Linux kernel 提权漏洞

漏洞信息详情

Linux kernel 提权漏洞

• CNNVD编号：CNNVD-201406-095
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2014-3153
  
• 漏洞类型：
  
  
  权限许可和访问控制问题
  
• 发布时间：
  
  2014-06-09
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2021-02-09
  
• 厂        商：
  
  redhat
• 漏洞来源：

Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。NFSv4 implementation是其中的一个分布式文件系统协议。

Linux kernel 3.14.5及之前版本的kernel/futex.c文件中的‘futex_requeue’函数存在安全漏洞，该漏洞源于程序没有正确处理futex系统调用。本地攻击者可借助特制的FUTEX_REQUEUE命令利用该漏洞获取特权。

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接：

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9c243a5a6de0be8e584c604d353412584b592f8

来源:DEBIAN

链接:https://www.debian.org/security/2014/dsa-2949

来源:CONFIRM

链接:https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8

来源:CONFIRM

链接:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e9c243a5a6de0be8e584c604d353412584b592f8

来源:DEBIAN

链接:http://www.debian.org/security/2014/dsa-2949

来源:CONFIRM

链接:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270

来源:MISC

链接:https://github.com/elongl/CVE-2014-3153

来源:SECUNIA

链接:http://secunia.com/advisories/59262

来源:CONFIRM

链接:http://linux.oracle.com/errata/ELSA-2014-0771.html

来源:CONFIRM

链接:http://linux.oracle.com/errata/ELSA-2014-3038.html

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html

来源:SECUNIA

链接:http://secunia.com/advisories/58990

来源:SECUNIA

链接:http://secunia.com/advisories/59386

来源:CONFIRM

链接:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e

来源:SECUNIA

链接:http://secunia.com/advisories/58500

来源:SECUNIA

链接:http://secunia.com/advisories/59599

来源:MISC

链接:https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html

来源:CONFIRM

链接:http://linux.oracle.com/errata/ELSA-2014-3037.html

来源:BID

链接:http://www.securityfocus.com/bid/67906

来源:CONFIRM

链接:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html

来源:MLIST

链接:http://www.openwall.com/lists/oss-security/2021/02/01/4

来源:MLIST

链接:http://openwall.com/lists/oss-security/2014/06/05/24

来源:MISC

链接:https://www.openwall.com/lists/oss-security/2021/02/01/4

来源:EXPLOIT-DB

链接:http://www.exploit-db.com/exploits/35370

来源:UBUNTU

链接:http://www.ubuntu.com/usn/USN-2240-1

来源:BID

链接:https://www.securityfocus.com/bid/67906

来源:SECTRACK

链接:http://www.securitytracker.com/id/1030451

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html

来源:SECUNIA

链接:http://secunia.com/advisories/59092

来源:UBUNTU

链接:http://www.ubuntu.com/usn/USN-2237-1

来源:CONFIRM

链接:https://bugzilla.redhat.com/show_bug.cgi?id=1103626

来源:SECUNIA

链接:http://secunia.com/advisories/59153

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html

来源:SECUNIA

链接:http://secunia.com/advisories/59029

来源:REDHAT

链接:http://rhn.redhat.com/errata/RHSA-2014-0800.html

来源:SECUNIA

链接:http://secunia.com/advisories/59309

来源:CONFIRM

链接:http://linux.oracle.com/errata/ELSA-2014-3039.html

来源:MLIST

链接:http://openwall.com/lists/oss-security/2014/06/06/20

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html

来源:MLIST

链接:http://www.openwall.com/lists/oss-security/2014/06/05/22