BubbleMon核心内存文件描述符泄露漏洞

漏洞信息详情

BubbleMon核心内存文件描述符泄露漏洞

• CNNVD编号：CNNVD-200209-040
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2002-1125
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  2002-09-24
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  freebsd
• 漏洞来源：
  Vulnerability disc…

使用libkvm的FreeBSD 4.6.2-RELEASE及其早期版本的包含(1)asmon，(2)ascpu，(3)bubblemon，(4)wmmon，and (5)wmnet2的FreeBSD端口程序让文件描述符对/dev/mem和/dev/kmem开放。本地用户读取核心内存。

FreeBSD has made a patch available:
FreeBSD FreeBSD 4.2

• FreeBSD libkvm.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:39/libkvm.patch

FreeBSD FreeBSD 4.3

• FreeBSD libkvm.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:39/libkvm.patch

FreeBSD FreeBSD 4.4

• FreeBSD libkvm.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:39/libkvm.patch

FreeBSD FreeBSD 4.5

• FreeBSD libkvm.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:39/libkvm.patch

FreeBSD FreeBSD 4.6

• FreeBSD libkvm.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:39/libkvm.patch

来源: BID
名称: 5720
链接:http://www.securityfocus.com/bid/5720

来源: BID
名称: 5719
链接:http://www.securityfocus.com/bid/5719

来源: BID
名称: 5718
链接:http://www.securityfocus.com/bid/5718

来源: BID
名称: 5716
链接:http://www.securityfocus.com/bid/5716

来源: BID
名称: 5714
链接:http://www.securityfocus.com/bid/5714

来源: XF
名称: bsd-libkvm-descriptor-leak(10109)
链接:http://www.iss.net/security_center/static/10109.php

来源: VULNWATCH
名称: 20020916 iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities
链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0115.html

来源: FREEBSD
名称: FreeBSD-SA-02:39
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:39.libkvm.asc

来源: BUGTRAQ
名称: 20020916 iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103228135413310&w=2