漏洞信息详情
Linux Kernel IOPERM系统调用I/O端口访问漏洞
- CNNVD编号:CNNVD-200306-073
- 危害等级: 低危
![图片[1]-Linux Kernel IOPERM系统调用I/O端口访问漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-16/fa6998ac850c38cb90c47a02e5a8652c.png)
- CVE编号:
CVE-2003-0246
- 漏洞类型:
设计错误
- 发布时间:
2003-05-14
- 威胁类型:
本地
- 更新时间:
2005-10-20
- 厂 商:
linux - 漏洞来源:
Martin J. Bligh※ m… -
漏洞简介
Linux Kernel是开放源代码的Linux内核系统。
Linux的ioperm系统调用存在程序设计错误,本地攻击者可以利用这个漏洞读/写访问系统的I/O端口。
ioperm由于设计问题可允许非特权用户获得对系统I/O端口的读和写访问。当特权进程使用时,ioperm系统调用也会不正确地限制权限。
漏洞公告
临时解决方法:
如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
* Linux 2.5.69版本中未测试和非官方补丁如下:
diff -urN linux-2.5.64-bk5/arch/i386/kernel/ioport.c linux/arch/i386/kernel/ioport.c
— linux-2.5.64-bk5/arch/i386/kernel/ioport.c2003-02-24 14:59:03.000000000 -0500
+++ linux/arch/i386/kernel/ioport.c2003-03-14 10:19:48.000000000 -0500
@@ -84,15 +84,17 @@
t->ts_io_bitmap = bitmap;
}
-tss = init_tss + get_cpu();
-if (bitmap)
-tss->bitmap = IO_BITMAP_OFFSET;/* Activate it in the TSS */
–
/*
* do it in the per-thread copy and in the TSS …
*/
set_bitmap(t->ts_io_bitmap, from, num, !turn_on);
-set_bitmap(tss->io_bitmap, from, num, !turn_on);
+tss = init_tss + get_cpu();
+if (tss->bitmap == IO_BITMAP_OFFSET) { /* already active? */
+set_bitmap(tss->io_bitmap, from, num, !turn_on);
+} else {
+memcpy(tss->io_bitmap, t->ts_io_bitmap, IO_BITMAP_BYTES);
+tss->bitmap = IO_BITMAP_OFFSET;/* Activate it in the TSS */
+}
put_cpu();
out:
return ret;
厂商补丁:
RedHat
——
RedHat已经为此发布了一个安全公告(RHSA-2003:172-00)以及相应补丁:
RHSA-2003:172-00:Updated 2.4 kernel fixes security vulnerabilities and various bugs
链接:https://www.redhat.com/support/errata/RHSA-2003-172.html” target=”_blank”>https://www.redhat.com/support/errata/RHSA-2003-172.html
补丁下载:
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm
athlon:
ftp://updates.redhat.com/7.1/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm
ftp://updates.redhat.com/7.1/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm
i586:
ftp://updates.redhat.com/7.1/en/os/i586/kernel-2.4.20-13.7.i586.rpm
ftp://updates.redhat.com/7.1/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm
i686:
ftp://updates.redhat.com/7.1/en/os/i686/kernel-2.4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm
athlon:
ftp://updates.redhat.com/7.2/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm
ftp://updates.redhat.com/7.2/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/kernel-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm
i586:
ftp://updates.redhat.com/7.2/en/os/i586/kernel-2.4.20-13.7.i586.rpm
ftp://updates.redhat.com/7.2/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm
i686:
ftp://updates.redhat.com/7.2/en/os/i686/kernel-2.4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.2/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.2/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm
athlon:
ftp://updates.redhat.com/7.3/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm
ftp://updates.redhat.com/7.3/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/kernel-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm
i586:
ftp://updates.redhat.com/7.3/en/os/i586/kernel-2.4.20-13.7.i586.rpm
ftp://updates.redhat.com/7.3/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm
i686:
ftp://updates.redhat.com/7.3/en/os/i686/kernel-2.4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm
Red Hat Linux 8.0:
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/kernel-2.4.20-13.8.src.rpm
ftp://updates.redhat.com/8.0/en/os/SRPMS/oprofile-0.4-44.8.1.src.rpm
athlon:
来源: REDHAT
名称: RHSA-2003:172
链接:http://www.redhat.com/support/errata/RHSA-2003-172.html
来源: DEBIAN
名称: DSA-311
链接:http://www.debian.org/security/2003/dsa-311
来源: ENGARDE
名称: ESA-20030515-017
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2
来源: TURBO
名称: TLSA-2003-41
链接:http://www.turbolinux.com/security/TLSA-2003-41.txt
来源: REDHAT
名称: RHSA-2003:147
链接:http://www.redhat.com/support/errata/RHSA-2003-147.html
来源: DEBIAN
名称: DSA-442
链接:http://www.debian.org/security/2004/dsa-442
来源: DEBIAN
名称: DSA-336
链接:http://www.debian.org/security/2003/dsa-336
来源: DEBIAN
名称: DSA-332
链接:http://www.debian.org/security/2003/dsa-332
来源: DEBIAN
名称: DSA-312
链接:http://www.debian.org/security/2003/dsa-312
来源: VULNWATCH
名称: 20030520 Linux 2.4 kernel ioperm vuln
链接:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0076.html
来源: MANDRAKE
名称: MDKSA-2003:074
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
来源: MANDRAKE
名称: MDKSA-2003:066
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2003:066
来源: US Government Resource: oval:org.mitre.oval:def:278
名称: oval:org.mitre.oval:def:278
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:278
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
