Linux Kernel TIOCSETD终端子系统竞态条件漏洞

漏洞信息详情

Linux Kernel TIOCSETD终端子系统竞态条件漏洞

• CNNVD编号：CNNVD-200412-092
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2004-0814
  
• 漏洞类型：
  
  
  竞争条件
  
• 发布时间：
  
  2004-12-23
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  linux
• 漏洞来源：
  This issue was ann…

Linux 2.6.9以前的2.4.x，和2.6.x版本的终端层存在多个竞态条件漏洞。（1）本地用户通过调用TIOCSETD ioctl到正在访问另一个线程的终端接口获得核心数据部分，或者（2）远程攻击者通过从控制台切换到PPP线路规则导致服务拒绝，然后迅速发送交换机接收到的数据。

This issue has been addressed in version 2.6.9 of the Linux Kernel. Patches are also available for 2.4.x releases.
The Fedora Legacy project has released advisory FLSA:2336 to address this issue for Red Hat Fedora Core 1, Red Hat Linux 7.3 and 9. Please see the referenced advisory for further information.
Ubuntu Linux has released advisory USN-38-1 along with fixes to address this, and other issues. Please see the referenced advisory for further information.
MandrakeSoft has issued fixes in advisory MDKSA-2005:022. See reference section.
TurboLinux has released Turbolinux Security Announcement 28/Feb/2005 dealing with this and other issues. Please see the referenced advisory for more information.
SuSE Linux has released advisory SUSE-SA:2005:018 along with fixes dealing with this and other issues. Please see the referenced advisory for more information.
Red Hat released advisory RHSA-2005:293-16 as well as fixes to address this and other issues on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisories for additional information.
Avaya has released advisory ASA-2005-120 stating which Avaya products are vulnerable to this issue. Please see the referenced advisory for further details. No Avaya fixes are currently available.

Linux kernel 2.4.20

• RedHat kernel-2.4.20-42.9.legacy.athlon.rpmRedHat Linux 9
  
  http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-4
  2.9.legacy.athlon.rpm
• RedHat kernel-2.4.20-42.9.legacy.i386.rpmRedHat Linux 9
  
  http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-4
  2.9.legacy.i386.rpm
• RedHat kernel-2.4.20-42.9.legacy.i586.rpmRedHat Linux 9
  
  http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-4
  2.9.legacy.i586.rpm
• RedHat kernel-2.4.20-42.9.legacy.i686.rpmRedHat Linux 9
  
  http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-4
  2.9.legacy.i686.rpm
• RedHat kernel-bigmem-2.4.20-42.9.legacy.i686.rpmRedHat Linux 9
  
  http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-bigmem-2
  .4.20-42.9.legacy.i686.rpm
• RedHat kernel-BOOT-2.4.20-42.9.legacy.i386.rpmRedHat Linux 9
  
  http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-BOOT-2.4
  .20-42.9.legacy.i386.rpm
• RedHat kernel-doc-2.4.20-42.9.legacy.i386.rpmRedHat Linux 9
  
  http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-doc-2.4.
  20-42.9.legacy.i386.rpm
• RedHat kernel-smp-2.4.20-42.9.legacy.athlon.rpmRedHat Linux 9
  
  http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.
  20-42.9.legacy.athlon.rpm
• RedHat kernel-smp-2.4.20-42.9.legacy.i586.rpmRedHat Linux 9
  
  http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.
  20-42.9.legacy.i586.rpm
• RedHat kernel-smp-2.4.20-42.9.legacy.i686.rpmRedHat Linux 9
  
  http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.
  20-42.9.legacy.i686.rpm
• RedHat kernel-source-2.4.20-42.9.legacy.i386.rpmRedHat Linux 9
  
  http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-source-2
  .4.20-42.9.legacy.i386.rpm
• SuSE k_athlon-2.4.20-131.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_athlon-2.4.20-1
  31.i586.rpm
• SuSE k_deflt-2.4.20-131.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_deflt-2.4.20-13
  1.i586.rpm
• SuSE k_psmp-2.4.20-131.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_psmp-2.4.20-131
  .i586.rpm
• SuSE k_smp-2.4.20-131.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_smp-2.4.20-131.
  i586.rpm
• SuSE kernel-source-2.4.20.SuSE-131.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/kernel-source-2.4
  .20.SuSE-131.i586.rpm

Linux kernel 2.4.21

• SuSE Intel-536ep-4.62-23.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/Intel-536ep-4.62-
  23.i586.rpm
• SuSE Intel-v92ham-4.53-23.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/Intel-v92ham-4.53
  -23.i586.rpm
• SuSE k_athlon-2.4.21-280.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_athlon-2.4.21-2
  80.i586.rpm
• SuSE k_deflt-2.4.21-280.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_deflt-2.4.21-28
  0.i586.rpm
• SuSE k_deflt-2.4.21-280.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/k_deflt-2.4.2
  1-280.x86_64.rpm
• SuSE k_smp-2.4.21-280.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_smp-2.4.21-280.
  i586.rpm
• SuSE k_smp-2.4.21-280.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/k_smp-2.4.21-
  280.x86_64.rpm
• SuSE k_smp4G-2.4.21-280.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_smp4G-2.4.21-28
  0.i