Linux Kernel JFS文件系统信息泄露漏洞-一一网

漏洞信息详情

Linux Kernel JFS文件系统信息泄露漏洞

CNNVD编号：CNNVD-200406-012

危害等级：低危
CVE编号：
CVE-2004-0181
漏洞类型：

设计错误
发布时间：

2004-04-15
威胁类型：

本地
更新时间：

2005-10-20
厂商：

linux
漏洞来源：
Linux

漏洞简介

Linux是一款开放源代码操作系统。
Linux内核在处理JFS文件系统清理时问题，本地攻击者可以利用这个漏洞获得部分内核信息。
此漏洞只是让ROOT用户获得对这些文件系统的敏感信息。此漏洞只威胁那些不让ROOT用户访问的信息。目前没有详细漏洞细节提供。

漏洞公告

厂商补丁：
Linux
—–
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

Linux Upgrade linux-2.4.26.tar.bz2

http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2” target=”_blank”>
http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2

Linux Upgrade linux-2.6.5.tar.bz2

http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.5.tar.bz2” target=”_blank”>
http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.5.tar.bz2
MandrakeSoft
————
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2004:029)以及相应补丁:

MDKSA-2004:029：Updated kernel packages fix multiple vulnerabilities

链接：http://www.linux-mandrake.com/en/security/2004/2004-029.php” target=”_blank”>
http://www.linux-mandrake.com/en/security/2004/2004-029.php

补丁下载：

Updated Packages:

Mandrakelinux 10.0:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-2.4.25.3mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-2.6.3.8mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-enterprise-2.4.25.3mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-enterprise-2.6.3.8mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-i686-up-4GB-2.4.25.3mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-i686-up-4GB-2.6.3.8mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-p3-smp-64GB-2.4.25.3mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-p3-smp-64GB-2.6.3.8mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-secure-2.6.3.8mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-smp-2.4.25.3mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-smp-2.6.3.8mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-source-2.4.25-3mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-source-2.6.3-8mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/kernel-source-stripped-2.6.3-8mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/SRPMS/kernel-2.4.25.3mdk-1-1mdk.src.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/SRPMS/kernel-2.6.3.8mdk-1-1mdk.src.rpm

Corporate Server 2.1:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/kernel-2.4.19.39mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/kernel-enterprise-2.4.19.39mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/kernel-secure-2.4.19.39mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/kernel-smp-2.4.19.39mdk-1-1mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/kernel-source-2.4.19-39mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/SRPMS/kernel-2.4.19.39mdk-1-1mdk.src.rpm

Corporate Server 2.1/x86_64:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/RPMS/kernel-2.4.19.40mdk-1-1mdk.x86_64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.40mdk-1-1mdk.x86_64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.40mdk-1-1mdk.x86_64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-40mdk.x86_64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/SRPMS/kernel-2.4.19.40mdk-1-1mdk.src.rpm

Mandrakelinux 9.1:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/kernel-2.4.21.0.29mdk-1-1mdk.i586.rpm

参考网址

来源: ENGARDE
名称: ESA-20040428-004
链接:http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html

来源: TRUSTIX
名称: 2004-0020
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108213675028441&w=2

来源: GENTOO
名称: GLSA-200407-02
链接:http://security.gentoo.org/glsa/glsa-200407-02.xml

来源: OVAL
名称: oval:org.mitre.oval:def:10329
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10329

来源: XF
名称: linux-jfs-info-disclosure(15902)
链接:http://xforce.iss.net/xforce/xfdb/15902

来源: TURBO
名称: TLSA-2004-14
链接:http://www.turbolinux.com/security/2004/TLSA-2004-14.txt

来源: BID
名称: 10143
链接:http://www.securityfocus.com/bid/10143

来源: REDHAT
名称: RHSA-2005:663
链接:http://www.redhat.com/support/errata/RHSA-2005-663.html

来源: REDHAT
名称: RHSA-2004:504
链接:http://www.redhat.com/support/errata/RHSA-2004-504.html

来源: MANDRAKE
名称: MDKSA-2004:029
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:029

来源: VUPEN
名称: ADV-2005-1878
链接:http://www.frsirt.com/english/advisories/2005/1878

来源: SECUNIA
名称: 17002
链接:http://secunia.com/advisories/17002

受影响实体

Linux Linux_kernel:2.4.0

更多>>

文章版权归作者所有，未经允许请勿转载。

THE END

信息安全

极光开发者周刊【No.0423】

7-Technologies交互图形SCADA系统远程拒绝服务漏洞

Android四大组件之Acitivity基础篇

七、OpenGL入门–大球自转+小球公转+移动

【虚拟物品】中国银行用户1元购买一个月网易云黑胶会员

学习“发布——订阅设计模式”

Linux Kernel JFS文件系统信息泄露漏洞

漏洞信息详情

Linux Kernel JFS文件系统信息泄露漏洞

漏洞简介

漏洞公告

参考网址

受影响实体