Linux Kernel Setsockopt MCAST_MSFILTER整数溢出漏洞

漏洞信息详情

Linux Kernel Setsockopt MCAST_MSFILTER整数溢出漏洞

• CNNVD编号：CNNVD-200407-013
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2004-0424
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2004-07-07
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  slackware
• 漏洞来源：
  Paul Starzetz is c…

Linux kernel 2.4.22到2.4.25 和2.6.1到2.6.3版本的ip_setsockopt函数存在整数溢出漏洞。本地用户借助MCAST_MSFILTER接口选项导致服务拒绝（崩溃）或者执行任意代码。

This issue has been addressed in the 2.4.26 and 2.6.4 kernel releases. Please see the references for more information.
Linux kernel 2.4.22

• Fedora kernel-2.4.22-1.2188.nptl.athlon.rpm
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386
  /kernel-2.4.22-1.2188.nptl.athlon.rpm
• Fedora kernel-2.4.22-1.2188.nptl.i586.rpm
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386
  /kernel-2.4.22-1.2188.nptl.i586.rpm
• Fedora kernel-2.4.22-1.2188.nptl.i686.rpm
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386
  /kernel-2.4.22-1.2188.nptl.i686.rpm
• Fedora kernel-2.4.22-1.2188.nptl.x86_64.rpm
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/x86_
  64/kernel-2.4.22-1.2188.nptl.x86_64.rpm
• Fedora kernel-BOOT-2.4.22-1.2188.nptl.i386.rpm
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386
  /kernel-BOOT-2.4.22-1.2188.nptl.i386.rpm
• Fedora kernel-debuginfo-2.4.22-1.2188.nptl.athlon.rpm
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386
  /debug/kernel-debuginfo-2.4.22-1.2188.nptl.athlon.rpm
• Fedora kernel-debuginfo-2.4.22-1.2188.nptl.i386.rpm
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386
  /debug/kernel-debuginfo-2.4.22-1.2188.nptl.i386.rpm
• Fedora kernel-debuginfo-2.4.22-1.2188.nptl.i586.rpm
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386
  /debug/kernel-debuginfo-2.4.22-1.2188.nptl.i586.rpm
• Fedora kernel-debuginfo-2.4.22-1.2188.nptl.i686.rpm
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386
  /debug/kernel-debuginfo-2.4.22-1.2188.nptl.i686.rpm
• Fedora kernel-debuginfo-2.4.22-1.2188.nptl.x86_64.rpm
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/x86_
  64/debug/kernel-debuginfo-2.4.22-1.2188.nptl.x86_64.rpm
• Fedora kernel-doc-2.4.22-1.2188.nptl.i386.rpm
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386
  /kernel-doc-2.4.22-1.2188.nptl.i386.rpm
• Fedora kernel-doc-2.4.22-1.2188.nptl.x86_64.rpm
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/x86_
  64/kernel-doc-2.4.22-1.2188.nptl.x86_64.rpm
• Fedora kernel-smp-2.4.22-1.2188.nptl.athlon.rpm
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386
  /kernel-smp-2.4.22-1.2188.nptl.athlon.rpm
• Fedora kernel-smp-2.4.22-1.2188.nptl.i686.rpm
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386
  /kernel-smp-2.4.22-1.2188.nptl.i686.rpm
• Fedora kernel-smp-2.4.22-1.2188.nptl.x86_64.rpm
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/x86_
  64/kernel-smp-2.4.22-1.2188.nptl.x86_64.rpm
• Fedora kernel-source-2.4.22-1.2188.nptl.i386.rpm
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386
  /kernel-source-2.4.22-1.2188.nptl.i386.rpm
• Fedora kernel-source-2.4.22-1.2188.nptl.x86_64.rpm
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/x86_
  64/kernel-source-2.4.22-1.2188.nptl.x86_64.rpm
• Linux linux-2.4.26.tar.bz2
  
  http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
• Mandrake kernel-2.4.22.30mdk-1-1mdk.amd64.rpmMandrake Linux 9.2/AMD64
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake kernel-2.4.22.30mdk-1-1mdk.i586.rpmMandrake Linux 9.2
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake kernel-enterprise-2.4.22.30mdk-1-1mdk.i586.rpmMandrake Linux 9.2
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake kernel-p3-smp-64GB-2.4.22.30mdk-1-1mdk.i586.rpmMandrake Linux 9.2
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake kernel-secure-2.4.22.30mdk-1-1mdk.amd64.rpmMandrake Linux 9.2/AMD64
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake kernel-secure-2.4.22.30mdk-1-1mdk.i586.rpmMandrake Linux 9.2
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake kernel-smp-2.4.22.30mdk-1-1mdk.amd64.rpmMandrake Linux 9.2/AMD64
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake kernel-smp-2.4.22.30mdk-1-1mdk.i586.rpmMandrake Linux 9.2
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake kernel-source-2.4.22-30mdk.amd64.rpmMandrake Linux 9.2/AMD64
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake kernel-source-2.4.22-30mdk.i586.rpmMandrake Linux 9.2
  
  http://www.mandrakesecure.net/en/ftp.php
• Slackware alsa-driver-0.9.8-i486-3.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/a
  lsa-driver-0.9.8-i486-3.tgz
• Slackware hotplug-2004_01_05-noar

来源: XF
名称: linux-ipsetsockopt-integer-bo(15907)
链接:http://xforce.iss.net/xforce/xfdb/15907

来源: BID
名称: 10179
链接:http://www.securityfocus.com/bid/10179

来源: ENGARDE
名称: ESA-20040428-004
链接:http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html

来源: www.isec.pl
链接:http://www.isec.pl/vulnerabilities/isec-0015-msfilter.txt

来源: BUGTRAQ
名称: 20040420 Linux kernel setsockopt MCAST_MSFILTER integer overflow
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108253171301153&w=2

来源: SUSE
名称: SuSE-SA:2004:010
链接:http://www.novell.com/linux/security/advisories/2004_10_kernel.html

来源: OVAL
名称: oval:org.mitre.oval:def:11214
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11214

来源: SGI
名称: 20040504-01-U
链接:ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc

来源: SLACKWARE
名称: SSA:2004-119
链接:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.659586

来源: REDHAT
名称: RHSA-2004:183
链接:http://www.redhat.com/support/errata/RHSA-2004-183.html

来源: MANDRAKE
名称: MDKSA-2004:037
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:037

来源: CONECTIVA
名称: CLA-2004:852
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852

来源: US Government Resource: oval:org.mitre.oval:def:939
名称: oval:org.mitre.oval:def:939
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:939