漏洞信息详情
Linux Kernel Vicam USB驱动用户空间/内核内存拷贝漏洞
- CNNVD编号:CNNVD-200403-075
- 危害等级: 低危
- CVE编号: CVE-2004-0075
- 漏洞类型: 设计错误
- 发布时间: 2004-02-18
- 威胁类型: 本地
- 更新时间: 2005-05-13
- 厂 商: linux
- 漏洞来源: Red Hat advisory
漏洞简介
Linux是一款开放源代码操作系统。 Linux内核Vicam USB驱动不安全访问用户空间内存,本地攻击者可以利用这个漏洞进行拒绝服务攻击,或提升权限。 Vicam USB驱动没有使用copy_from_user函数来访问用户空间,可能导致拒绝服务攻击,或提升权限。目前没有详细漏洞细节提供。
漏洞公告
厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Linux Upgrade linux-2.4.25.tar.bz2
http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.25.tar.bz2 RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2004:065-01)以及相应补丁:
RHSA-2004:065-01:Updated kernel packages resolve security vulnerabilities
链接:https://www.redhat.com/support/errata/RHSA-2004-065.HTML
补丁下载:
Red Hat Linux 9:
SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/kernel-2.4.20-30.9.src.rpm
athlon:
ftp://updates.redhat.com/9/en/os/athlon/kernel-2.4.20-30.9.athlon.rpm
ftp://updates.redhat.com/9/en/os/athlon/kernel-smp-2.4.20-30.9.athlon.rpm
i386:
ftp://updates.redhat.com/9/en/os/i386/kernel-2.4.20-30.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-BOOT-2.4.20-30.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-doc-2.4.20-30.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-source-2.4.20-30.9.i386.rpm
i686:
ftp://updates.redhat.com/9/en/os/i686/kernel-2.4.20-30.9.i686.rpm
ftp://updates.redhat.com/9/en/os/i686/kernel-bigmem-2.4.20-30.9.i686.rpm
ftp://updates.redhat.com/9/en/os/i686/kernel-smp-2.4.20-30.9.i686.rpm
可使用下列命令安装补丁:
rpm -Fvh [文件名] S.u.S.E. -------- S.u.S.E.已经为此发布了一个安全公告(SuSE-SA:2004:005)以及相应补丁:
SuSE-SA:2004:005:Linux Kernel
链接:
补丁下载:
SuSE Upgrade k_deflt-2.4.20-105.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_deflt-2.4.20-105.i586.rpm
Intel i386 Platform
SuSE Upgrade k_athlon-2.4.20-105.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_athlon-2.4.20-105.i586.rpm
Intel i386 Platform
SuSE Upgrade k_psmp-2.4.20-105.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_psmp-2.4.20-105.i586.rpm
Intel i386 Platform
SuSE Upgrade k_smp-2.4.20-105.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_smp-2.4.20-105.i586.rpm
Intel i386 Platform
SuSE Upgrade k_deflt-2.4.21-192.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_deflt-2.4.21-192.i586.rpm
Intel i386 Platform
SuSE Upgrade k_smp-2.4.21-192.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_smp-2.4.21-192.i586.rpm
Intel i386 Platform
SuSE Upgrade k_smp4G-2.4.21-192.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_smp4G-2.4.21-192.i586.rpm
Intel i386 Platform
SuSE Upgrade k_um-2.4.21-192.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_um-2.4.21-192.i586.rpm
Intel i386 Platform
SuSE Upgrade k_athlon-2.4.21-192.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_athlon-2.4.21-192.i586.rpm
Intel i386 Platform
SuSE Upgrade k_deflt-2.4.21-189.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_deflt-2.4.21-189.i586.rpm
Intel i386 Platform/SuSE 8.1
SuSE Upgrade k_athlon-2.4.21-189.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_athlon-2.4.21-189.i586.rpm
Intel i386 Platform/SuSE 8.1
SuSE Upgrade k_psmp-2.4.21-189.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_psmp-2.4.21-189.i586.rpm
Intel i386 Platform/SuSE 8.1
SuSE Upgrade k_smp-2.4.21-189.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_smp-2.4.21-189.i586.rpm
Intel i386 Platform/SuSE 8.1
SuSE Upgrade k_deflt-2.4.21-201.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/k_deflt-2.4.21-201.x86_64.rpm
x86_64/SuSE 9.0
SuSE Upgrade k_smp-2.4.21-201.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/k_smp-2.4.21-201.x86_64.rpm
x86_64/SuSE 9.0
参考网址
来源: BID 名称: 9690 链接:http://www.securityfocus.com/bid/9690 来源: REDHAT 名称: RHSA-2004:065 链接:http://www.redhat.com/support/errata/RHSA-2004-065.HTML 来源: XF 名称: linux-vicam-dos(15246) 链接:http://xforce.iss.net/xforce/xfdb/15246 来源: REDHAT 名称: RHSA-2005:293 链接:http://www.redhat.com/support/errata/RHSA-2005-293.HTML 来源: SUSE 名称: SuSE-SA:2004:005 链接:http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.HTML 来源: CIAC 名称: O-082 链接:http://www.ciac.org/ciac/bulletins/o-082.sHTML 来源: MANDRAKE 名称: MDKSA-2004:015 链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:015 来源: CONECTIVA 名称: CLA-2004:846 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846 来源: US Government Resource: oval:org.mitre.oval:def:836 名称: oval:org.mitre.oval:def:836 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:836
受影响实体
- Linux Linux_kernel:2.4.18:Pre3
- Linux Linux_kernel:2.4.18:Pre2
- Linux Linux_kernel:2.4.18:X86
- Linux Linux_kernel:2.4.18
- Linux Linux_kernel:2.4.17
补丁
暂无
评论