Linux Kernel TIOCSETD终端子系统竞态条件漏洞

admin

0
文章

0
评论

2022-07-22 13:19:46 CNNVD漏洞来源：ZONE.CI 全球网 0 阅读模式

漏洞信息详情

Linux Kernel TIOCSETD终端子系统竞态条件漏洞

CNNVD编号：CNNVD-200412-092
危害等级：低危
CVE编号： CVE-2004-0814
漏洞类型：竞争条件
发布时间： 2004-12-23
威胁类型：本地
更新时间： 2005-10-20
厂商： linux
漏洞来源： This issue was ann...

漏洞简介

Linux 2.6.9以前的2.4.x，和2.6.x版本的终端层存在多个竞态条件漏洞。（1）本地用户通过调用TIOCSETD ioctl到正在访问另一个线程的终端接口获得核心数据部分，或者（2）远程攻击者通过从控制台切换到PPP线路规则导致服务拒绝，然后迅速发送交换机接收到的数据。

漏洞公告

This issue has been addressed in version 2.6.9 of the Linux Kernel. Patches are also available for 2.4.x releases. The Fedora Legacy project has released advisory FLSA:2336 to address this issue for Red Hat Fedora Core 1, Red Hat Linux 7.3 and 9. Please see the referenced advisory for further information. Ubuntu Linux has released advisory USN-38-1 along with fixes to address this, and other issues. Please see the referenced advisory for further information. MandrakeSoft has issued fixes in advisory MDKSA-2005:022. See reference section. TurboLinux has released Turbolinux Security Announcement 28/Feb/2005 dealing with this and other issues. Please see the referenced advisory for more information. SuSE Linux has released advisory SUSE-SA:2005:018 along with fixes dealing with this and other issues. Please see the referenced advisory for more information. Red Hat released advisory RHSA-2005:293-16 as well as fixes to address this and other issues on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisories for additional information. Avaya has released advisory ASA-2005-120 stating which Avaya products are vulnerable to this issue. Please see the referenced advisory for further details. No Avaya fixes are currently available. Linux kernel 2.4.20

RedHat kernel-2.4.20-42.9.legacy.athlon.rpmRedHat Linux 9 http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-4 2.9.legacy.athlon.rpm
RedHat kernel-2.4.20-42.9.legacy.i386.rpmRedHat Linux 9 http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-4 2.9.legacy.i386.rpm
RedHat kernel-2.4.20-42.9.legacy.i586.rpmRedHat Linux 9 http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-4 2.9.legacy.i586.rpm
RedHat kernel-2.4.20-42.9.legacy.i686.rpmRedHat Linux 9 http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-4 2.9.legacy.i686.rpm
RedHat kernel-bigmem-2.4.20-42.9.legacy.i686.rpmRedHat Linux 9 http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-bigmem-2 .4.20-42.9.legacy.i686.rpm
RedHat kernel-BOOT-2.4.20-42.9.legacy.i386.rpmRedHat Linux 9 http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-BOOT-2.4 .20-42.9.legacy.i386.rpm
RedHat kernel-doc-2.4.20-42.9.legacy.i386.rpmRedHat Linux 9 http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-doc-2.4. 20-42.9.legacy.i386.rpm
RedHat kernel-smp-2.4.20-42.9.legacy.athlon.rpmRedHat Linux 9 http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4. 20-42.9.legacy.athlon.rpm
RedHat kernel-smp-2.4.20-42.9.legacy.i586.rpmRedHat Linux 9 http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4. 20-42.9.legacy.i586.rpm
RedHat kernel-smp-2.4.20-42.9.legacy.i686.rpmRedHat Linux 9 http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4. 20-42.9.legacy.i686.rpm
RedHat kernel-source-2.4.20-42.9.legacy.i386.rpmRedHat Linux 9 http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-source-2 .4.20-42.9.legacy.i386.rpm
SuSE k_athlon-2.4.20-131.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_athlon-2.4.20-1 31.i586.rpm
SuSE k_deflt-2.4.20-131.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_deflt-2.4.20-13 1.i586.rpm
SuSE k_psmp-2.4.20-131.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_psmp-2.4.20-131 .i586.rpm
SuSE k_smp-2.4.20-131.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_smp-2.4.20-131. i586.rpm
SuSE kernel-source-2.4.20.SuSE-131.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/kernel-source-2.4 .20.SuSE-131.i586.rpm

Linux kernel 2.4.21

SuSE Intel-536ep-4.62-23.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/Intel-536ep-4.62- 23.i586.rpm
SuSE Intel-v92ham-4.53-23.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/Intel-v92ham-4.53 -23.i586.rpm
SuSE k_athlon-2.4.21-280.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_athlon-2.4.21-2 80.i586.rpm
SuSE k_deflt-2.4.21-280.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_deflt-2.4.21-28 0.i586.rpm
SuSE k_deflt-2.4.21-280.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/k_deflt-2.4.2 1-280.x86_64.rpm
SuSE k_smp-2.4.21-280.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_smp-2.4.21-280. i586.rpm
SuSE k_smp-2.4.21-280.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/k_smp-2.4.21- 280.x86_64.rpm
SuSE k_smp4G-2.4.21-280.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_smp4G-2.4.21-28 0.i

参考网址

来源: XF 名称: linux-tiocsetd-race-condition(17816) 链接:http://xforce.iss.net/xforce/xfdb/17816 来源: BID 名称: 11492 链接:http://www.securityfocus.com/bid/11492 来源: BID 名称: 11491 链接:http://www.securityfocus.com/bid/11491 来源: FEDORA 名称: FLSA:2336 链接:https://bugzilla.fedora.us/show_bug.cgi?id=2336 来源: BUGTRAQ 名称: 20041020 CAN-2004-0814: Linux terminal layer races 链接:http://www.securityfocus.com/archive/1/379005 来源: OVAL 名称: oval:org.mitre.oval:def:10728 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10728 来源: BUGTRAQ 名称: 20041214 [USN-38-1] Linux kernel vulnerabilities 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2 来源: bugzilla.redhat.com 链接:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110 来源: bugzilla.redhat.com 链接:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672 来源: REDHAT 名称: RHSA-2005:293 链接:http://www.redhat.com/support/errata/RHSA-2005-293.HTML 来源: MANDRAKE 名称: MDKSA-2005:022 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2005:022