Linux Kernel XFS文件系统信息泄露漏洞-一一网

漏洞信息详情

Linux Kernel XFS文件系统信息泄露漏洞

CNNVD编号：CNNVD-200406-005

危害等级：低危
CVE编号：
CVE-2004-0133
漏洞类型：

设计错误
发布时间：

2004-04-15
威胁类型：

本地
更新时间：

2005-10-20
厂商：

linux
漏洞来源：
Linux

漏洞简介

Linux是一款开放源代码操作系统。
Linux内核当写或建立XFS文件系统时存在设计问题，本地攻击者可以利用这个漏洞获得部分内核信息。
根据报告，当写XFS文件系统时会导致部分内存数据写到设备中，攻击者必须读取Raw设备才能获得这些数据，目前没有详细漏洞细节提供。

漏洞公告

厂商补丁：
Linux
—–
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

Linux Upgrade linux-2.4.26.tar.bz2

http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2” target=”_blank”>
http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2

Linux Upgrade linux-2.6.5.tar.bz2

http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.5.tar.bz2” target=”_blank”>
http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.5.tar.bz2
MandrakeSoft
————
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2004:029)以及相应补丁:

MDKSA-2004:029：Updated kernel packages fix multiple vulnerabilities

链接：http://www.linux-mandrake.com/en/security/2004/2004-029.php” target=”_blank”>
http://www.linux-mandrake.com/en/security/2004/2004-029.php

补丁下载：

Updated Packages:

Mandrakelinux 10.0:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-2.4.25.3mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-2.6.3.8mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-enterprise-2.4.25.3mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-enterprise-2.6.3.8mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-i686-up-4GB-2.4.25.3mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-i686-up-4GB-2.6.3.8mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-p3-smp-64GB-2.4.25.3mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-p3-smp-64GB-2.6.3.8mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-secure-2.6.3.8mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-smp-2.4.25.3mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-smp-2.6.3.8mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-source-2.4.25-3mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-source-2.6.3-8mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-source-stripped-2.6.3-8mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/SRPMS/kernel-2.4.25.3mdk-1-1mdk.src.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/SRPMS/kernel-2.6.3.8mdk-1-1mdk.src.rpm

Corporate Server 2.1:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/kernel-2.4.19.39mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/kernel-enterprise-2.4.19.39mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/kernel-secure-2.4.19.39mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/kernel-smp-2.4.19.39mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/kernel-source-2.4.19-39mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/SRPMS/kernel-2.4.19.39mdk-1-1mdk.src.rpm

Corporate Server 2.1/x86_64:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/RPMS/kernel-2.4.19.40mdk-1-1mdk.x86_64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.40mdk-1-1mdk.x86_64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.40mdk-1-1mdk.x86_64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-40mdk.x86_64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/SRPMS/kernel-2.4.19.40mdk-1-1mdk.src.rpm

Mandrakelinux 9.1:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/kernel-2.4.21.0.29mdk-1-1mdk.i586.rpm

参考网址

来源: ENGARDE
名称: ESA-20040428-004
链接:http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html

来源: TRUSTIX
名称: 2004-0020
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108213675028441&w=2

来源: SGI
名称: 20040405-01-U
链接:ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc

来源: GENTOO
名称: GLSA-200407-02
链接:http://security.gentoo.org/glsa/glsa-200407-02.xml

来源: XF
名称: linux-xfs-info-disclosure(15901)
链接:http://xforce.iss.net/xforce/xfdb/15901

来源: BID
名称: 10151
链接:http://www.securityfocus.com/bid/10151

来源: MANDRAKE
名称: MDKSA-2004:029
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:029

来源: SECUNIA
名称: 11362
链接:http://secunia.com/advisories/11362

受影响实体

Linux Linux_kernel:2.4.0

更多>>

文章版权归作者所有，未经允许请勿转载。

THE END

信息安全

Drupal ‘Share Buttons’ 跨站脚本漏洞

redis 源码阅读之你不知道的 sds

日志系统：SQL的更新过程

100 个基本 Python 面试问题第三部分(41-60)｜Python 主题月

今天HDFS起不来

springboot中使用自定义两级缓存

Linux Kernel XFS文件系统信息泄露漏洞

漏洞信息详情

Linux Kernel XFS文件系统信息泄露漏洞

漏洞简介

漏洞公告

参考网址

受影响实体