linux内核SYSFS sysfs/file.c 本地拒绝服务漏洞

漏洞信息详情

linux内核SYSFS sysfs/file.c 本地拒绝服务漏洞

• CNNVD编号：CNNVD-200604-057
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2006-1055
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2006-04-05
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2006-04-05
  
• 厂        商：
  
  linux
• 漏洞来源：
  This issue was dis…

linux内核2.6.12到2.6.17-rc1之前版本的sysfs/file.c文件的file_write_buffer函数在请求大小为PAGE_SIZE或更大的缓存时没有清零结束一个缓存，那可能允许本地用户通过一个越界的读操作发起拒绝服务攻击(会导致崩溃)。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Trustix Secure Linux 2.2

Trustix clamav-0.88.1-1tr.i586.rpm

TSL 2.2

ftp://ftp.trustix.org/pub/trustix/updates

Trustix clamav-devel-0.88.1-1tr.i586.rpm

TSL 2.2

ftp://ftp.trustix.org/pub/trustix/updates

Trustix php4-cli-4.4.2-2tr.i586.rpm

TSL 2.2

ftp://ftp.trustix.org/pub/trustix/updates

Trustix php4-curl-4.4.2-2tr.i586.rpm

TSL 2.2

ftp://ftp.trustix.org/pub/trustix/updates

Trustix php4-devel-4.4.2-2tr.i586.rpm

TSL 2.2

ftp://ftp.trustix.org/pub/trustix/updates

Trustix php4-domxml-4.4.2-2tr.i586.rpm

TSL 2.2

ftp://ftp.trustix.org/pub/trustix/updates

Trustix php4-exif-4.4.2-2tr.i586.rpm

TSL 2.2

ftp://ftp.trustix.org/pub/trustix/updates

Trustix php4-fcgi-4.4.2-2tr.i586.rpm

TSL 2.2

ftp://ftp.trustix.org/pub/trustix/updates

Trustix php4-gd-4.4.2-2tr.i586.rpm

TSL 2.2

ftp://ftp.trustix.org/pub/trustix/updates

Trustix php4-imap-4.4.2-2tr.i586.rpm

TSL 2.2

ftp://ftp.trustix.org/pub/trustix/updates

Trustix php4-ldap-4.4.2-2tr.i586.rpm

TSL 2.2

ftp://ftp.trustix.org/pub/trustix/updates

Trustix php4-mhash-4.4.2-2tr.i586.rpm

TSL 2.2

ftp://ftp.trustix.org/pub/trustix/updates

Trustix php4-mysql-4.4.2-2tr.i586.rpm

TSL 2.2

ftp://ftp.trustix.org/pub/trustix/updates

Trustix php4-pgsql-4.4.2-2tr.i586.rpm

TSL 2.2

ftp://ftp.trustix.org/pub/trustix/updates

Trustix php4-test-4.4.2-2tr.i586.rpm

TSL 2.2

ftp://ftp.trustix.org/pub/trustix/updates

Linux kernel 2.6.13

SuSE Intel-536ep-4.69-14.5.i586.rpm

SUSE LINUX 10.0:

ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/Intel-536ep-4.69 -14.5.i586.rpm

SuSE kernel-bigsmp-2.6.13-15.10.i586.rpm

SUSE LINUX 10.0:

ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-bigsmp-2. 6.13-15.10.i586.rpm

SuSE kernel-bigsmp-nongpl-2.6.13-15.10.i586.rpm

SUSE LINUX 10.0:

ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-bigsmp-no ngpl-2.6.13-15.10.i586.rpm

SuSE kernel-default-2.6.13-15.10.i586.rpm

SUSE LINUX 10.0:

ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-default-2 .6.13-15.10.i586.rpm

SuSE kernel-default-nongpl-2.6.13-15.10.i586.rpm

SUSE LINUX 10.0:

ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-default-n ongpl-2.6.13-15.10.i586.rpm

SuSE kernel-smp-2.6.13-15.10.i586.rpm

SUSE LINUX 10.0:

ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-smp-2.6.1 3-15.10.i586.rpm

SuSE kernel-smp-nongpl-2.6.13-15.10.i586.rpm

SUSE LINUX 10.0:

ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-smp-nongp l-2.6.13-15.10.i586.rpm

SuSE kernel-source-2.6.13-15.10.i586.rpm

SUSE LINUX 10.0:

ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-source-2. 6.13-15.10.i586.rpm

SuSE kernel-syms-2.6.13-15.10.i586.rpm

SUSE LINUX 10.0:

ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-syms-2.6. 13-15.10.i586.rpm

SuSE kernel-um-2.6.13-15.10.i586.rpm

SUSE LINUX 10.0:

ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-um-2.6.13 -15.10.i586.rpm

SuSE kernel-um-nongpl-2.6.13-15.10.i586.rpm

SUSE LINUX 10.0:

ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-um-nongpl -2.6.13-15.10.i586.rpm

SuSE kernel-xen-2.6.13-15.10.i586.rpm

SUSE LINUX 10.0:

ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-xen-2.6.1 3-15.10.i586.rpm

SuSE kernel-xen-nongpl-2.6.13-15.10.i586.rpm

SUSE LINUX 10.0:

ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-xen-nongp l-2.6.13-15.10.i586.rpm

SuSE um-host-kernel-2.6.13-15.10.i586.rpm

SUSE LINUX 10.0:

ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/um-host-kernel-2 .6.13-15.10.i586.rpm

Linux kernel 2.6.15

RedHat kernel-2.6.16-1.2096_FC5.i586.rpm

Fedora Core 5

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat kernel-2.6.16-1.2096_FC5.i686.rpm

Fedora Core 5

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat kernel-2.6.16-1.2096_FC5.ppc.rpm

Fedora Core 5

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat kernel-2.6.16-1.2096_FC5.x86_64.rpm

Fedora Core 5

http://download.fedora.redhat.com/pub/fedora/linux/

来源: www.kernel.org

链接:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=6e0dd741a89be35defa05bd79f4211c5a2762825;hp=597a7679dd83691be2f3a53e1f3f915b4a7f6eba

来源: www.kernel.org

链接:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6e0dd741a89be35defa05bd79f4211c5a2762825

来源: XF

名称: linux-fillwritebuffer-dos(25693)

链接:http://xforce.iss.net/xforce/xfdb/25693

来源: UBUNTU

名称: USN-281-1

链接:http://www.ubuntulinux.org/support/documentation/usn/usn-281-1

来源: UBUNTU

名称: USN-302-1

链接:http://www.ubuntu.com/usn/usn-302-1

来源: TRUSTIX

名称: 2006-0020

链接:http://www.trustix.org/errata/2006/0020

来源: BID

名称: 17402

链接:http://www.securityfocus.com/bid/17402

来源: OSVDB

名称: 24443

链接:http://www.osvdb.org/24443

来源: SUSE

名称: SUSE-SA:2006:028

链接:http://www.novell.com/linux/security/advisories/2006-05-31.html

来源: VUPEN

名称: ADV-2006-1475

链接:http://www.frsirt.com/english/advisories/2006/1475

来源: VUPEN

名称: ADV-2006-1273

链接:http://www.frsirt.com/english/advisories/2006/1273

来源: SECUNIA

名称: 20716

链接:http://secunia.com/advisories/20716

来源: SECUNIA

名称: 20398

链接:http://secunia.com/advisories/20398

来源: SECUNIA

名称: 19955

链接:http://secunia.com/advisories/19955

来源: SECUNIA

名称: 19735

链接:http://secunia.com/advisories/19735

来源: SECUNIA

名称: 19495

链接:http://secunia.com/advisories/19495

来源: FEDORA

名称: FEDORA-2006-423

链接:http://lwn.net/Alerts/180820/