Linux Kernel Get_Compat_Timespec和PTrace本地拒绝服务漏洞
| CNNVD-ID编号 | CNNVD-200601-384 | CVE编号 | CVE-2006-0482 |
| 发布时间 | 2006-01-31 | 更新时间 | 2006-02-01 |
| 漏洞类型 | 设计错误 | 漏洞来源 | Ludovic Courts reported the 'get_compat_timespec()' issue. The original discoverer of the 'ptrace()' issue is currently unknown. |
| 危险等级 | 低危 | 威胁类型 | 本地 |
| 厂商 | linux | ||
漏洞介绍
Linux kernel 2.6.15.1及更早版本在SPARC体系架构上运行时,本地用户可以通过\"date -s\"命令,向get_compat_timespec函数调用提供无效的符号扩展参数,从而使系统拒绝服务(挂起)。
漏洞补丁
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Linux kernel 2.6 -test6
Linux linux-2.6.15.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2
Linux kernel 2.6 -test4
Linux linux-2.6.15.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2
Linux kernel 2.6 -test2
Linux linux-2.6.15.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2
Linux kernel 2.6 -test11
Linux linux-2.6.15.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2
Linux kernel 2.6 -test9-CVS
Linux linux-2.6.15.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2
Linux kernel 2.6
Linux linux-2.6.15.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2
Linux kernel 2.6 -test3
Linux linux-2.6.15.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2
Linux kernel 2.6 .10
Linux linux-2.6.15.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2
Linux kernel 2.6 -test5
Linux linux-2.6.15.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2
Linux kernel 2.6 -test1
Linux linux-2.6.15.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2
Linux kernel 2.6 -test7
Linux linux-2.6.15.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2
Linux kernel 2.6 -test9
Linux linux-2.6.15.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2
Linux kernel 2.6 -test8
Linux linux-2.6.15.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2
Linux kernel 2.6 -test10
Linux linux-2.6.15.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2
Linux kernel 2.6.1 -rc1
Linux linux-2.6.15.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2
Linux kernel 2.6.1 -rc2
Linux linux-2.6.15.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2
Linux kernel 2.6.1
Linux linux-2.6.15.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2
Linux kernel 2.6.10 rc2
Linux linux-2.6.15.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2
Linux kernel 2.6.10
Linux linux-2.6.15.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2
Ubuntu acpi-modules-2.6.10-6-386-di_2.6.10-34.17_i386.udeb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.10/acpi -modules-2.6.10-6-386-di_2.6.10-34.17_i386.udeb
Ubuntu acpi-modules-2.6.10-6-amd64-generic-di_2.6.10-34.17_amd64.udeb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.10/acpi -modules-2.6.10-6-amd64-generic-di_2.6.10-34.17_amd64.udeb
Ubuntu affs-modules-2.6.10-6-power3-di_2.6.10-34.17_powerpc.udeb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.10/affs -modules-2.6.10-6-power3-di_2.6.10-34.17_powerpc.udeb
Ubuntu affs-modules-2.6.10-6-power4-di_2.6.10-34.17_powerpc.udeb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.10/affs -modules-2.6.10-6-power4-di_2.6.10-34.17_powerpc.udeb
Ubuntu affs-modules-2.6.10-6-powerpc-di_2.6.10-34.17_powerpc.udeb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.10/affs -modules-2.6.10-6-powerpc-di_2.6.10-34.17_powerpc.udeb
Ubuntu cdrom-core-modules-2.6.10-6-386-di_2.6.10-34.17_i386.udeb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.10/cdro m-core-modules-2.6.10-6-386-di_2.6.10-34.17_i386.udeb
Ubuntu cdrom-core-modules-2.6.10-6-amd64-generic-di_2.6.10-34.17_amd64.udeb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.10/cdro m-core-modules-2.6.10-6-amd64-generic-di_2.6.10-34.17_amd64.udeb
Ubuntu cdrom-core-modules-2.6.10-6-power3-di_2.6.10-34.17_powerpc.udeb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.10/cdro m-core-modules-2.6.10-6-power3-di_2.6.10-34.17_powerpc.udeb
Ubuntu cdrom-core-modules-2.6.10-6-power4-di_2.6.10-34.17_powerpc.udeb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/l/li
参考网址
来源: MLIST
名称: [linux-sparc] 20060130 Re: Attempts to set date with 'date -s' hang the machine
链接:http://marc.theaimsgroup.com/?l=linux-sparc&m=113861287813463&w=2
来源: MLIST
名称: [linux-sparc] 20060130 Attempts to set date with 'date -s' hang the machine
链接:http://marc.theaimsgroup.com/?l=linux-sparc&m=113861010514065&w=2
来源: MLIST
名称: [debian-sparc] 20060128 `date -s' on sparc64
链接:http://lists.debian.org/debian-sparc/2006/01/msg00129.html
来源: XF
名称: kernel-date-s-dos(24475)
链接:http://xforce.iss.net/xforce/xfdb/24475
来源: BID
名称: 17216
链接:http://www.securityfocus.com/bid/17216
来源: VUPEN
名称: ADV-2006-0418
链接:http://www.frsirt.com/english/advisories/2006/0418
来源: DEBIAN
名称: DSA-1017
链接:http://www.debian.org/security/2006/dsa-1017
受影响实体
Linux Linux_kernel:2.6.14.4 Linux Linux_kernel:2.6.14:Rc1 Linux Linux_kernel:2.6.14:Rc2 Linux Linux_kernel:2.6.14:Rc3 Linux Linux_kernel:2.6.14:Rc4信息来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200601-384
评论