc3

Linux kernel 2.6.11 .11

Linux kernel 2.6.11 .7

Linux kernel 2.6.11

Linux kernel 2.6.11 .6

Linux kernel 2.6.11 .12

Linux kernel 2.6.11 -rc2

Linux kernel 2.6.12 .4

Linux kernel 2.6.12 .1

Linux kernel 2.6.12 -rc4

Linux kernel 2.6.12 .2

Linux kernel 2.6.12 -rc1

Linux kernel 2.6.12 .3

Linux kernel 2.6.12 .5

Linux kernel 2.6.13 -rc4

Linux kernel 2.6.13 .3

Linux kernel 2.6.13

Linux kernel 2.6.13 -rc7

Linux kernel 2.6.13 -rc1

Linux kernel 2.6.14 .4

Linux kernel 2.6.14 .1

Linux kernel 2.6.14 .3

Linux kernel 2.6.14 -rc2

Linux kernel 2.6.14 .5

Linux kernel 2.6.14 -rc3

Linux kernel 2.6.15

Linux kernel 2.6.15 -rc1

Linux kernel 2.6.15 -rc3

Linux kernel 2.6.2

Linux kernel 2.6.3

Linux kernel 2.6.4

Linux kernel 2.6.6 rc1

Linux kernel 2.6.6

Linux kernel 2.6.7

Linux kernel 2.6.8 rc2

Linux kernel 2.6.8 rc1

Linux kernel 2.6.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站