正文

Linux Kernel Coda_Pioctl本地缓冲区溢出漏洞

admin
admin V管理员 /0 评论 /5 阅读
1231
此篇文章发布距今已超过1274天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Linux Kernel Coda_Pioctl本地缓冲区溢出漏洞

  • CNNVD编号:CNNVD-200504-036
    • <!--
  • 危害等级: 低危-->
  • 危害等级: 低危
  • CVE编号: CVE-2005-0124
  • 漏洞类型: 缓冲区溢出
  • 发布时间: 2005-04-14
  • 威胁类型: 本地
  • 更新时间: 2005-10-20
  • 厂        商: linux
  • 漏洞来源: Discovery of this ...

漏洞简介

Linux Kernel是开放源代码操作系统Linux的内核。 用于Linux kernel 2.6.9和2.4.x的2.4.29之前版本的coda functionality(pioctl.c)的coda_pioctl函数使得本地用户可以通过可能导致缓冲区溢出的负vi.in_size或vi.out_size值,发起拒绝服务攻击(崩溃)或执行任意代码。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: Linux kernel 2.4 Debian kernel-headers-2.4_102sarge1_powerpc.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/k ernel-headers-2.4_102sarge1_powerpc.deb Debian kernel-image-2.4-powerpc-smp_102sarge1_powerpc.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/k ernel-image-2.4-powerpc-smp_102sarge1_powerpc.deb Linux kernel 2.4.17 Debian kernel-headers-2.4.17_2.4.17-0.020226.2.woody3_mips.deb http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mip s/kernel-headers-2.4.17_2.4.17-0.020226.2.woody3_mips.deb Debian kernel-headers-2.4.17_2.4.17-0.020226.2.woody3_mipsel.deb http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mip s/kernel-headers-2.4.17_2.4.17-0.020226.2.woody3_mipsel.deb Debian kernel-image-2.4.17-r3k-kn02_2.4.17-0.020226.2.woody3_mipsel.deb http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mip s/kernel-image-2.4.17-r3k-kn02_2.4.17-0.020226.2.woody3_mipsel.deb Debian kernel-image-2.4.17-r4k-ip22_2.4.17-0.020226.2.woody3_mips.deb http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mip s/kernel-image-2.4.17-r4k-ip22_2.4.17-0.020226.2.woody3_mips.deb Debian kernel-image-2.4.17-r4k-kn04_2.4.17-0.020226.2.woody3_mipsel.deb http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mip s/kernel-image-2.4.17-r4k-kn04_2.4.17-0.020226.2.woody3_mipsel.deb Debian kernel-image-2.4.17-r5k-ip22_2.4.17-0.020226.2.woody3_mips.deb http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mip s/kernel-image-2.4.17-r5k-ip22_2.4.17-0.020226.2.woody3_mips.deb Debian kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody3_all.deb http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mip s/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody3_all.deb Debian kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody4_all.deb Architecture Independent. http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mip s/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody4_all.deb Debian mips-tools_2.4.17-0.020226.2.woody3_mipsel.deb http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mip s/mips-tools_2.4.17-0.020226.2.woody3_mipsel.deb Debian kernel-doc-2.4.17_2.4.17-1woody3_all.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/ke rnel-doc-2.4.17_2.4.17-1woody3_all.deb Debian kernel-doc-2.4.17_2.4.17-1woody4_all.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/ke rnel-doc-2.4.17_2.4.17-1woody4_all.deb Debian kernel-headers-2.4.17-apus_2.4.17-5_powerpc.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apu s/kernel-headers-2.4.17-apus_2.4.17-5_powerpc.deb Debian kernel-headers-2.4.17-apus_2.4.17-6_powerpc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apu s/kernel-headers-2.4.17-apus_2.4.17-6_powerpc.deb Debian kernel-headers-2.4.17-hppa_32.4_hppa.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hpp a/kernel-headers-2.4.17-hppa_32.4_hppa.deb Debian kernel-headers-2.4.17-hppa_32.5_hppa.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hpp a/kernel-headers-2.4.17-hppa_32.5_hppa.deb Debian kernel-headers-2.4.17-ia64_011226.16_ia64.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia6 4/kernel-headers-2.4.17-ia64_011226.16_ia64.deb Debian kernel-headers-2.4.17-ia64_011226.17_ia64.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia6 4/kernel-headers-2.4.17-ia64_011226.17_ia64.deb Debian kernel-headers-2.4.17-ia64_011226.18_ia64.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia6 4/kernel-headers-2.4.17-ia64_011226.18_ia64.deb Debian kernel-headers-2.4.17_2.4.17-0.020226.2.woody1_mips.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mip s/kernel-headers-2.4.17_2.4.17-0.020226.2.woody1_mips.deb Debian kernel-headers-2.4.17_2.4.17-0.020226.2.woody1_mipsel.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mip s/kernel-headers-2.4.17_2.4.17-0.020226.2.woody1_mipsel.deb Debian kernel-headers-2.4.17_2.4.17-0.020226.2.woody4_mips.deb http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mip s/kernel-headers-2.4.17_2.4.17-0.020226.2.woody4_mips.deb Debian kernel-headers-2.4.17_2.4.17-0.020226.2.woody4_mipsel.deb Little Endian Architecture. http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mip s/kernel-headers-2.4.17_2.4.17-0.020226.2.woody4_mipsel.deb Debian kernel-headers-2.4.17_2.4.17-0.020226.2.woody6_mips.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mip s/kernel-headers-2.4.17_2.4.17-0.020226.2.woody6_mips.deb Debian kernel-headers-2.4.17_2.4.17-0.020226.2.woody6_mipsel.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mip s/kernel-headers-2.4.17_2.4.17-0.020226.2.woody6_mipsel.deb Debian kernel-headers-2.4.17_2.4.17-0.020226.2.woody7_mips.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mip s/kernel-headers-2.4.17_2.4.17-0.020226.2.woody7_mips.deb Debian kernel-headers-2.4.17_2.4.17-0.020226.2.woody7_mipsel.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mip s/kernel-headers-2.4.17_2.4.17-0.020226.2.woody7_mipsel.deb Debian kernel-headers-2.4.17_2.4.17-2.woody.2.2_s390.deb http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s39 0/kernel-headers-2.4.17_2.4.17-2.woody.2.2_s390.deb Debian kernel-headers-2.4.17_2.4.17-2.woody.3_s390.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s39 0/kernel-headers-2.4.17_2.4.17-2.woody.3_s390.deb Debian kernel-headers-2.4.17_2.4.17-2.woody.4_s390.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s39 0/kernel-headers-2.4.17_2.4.17-2.woody.4_s390.deb Debian kernel-headers-2.4.17_2.4.17-2.woody.5_s390.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s39 0/kernel-headers-2.4.17_2.4.17-2.woody.5_s390.deb Debian kernel-image-2.4.17-32-smp_32.4_hppa.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hpp a/kernel-image-2.4.17-32-smp_32.4_hppa.deb Debian kernel-image-2.4.17-32-smp_32.5_hppa.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hpp a/kernel-image-2.4.17-32-smp_32.5_hppa.deb Debian kernel-image-2.4.17-32_32.4_hppa.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hpp a/kernel-image-2.4.17-32_32.4_hppa.deb Debian kernel-image-2.4.17-32_32.5_hppa.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hpp a/kernel-image-2.4.17-32_32.5_hppa.deb Debian kernel-image-2.4.17-64-smp_32.4_hppa.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hpp a/kernel-image-2.4.17-64-smp_32.4_hppa.deb Debian kernel-image-2.4.17-64-smp_32.5_hppa.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hpp a/kernel-image-2.4.17-64-smp_32.5_hppa.deb Debian kernel-image-2.4.17-64_32.4_hppa.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hpp a/kernel-image-2.4.17-64_32.4_hppa.deb Debian kernel-image-2.4.17-64_32.5_hppa.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hpp a/kernel-image-2.4.17-64_32.5_hppa.deb Debian kernel-image-2.4.17-apus_2.4.17-5_powerp

参考网址

来源: MLIST 名称: [linux-kernel] 20050107 [PATCH 2.6.10-mm2] fs/coda Re: [Coverity] Untrusted user data in kernel 链接:http://seclists.org/lists/linux-kernel/2005/Jan/2020.html 来源: MLIST 名称: [linux-kernel] 20050107 [PATCH 2.4.29-pre3-bk4] fs/coda Re: [Coverity] Untrusted user data in kernel 链接:http://seclists.org/lists/linux-kernel/2005/Jan/2018.html 来源: MLIST 名称: [linux-kernel] 20050105 Re: [Coverity] Untrusted user data in kernel 链接:http://seclists.org/lists/linux-kernel/2005/Jan/1089.html 来源: MLIST 名称: [linux-kernel] 20041216 [Coverity] Untrusted user data in kernel 链接:http://seclists.org/lists/linux-kernel/2004/Dec/3914.html 来源: BID 名称: 14967 链接:http://www.securityfocus.com/bid/14967 来源: FEDORA 名称: FLSA:157459-1 链接:http://www.securityfocus.com/archive/1/archive/1/428028/100/0/threaded 来源: REDHAT 名称: RHSA-2006:0191 链接:http://www.redhat.com/support/errata/RHSA-2006-0191.html 来源: REDHAT 名称: RHSA-2005:663 链接:http://www.redhat.com/support/errata/RHSA-2005-663.html 来源: VUPEN 名称: ADV-2005-1878 链接:http://www.frsirt.com/english/advisories/2005/1878 来源: DEBIAN 名称: DSA-1082 链接:http://www.debian.org/security/2006/dsa-1082 来源: DEBIAN 名称: DSA-1070 链接:http://www.debian.org/security/2006/dsa-1070 来源: DEBIAN 名称: DSA-1069 链接:http://www.debian.org/security/2006/dsa-1069 来源: DEBIAN 名称: DSA-1067 链接:http://www.debian.org/security/2006/dsa-1067 来源: DEBIAN 名称: DSA-1017 链接:http://www.debian.org/security/2006/dsa-1017 来源: SECTRACK 名称: 1013018 链接:http://securitytracker.com/id?1013018 来源: SECUNIA 名称: 20338 链接:http://secunia.com/advisories/20338 来源: SECUNIA 名称: 20202 链接:http://secunia.com/advisories/20202 来源: SECUNIA 名称: 20163 链接:http://secunia.com/advisories/20163 来源: SECUNIA 名称: 19374 链接:http://secunia.com/advisories/19374 来源: SECUNIA 名称: 18684 链接:http://secunia.com/advisories/18684 来源: SECUNIA 名称: 17002 链接:http://secunia.com/advisories/17002

受影响实体

  • Linux Linux_kernel:2.4.18:Pre2  
    <!--
    2000-1-1
    -->
  • Linux Linux_kernel:2.4.18:Pre3  
    <!--
    2000-1-1
    -->
  • Linux Linux_kernel:2.4.18:Pre4  
    <!--
    2000-1-1
    -->
  • Linux Linux_kernel:2.4.18:Pre5  
    <!--
    2000-1-1
    -->
  • Linux Linux_kernel:2.4.18:Pre6  
    <!--
    2000-1-1
    -->

补丁

    暂无