Linux Kernel 2.4 XDR数据包处理NFSv3远程服务拒绝漏洞

admin

0
文章

0
评论

2022-07-18 15:20:16 CNNVD漏洞来源：ZONE.CI 全球网 0 阅读模式

漏洞信息详情

Linux Kernel 2.4 XDR数据包处理NFSv3远程服务拒绝漏洞

CNNVD编号：CNNVD-200308-155
危害等级：低危
CVE编号： CVE-2003-0619
漏洞类型：边界条件错误
发布时间： 2003-08-27
威胁类型：远程
更新时间： 2005-10-20
厂商： linux
漏洞来源： .');">Discovery of this ...

漏洞简介

Linux kernel 2.4.21之前版本的nfs3xdr.c的decode_fh函数中存在整数符号错误漏洞。远程攻击者可以借助NFSv3进程调用的XDR数据中的负值导致服务拒绝（内核恐慌）。

漏洞公告

SuSE has released advisory SUSE-SA:2004:035 mainly to address the vulnerability described in BID 11281. However, in the addendum of this advisory, it is reported that fixes for the issues described in this BID are now available on the SuSE update FTP server for download. Customers are advised to see the referenced advisory for further information regarding obtaining and applying appropriate updates. Debian has released advisory DSA 358-4 to address this issue. Red Hat has released an advisory (RHSA-2003:198-16) containing updated IA64 fixes for Red Hat Enterprise Linux AS (v. 2.1) and Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor. These fixes are only available through the Red Hat Network which can be found at http://rhn.redhat.com/. Red Hat has also released an advisory (RHSA-2003-239) containing kernel fixes for Red Hat Enterprise Linux AS, ES, and WS(v. 2.1). These fixes are also only available through the Red Hat Network which can be found at http://rhn.redhat.com/. Red Hat security advisory RHSA-2003:172-27 has been released to address this and other issues. However, this advisory is superceded by RHBA-2003:263-05, which addresses unrelated bugs but provides Kernel updates that include more recent fixes for this and other security vulnerabilities. Conectiva has released a security advisory (CLSA-2003:730) containing fixes to address this issue in CLEE 1.0. Users are advised to upgrade as soon as possible. Conectiva has released a security advisory (CLA-2003:796) containing fixes to address this issue in Conectiva Linux 8. SuSE has released advisory SUSE-SA:2004:028 along with fixes dealing with this issue. Please see the referenced advisory for more information. SuSE has released a second advisory dealing with this issue. Apparently the kernel shipped with SuSE Linux versions 8.1, 8.2, and 9.0 were not patched for this issue. Please see the referenced advisory for more information. RedHat kernel-2.4.18-3.i686.rpm

Red Hat kernel-2.4.20-20.7.i686.rpm ftp://updates.redhat.com/7.3/en/os/i686/kernel-2.4.20-20.7.i686.rpm

RedHat kernel-2.4.2-2.i386.rpm

Red Hat kernel-2.4.20-20.7.athlon.rpm ftp://updates.redhat.com/7.1/en/os/athlon/kernel-2.4.20-20.7.athlon.rp m
Red Hat kernel-2.4.20-20.7.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.20-20.7.i386.rpm

RedHat kernel-source-2.4.18-14.i386.rpm

Red Hat kernel-source-2.4.20-20.8.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/kernel-source-2.4.20-20.8.i386 .rpm

RedHat kernel-bigmem-2.4.18-14.i686.rpm

Red Hat kernel-bigmem-2.4.20-20.8.i686.rpm ftp://updates.redhat.com/8.0/en/os/i686/kernel-bigmem-2.4.20-20.8.i686 .rpm

RedHat kernel-BOOT-2.4.7-10.i386.rpm

Red Hat kernel-BOOT-2.4.20-20.7.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/kernel-BOOT-2.4.20-20.7.i386.r pm

RedHat kernel-doc-2.4.2-2.i386.rpm

Red Hat kernel-doc-2.4.20-20.7.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.20-20.7.i386.rp m

RedHat kernel-2.4.20-8.athlon.rpm

Red Hat kernel-2.4.20-20.9.athlon.rpm ftp://updates.redhat.com/9/en/os/athlon/kernel-2.4.20-20.9.athlon.rpm

RedHat kernel-source-2.4.2-2.i386.rpm

Red Hat kernel-source-2.4.20-20.7.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.20-20.7.i386 .rpm

RedHat kernel-2.4.7-10.athlon.rpm

Red Hat kernel-2.4.20-20.7.athlon.rpm ftp://updates.redhat.com/7.2/en/os/athlon/kernel-2.4.20-20.7.athlon.rp m

RedHat kernel-doc-2.4.18-3.i386.rpm

Red Hat kernel-doc-2.4.20-20.7.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/kernel-doc-2.4.20-20.7.i386.rp m

RedHat kernel-BOOT-2.4.20-8.i386.rpm

Red Hat kernel-BOOT-2.4.20-20.9.i386.rpm ftp://updates.redhat.com/9/en/os/i386/kernel-BOOT-2.4.20-20.9.i386.rpm

RedHat kernel-2.4.20-8.i586.rpm

Red Hat kernel-2.4.20-20.9.i386.rpm ftp://updates.redhat.com/9/en/os/i386/kernel-2.4.20-20.9.i386.rpm
Red Hat kernel-2.4.20-20.9.i586.rpm ftp://updates.redhat.com/9/en/os/i586/kernel-2.4.20-20.9.i586.rpm

RedHat kernel-2.4.7-10.i686.rpm

Red Hat kernel-2.4.20-20.7.i686.rpm ftp://updates.redhat.com/7.2/en/os/i686/kernel-2.4.20-20.7.i686.rpm
Red Hat kernel-bigmem-2.4.20-20.7.i686.rpm ftp://updates.redhat.com/7.2/en/os/i686/kernel-bigmem-2.4.20-20.7.i686 .rpm

RedHat kernel-bigmem-2.4.20-8.i686.rpm

Red Hat kernel-bigmem-2.4.20-20.9.i686.rpm ftp://updates.redhat.com/9/en/os/i686/kernel-bigmem-2.4.20-20.9.i686.r pm

RedHat kernel-source-2.4.20-8.i386.rpm

Red Hat kernel-source-2.4.20-20.9.i386.rpm ftp://updates.redhat.com/9/en/os/i386/kernel-source-2.4.20-20.9.i386.r pm

RedHat kernel-2.4.20-8.i686.rpm

Red Hat kernel-2.4.20-20.9.i686.rpm ftp://updates.redhat.com/9/en/os/i686/kernel-2.4.20-20.9.i686.rpm

RedHat kernel-BOOT-2.4.18-3.i386.rpm

Red Hat kernel-BOOT-2.4.20-20.7.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/kernel-BOOT-2.4.20-20.7.i386.r pm

RedHat kernel-doc-2.4.18-14.i386.rpm

Red Hat kernel-doc-2.4.20-20.8.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/kernel-doc-2.4.20-20.8.i386.rp m

RedHat kernel-BOOT-2.4.2-2.i386.rpm

Red Hat kernel-BOOT-2.4.20-20.7.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.20-20

参考网址

来源: REDHAT 名称: RHSA-2003:198 链接:http://www.redhat.com/support/errata/RHSA-2003-198.HTML 来源: DEBIAN 名称: DSA-358 链接:http://www.debian.org/security/2004/dsa-358 来源: BUGTRAQ 名称: 20030729 Remote Linux Kernel < 2.4.21="" dos="" in="" xdr="" routine.="" 链接:http://marc.theaimsgroup.com/?l="bugtraq&m=105950927708272&w=2" 来源:="" redhat="" 名称:="" rhsa-2003:239="" 链接:http://www.redhat.com/support/errata/rhsa-2003-239.HTML="" 来源:="" us="" government="" resource:="" oval:org.mitre.oval:def:386="" 名称:="" oval:org.mitre.oval:def:386="" 链接:http://oval.mitre.org/repository/data/getdef?id="oval:org.mitre.oval:def:386">