正文

Linux shmctl函数 敏感信息泄露漏洞

admin
admin V管理员 /0 评论 /6 阅读
1231
此篇文章发布距今已超过1276天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Linux shmctl函数 敏感信息泄露漏洞

  • CNNVD编号:CNNVD-200502-059
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2005-0176
  • 漏洞类型: 资料不足
  • 发布时间: 2005-02-15
  • 威胁类型: 远程
  • 更新时间: 2005-10-20
  • 厂        商: linux
  • 漏洞来源: Discovery of these...

漏洞简介

linux 是款开放源代码的类unix操作系统。 Linux 2.6.9及更早版本中的shmctl函数可让本地用户取消锁定其他进程的内存,这会导致敏感内存交换到磁盘上,一旦将其释放,其他用户就可以读取到敏感信息。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: RedHat Fedora Core1 RedHat kernel-2.4.22-1.2199.5.legacy.nptl.athlon.rpm Fedora Core 1: http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1 .2199.5.legacy.nptl.athlon.rpm RedHat kernel-2.4.22-1.2199.5.legacy.nptl.i586.rpm Fedora Core 1: http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1 .2199.5.legacy.nptl.i586.rpm RedHat kernel-2.4.22-1.2199.5.legacy.nptl.i686.rpm Fedora Core 1: http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1 .2199.5.legacy.nptl.i686.rpm RedHat kernel-BOOT-2.4.22-1.2199.5.legacy.nptl.i386.rpm Fedora Core 1: http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-BOOT-2.4 .22-1.2199.5.legacy.nptl.i386.rpm RedHat kernel-doc-2.4.22-1.2199.5.legacy.nptl.i386.rpm Fedora Core 1: http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-doc-2.4. 22-1.2199.5.legacy.nptl.i386.rpm RedHat kernel-smp-2.4.22-1.2199.5.legacy.nptl.athlon.rpm Fedora Core 1: http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4. 22-1.2199.5.legacy.nptl.athlon.rpm RedHat kernel-smp-2.4.22-1.2199.5.legacy.nptl.i586.rpm Fedora Core 1: http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4. 22-1.2199.5.legacy.nptl.i586.rpm RedHat kernel-smp-2.4.22-1.2199.5.legacy.nptl.i686.rpm Fedora Core 1: http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4. 22-1.2199.5.legacy.nptl.i686.rpm RedHat kernel-source-2.4.22-1.2199.5.legacy.nptl.i386.rpm Fedora Core 1: http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-source-2 .4.22-1.2199.5.legacy.nptl.i386.rpm Linux kernel 2.6 Debian kernel-headers-2.6-amd64-generic_103sarge1_amd64.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64 /kernel-headers-2.6-amd64-generic_103sarge1_amd64.deb Debian kernel-headers-2.6-amd64-k8-smp_103sarge1_amd64.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64 /kernel-headers-2.6-amd64-k8-smp_103sarge1_amd64.deb Debian kernel-headers-2.6-amd64-k8_103sarge1_amd64.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64 /kernel-headers-2.6-amd64-k8_103sarge1_amd64.deb Debian kernel-headers-2.6-em64t-p4-smp_103sarge1_amd64.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64 /kernel-headers-2.6-em64t-p4-smp_103sarge1_amd64.deb Debian kernel-headers-2.6-em64t-p4_103sarge1_amd64.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64 /kernel-headers-2.6-em64t-p4_103sarge1_amd64.deb Debian kernel-headers-2.6-generic_101sarge1_alpha.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-alpha /kernel-headers-2.6-generic_101sarge1_alpha.deb Debian kernel-headers-2.6-itanium-smp_2.6.8-14sarge2_ia64.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64 /kernel-headers-2.6-itanium-smp_2.6.8-14sarge2_ia64.deb Debian kernel-headers-2.6-itanium_2.6.8-14sarge2_ia64.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64 /kernel-headers-2.6-itanium_2.6.8-14sarge2_ia64.deb Debian kernel-headers-2.6-smp_101sarge1_alpha.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-alpha /kernel-headers-2.6-smp_101sarge1_alpha.deb Debian kernel-headers-2.6-sparc32_101sarge1_sparc.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-sparc /kernel-headers-2.6-sparc32_101sarge1_sparc.deb Debian kernel-headers-2.6-sparc64-smp_101sarge1_sparc.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-sparc /kernel-headers-2.6-sparc64-smp_101sarge1_sparc.deb Debian kernel-headers-2.6-sparc64_101sarge1_sparc.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-sparc /kernel-headers-2.6-sparc64_101sarge1_sparc.deb Debian kernel-image-2.4-powerpc_102sarge1_powerpc.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/k ernel-image-2.4-powerpc_102sarge1_powerpc.deb

参考网址

来源: REDHAT 名称: RHSA-2005:092 链接:http://www.redhat.com/support/errata/RHSA-2005-092.html 来源: BUGTRAQ 名称: 20050215 [USN-82-1] Linux kernel vulnerabilities 链接:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2 来源: CONECTIVA 名称: CLA-2005:930 链接:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 来源: BID 名称: 12598 链接:http://www.securityfocus.com/bid/12598 来源: REDHAT 名称: RHSA-2005:472 链接:http://www.redhat.com/support/errata/RHSA-2005-472.html 来源: SECUNIA 名称: 19607 链接:http://secunia.com/advisories/19607 来源: SGI 名称: 20060402-01-U 链接:ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U 来源: US Government Resource: oval:org.mitre.oval:def:1225 名称: oval:org.mitre.oval:def:1225 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1225

受影响实体

  • Linux Linux_kernel:2.6.9:2.6.20  
    <!--
    2000-1-1
    -->

补丁

    暂无