漏洞信息详情
Linux Kernel ISO9660文件系统缓冲区溢出漏洞
- CNNVD编号:CNNVD-200406-002
- 危害等级: 中危
![图片[1]-Linux Kernel ISO9660文件系统缓冲区溢出漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-26/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2004-0109
- 漏洞类型:
边界条件错误
- 发布时间:
2004-04-15
- 威胁类型:
本地
- 更新时间:
2007-01-24
- 厂 商:
linux - 漏洞来源:
zen-parse※ zen-par… -
漏洞简介
Linux是一款开放源代码操作系统。
Linux内核没有对存储在ISO9660文件系统上的符号连接进行正确的长度检查,本地攻击者可以利用这个漏洞获得root用户权限。
ISO9660文件系统上的符号连接由\’\’Rock Ridge\’\’扩展到标准格式支持,通过在恶意构建ISO文件系统,当内核在执行目录列表及尝试通过畸形符号连接访问文件时触发。几个相关的受影响函数如下:
fs/isofs/rock.c: rock_ridge_symlink_readpage()
fs/isofs/rock.c: get_symlink_chunk()
由于没有对符号连接长度进行正确检查而触发内存错误。精心构建记录数据可能以root用户权限执行任意指令。
漏洞公告
厂商补丁:
Debian
——
Debian已经为此发布了相应补丁:
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3.dsc
Size/MD5 checksum: 690 222d67d058984eef34ef3af56ad82720
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3.diff.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3.diff.gz
Size/MD5 checksum: 41918 dce13eeca598d548e390a72fed76728f
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17.orig.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17.orig.tar.gz
Size/MD5 checksum: 29445154 d5de2a4dc49e32c37e557ef856d5d132
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody6.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody6.dsc
Size/MD5 checksum: 805 2076a7b98736825eb39bf5bc8eba23d2
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody6.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody6.tar.gz
Architecture independent components:
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-doc-2.4.17_2.4.17-1woody3_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-doc-2.4.17_2.4.17-1woody3_all.deb
Size/MD5 checksum: 1720294 3b6e8a510996bebd066d1cda8bac41eb
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3_all.deb
Size/MD5 checksum: 23880582 542792a28d1fc90844f9b51abe84f90e
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody6_all.deb
Size/MD5 checksum: 1149360 9e6755113b2f9aa136cb7a661ff17953
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody6_mips.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody6_mips.deb
Size/MD5 checksum: 3475460 5fd4b0778c297c49009ece259b417f22
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-ip22_2.4.17-0.020226.2.woody6_mips.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-ip22_2.4.17-0.020226.2.woody6_mips.deb
Size/MD5 checksum: 2042058 a15d8dad4f6d3a0ca8f32bca87a153b3
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r5k-ip22_2.4.17-0.020226.2.woody6_mips.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r5k-ip22_2.4.17-0.020226.2.woody6_mips.deb
Size/MD5 checksum: 2042102 f9cc1ae2e4d53f0a017a842580823a34
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody6_mipsel.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody6_mipsel.deb
Size/MD5 checksum: 3474878 26731e041b80cfeb5bc609cf6f2b20a1
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r3k-kn02_2.4.17-0.020226.2.woody6_mipsel.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r3k-kn02_2.4.17-0.020226.2.woody6_mipsel.deb
Size/MD5 checksum: 2197528 b2cefc4f87ee78a1c146a4e428b2d44c
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-kn04_2.4.17-0.020226.2.woody6_mipsel.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-kn04_2.4.17-0.020226.2.woody6_mipsel.deb
Size/MD5 checksum: 2193620 0cf8429a531c6eb29cdc34b4e343d9ac
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/mips-tools_2.4.17-0.020226.2.woody6_mipsel.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/mips-tools_2.4.17-0.020226.2.woody6_mipsel.deb
Size/MD5 checksum: 15394 7f2ad07ae6daa9de0db7d45cdc83ee59
Source archives:
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody2.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody2.dsc
Size/MD5 checksum: 672 9860f430fe435100c103a42c7b5dbc66
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody2.diff.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody2.diff.gz
Size/MD5 checksum: 47625 cc802c42472c637de501dde07df7cec8
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19.orig.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19.orig.tar.gz
Size/MD5 checksum: 32000211 237896fbb45ae652cc9c5cecc9b746da
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody4.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody4.dsc
Size/MD5 checksum: 792 a21174ff774b45160cf3f714ea1ec226
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody4.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody4.tar.gz
Size/MD5 checksum: 1032076 96e1ae069ef39afbdae505edc6f11375
Architecture independent components:
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-doc-2.4.19_2.4.19-4.woody2_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-doc-2.4.19_2.4.19-4.woody2_all.deb
Size/MD5 checksum: 1783144 deaa1a0705f5f334ebbc60734b6bc2c7
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody2_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody2_all.deb
Size/MD5 checksum: 25895130 f42c8c0b27e644d024e33738a5c87863
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody4_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody4_all.deb
Size/MD5 checksum: 1032600 c7ec4194385c7e
参考网址
来源: ENGARDE
名称: ESA-20040428-004
链接:http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
来源: REDHAT
名称: RHSA-2004:166
链接:http://rhn.redhat.com/errata/RHSA-2004-166.html
来源: TRUSTIX
名称: 2004-0020
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108213675028441&w=2
来源: SGI
名称: 20040405-01-U
链接:ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc
来源: XF
名称: linux-iso9660-bo(15866)
链接:http://xforce.iss.net/xforce/xfdb/15866
来源: TURBO
名称: TLSA-2004-14
链接:http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
来源: BID
名称: 10141
链接:http://www.securityfocus.com/bid/10141
来源: REDHAT
名称: RHSA-2004:183
链接:http://www.redhat.com/support/errata/RHSA-2004-183.html
来源: REDHAT
名称: RHSA-2004:106
链接:http://www.redhat.com/support/errata/RHSA-2004-106.html
来源: REDHAT
名称: RHSA-2004:105
链接:http://www.redhat.com/support/errata/RHSA-2004-105.html
来源: SUSE
名称: SuSE-SA:2004:009
链接:http://www.novell.com/linux/security/advisories/2004_09_kernel.html
来源: www.idefense.com
链接:http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities
来源: DEBIAN
名称: DSA-495
链接:http://www.debian.org/security/2004/dsa-495
来源: DEBIAN
名称: DSA-491
链接:http://www.debian.org/security/2004/dsa-491
来源: DEBIAN
名称: DSA-489
链接:http://www.debian.org/security/2004/dsa-489
来源: DEBIAN
名称: DSA-482
链接:http://www.debian.org/security/2004/dsa-482
来源: DEBIAN
名称: DSA-481
链接:http://www.debian.org/security/2004/dsa-481
来源: DEBIAN
名称: DSA-480
链接:http://www.debian.org/security/2004/dsa-480
来源: DEBIAN
名称: DSA-479
链接:http://www.debian.org/security/2004/dsa-479
来源: CIAC
名称: O-127
链接:http://www.ciac.org/ciac/bulletins/o-127.shtml
来源: CIAC
名称: O-121
链接:http://www.ciac.org/ciac/bulletins/o-121.shtml
来源: GENTOO
名称: GLSA-200407-02
链接:http://security.gentoo.org/glsa/glsa-200407-02.xml
来源: SECUNIA
名称: 12003
链接:http://secunia.com/advisories/12003
来源: SECUNIA
名称: 11986
链接:http://secunia.com/advisories/11986
来源: SECUNIA
名称: 11891
链接:http://secunia.com/advisories/11891
来源: SECUNIA
名称: 11861
链接:http://secunia.com/advisories/11861
来源: SECUNIA
名称: 11626
链接:http://secunia.com/advisories/11626
来源: SECUNIA
名称: 11518
链接:http://secunia.com/advisories/11518
来源: SECUNIA
名称: 11494
链接:http://secunia.com/advisories/11494
来源: SECUNIA
名称: 11486
链接:http://secunia.com/advisories/11486
来源: SECUNIA
名称: 11470
链接:http://secunia.com/advisories/11470
来源: SECUNIA
名称: 11469
链接:http://secunia.com/advisories/11469
来源: SECUNIA
名称: 11464
链接:http://secunia.com/advisories/11464
来源: SECUNIA
名称: 11373
链接:http://secunia.com/advisories/11373
来源: SECUNIA
名称: 11362
链接:http://secunia.com/advisories/11362
来源: SECUNIA
名称: 11361
链接:http://secunia.com/advisories/11361
来源: OVAL
名称: oval:org.mitre.oval:def:10733
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10733
来源: CONECTIVA
名称: CLA-2004:846
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
来源: SGI
名称: 20040504-01-U
链接:ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc
来源: MANDRAKE
名称: MDKSA-2004:029
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
来源: US Government Resource: oval:org.mitre.oval:def:940
名称: oval:org.mitre.oval:def:940
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:940
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
