Linux Kernel SYSFS_Write_File本地整数溢出漏洞-一一网

漏洞信息详情

Linux Kernel SYSFS_Write_File本地整数溢出漏洞

CNNVD编号：CNNVD-200412-1126

危害等级：低危
CVE编号：
CVE-2004-2302
漏洞类型：

边界条件错误
发布时间：

2004-12-31
威胁类型：

本地
更新时间：

2010-04-02
厂商：

linux
漏洞来源：
Alexander Nyberg i…

漏洞简介

Linux kernel 2.6.10之前版本的sysfs_read_file和 sysfs_write_file函数存在竞争条件漏洞。本地用户借助sysfs文件的超大偏移读取核心内存和导致服务拒绝（崩溃）。

漏洞公告

SuSE has released advisory SUSE-SA:2005:018 along with fixes dealing with this issue. Please see the referenced advisory for more information.
Ubuntu Linux has released advisory USN-110-1 along with fixes dealing with this issue. Please see the referenced advisory for more information.
RedHat has released advisory RHSA-2005:366-19 to address this, and other issues in RedHat Enterprise Linux 4, and RedHat Desktop 4 operating systems. Please see the referenced advisory for further information.
SUSE has released advisory SUSE-SA:2005:044 to address various issues. Please see the referenced advisory for more information.
Mandriva has released advisory MDKSA-2005:218 to address various issues affecting the Linux Kernel. Please see the referenced advisory for more information.
Mandriva has released advisory MDKSA-2005:219 to address various issues affecting the Linux Kernel in Mandrake Linux 10.1. Please see the referenced advisory for more information.
Debian GNU/Linux has released advisory DSA 922-1, along with fixes to address multiple kernel issues. Please see the referenced advisory for further information.

Linux kernel 2.6.3

Mandriva kernel-source-stripped-2.6.3-29mdk.x86_64.rpmCorporate 3.0/X86_64:

http://www1.mandrivalinux.com/en/ftp.php3
Mandriva kernel-2.6.3.29mdk-1-1mdk.x86_64.rpmCorporate 3.0/X86_64:

http://www1.mandrivalinux.com/en/ftp.php3
Mandriva kernel-enterprise-2.6.3.29mdk-1-1mdk.i586.rpmCorporate 3.0:

http://www1.mandrivalinux.com/en/ftp.php3
Mandriva kernel-secure-2.6.3.29mdk-1-1mdk.i586.rpmCorporate 3.0:

http://www1.mandrivalinux.com/en/ftp.php3
Mandriva kernel-secure-2.6.3.29mdk-1-1mdk.x86_64.rpmCorporate 3.0/X86_64:

http://www1.mandrivalinux.com/en/ftp.php3
Mandriva kernel-smp-2.6.3.29mdk-1-1mdk.i586.rpmCorporate 3.0:

http://www1.mandrivalinux.com/en/ftp.php3
Mandriva kernel-source-2.6.3-29mdk.i586.rpmCorporate 3.0:

http://www1.mandrivalinux.com/en/ftp.php3

Linux kernel 2.6.4

SuSE kernel-bigsmp-2.6.4-54.3.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-bigsmp-2.6
.4-54.3.i586.patch.rpm
SuSE kernel-bigsmp-2.6.5-7.151.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-bigsmp-2.6
.5-7.151.i586.rpm
SuSE kernel-default-2.6.5-7.151.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-default-2.
6.5-7.151.i586.rpm
SuSE kernel-default-2.6.5-7.151.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-defaul
t-2.6.5-7.151.x86_64.rpm
SuSE kernel-docs-2.6.5-7.151.noarch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/noarch/kernel-docs-2.6
.5-7.151.noarch.rpm
SuSE kernel-smp-2.6.5-7.151.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-smp-2.6.5-
7.151.i586.rpm
SuSE kernel-smp-2.6.5-7.151.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-smp-2.
6.5-7.151.x86_64.rpm
SuSE kernel-source-2.6.5-7.151.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-source-2.6
.5-7.151.i586.rpm
SuSE kernel-source-2.6.5-7.151.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-source
-2.6.5-7.151.x86_64.rpm
SuSE kernel-syms-2.6.5-7.151.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-syms-2.6.5
-7.151.i586.rpm
SuSE kernel-syms-2.6.5-7.151.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-syms-2
.6.5-7.151.x86_64.rpm
SuSE ltmodem-2.6.2-38.14.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/ltmodem-2.6.2-38.
14.i586.rpm

Linux kernel 2.6.8 rc1

Mandriva kernel-2.6.8.1.26mdk-1-1mdk.i586.rpmMandriva Linux 10.1:

http://www1.mandrivalinux.com/en/ftp.php3
Mandriva kernel-2.6.8.1.26mdk-1-1mdk.x86_64.rpmMandriva Linux 10.1/X86_64:

http://www1.mandrivalinux.com/en/ftp.php3
Mandriva kernel-enterprise-2.6.8.1.26mdk-1-1mdk.i586.rpmMandriva Linux 10.1:

http://www1.mandrivalinux.com/en/ftp.php3
Mandriva kernel-i586-up-1GB-2.6.8.1.26mdk-1-1mdk.i586.rpmMandriva Linux 10.1:

http://www1.mandrivalinux.com/en/ftp.php3
Mandriva kernel-i686-up-64GB-2.6.8.1.26mdk-1-1mdk.i586.rpmMandriva Linux 10.1:

http://www1.mandrivalinux.com/en/ftp.php3
Mandriva kernel-secure-2.6.8.1.26mdk-1-1mdk.i586.rpmMandriva Linux 10.1:

http://www1.mandrivalinux.com/en/ftp.php3
Mandriva kernel-secure-2.6.8.1.26mdk-1-1mdk.x86_64.rpmMandriva Linux 10.1/X86_64:

http://www1.mandrivalinux.com/en/ftp.php3
Mandriva kernel-smp-2.6.8.1.26mdk-1-1mdk.i586.rpmMandriva Linux 10.1:

http://www1.mandrivalinux.com/en/ftp.php3
Mandriva kernel-smp-2.6.8.1.26mdk-1-1mdk.x86_64.rpmMandriva Linux 10.1/X86_64:

http://www1.mandrivalinux.com/en/ftp.php3
Mandriva kernel-source-2.6-2.6.8.1-26mdk.i586.rpmMandriva Linux 10.1:

http://www1.mandrivalinux.com/en/ftp.php3
Mandriva kernel-source-2.6-2.6.8.1-26mdk.x86_64.rpmMandriva Linux 10.1/X86_64:
http

参考网址

来源: SUSE
名称: SUSE-SA:2005:044
链接:http://www.novell.com/linux/security/advisories/2005_44_kernel.html

来源: linux.bkbits.net:8080
链接:http://linux.bkbits.net:8080/linux-2.6/cset%404186a4deVoR88JjTwMa3ZnIp-_YJsA

来源: kernel.org
链接:http://kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.10-rc1/2.6.10-rc1-mm1/broken-out/fix-race-in-sysfs_read_file-and-sysfs_write_file.patch

来源: BID
名称: 13091
链接:http://www.securityfocus.com/bid/13091

来源: MANDRAKE
名称: MDKSA-2005:219
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2005:219

来源: MANDRAKE
名称: MDKSA-2005:218
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2005:218

来源: DEBIAN
名称: DSA-922
链接:http://www.debian.org/security/2005/dsa-922

来源: SECUNIA
名称: 18056
链接:http://secunia.com/advisories/18056

来源: SECUNIA
名称: 17826
链接:http://secunia.com/advisories/17826