漏洞信息详情
Linux Kernel 'fcntl_setlk()' SMP Ordering 本地拒绝服务漏洞
- CNNVD编号:CNNVD-200805-061
- 危害等级: 低危
- CVE编号: CVE-2008-1669
- 漏洞类型: 竞争条件
- 发布时间: 2008-05-07
- 威胁类型: 本地
- 更新时间: 2008-11-15
- 厂 商: linux
- 漏洞来源: Linux Kernel
漏洞简介
Linux kernel 2.6.25.2之前的版本没有为fcntl泛函性应用一个特定的保护机制,这使得本地用户可以并行的执行代码,或者利用竞争条件获得\"对描述符表格的再排序访问\"。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Linux kernel 2.6.20.2
Linux linux-2.6.25.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.2.tar.bz2
Linux kernel 2.6.21-RC3
Linux linux-2.6.25.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.2.tar.bz2
Linux kernel 2.6.23.14
Linux linux-2.6.25.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.2.tar.bz2
Linux kernel 2.6.11.4
Linux linux-2.6.25.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.2.tar.bz2
Linux kernel 2.6.20-rc2
Linux linux-2.6.25.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.2.tar.bz2
Linux kernel 2.6.22-rc1
Linux linux-2.6.25.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.2.tar.bz2
Linux kernel 2.6.20-2
Linux linux-2.6.25.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.2.tar.bz2
Linux kernel 2.6.20.3
Linux linux-2.6.25.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.2.tar.bz2
Linux kernel 2.6.8.1
Linux linux-2.6.25.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.2.tar.bz2
Linux kernel 2.4 .0-test3
Linux linux-2.4.36.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.4/linux-2.4.36.4.tar.bz2
Linux kernel 2.4
Linux linux-2.4.36.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.4/linux-2.4.36.4.tar.bz2
Linux kernel 2.4.11
Linux linux-2.4.36.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.4/linux-2.4.36.4.tar.bz2
Linux kernel 2.4.12
Linux linux-2.4.36.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.4/linux-2.4.36.4.tar.bz2
Linux kernel 2.4.18 pre-2
Linux linux-2.4.36.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.4/linux-2.4.36.4.tar.bz2
Linux kernel 2.4.18 pre-5
Linux linux-2.4.36.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.4/linux-2.4.36.4.tar.bz2
Linux kernel 2.4.19 -pre4
Linux linux-2.4.36.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.4/linux-2.4.36.4.tar.bz2
Linux kernel 2.4.21
Linux linux-2.4.36.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.4/linux-2.4.36.4.tar.bz2
Linux kernel 2.4.23 -pre9
Linux linux-2.4.36.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.4/linux-2.4.36.4.tar.bz2
Linux kernel 2.4.27 -pre2
Linux linux-2.4.36.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.4/linux-2.4.36.4.tar.bz2
Linux kernel 2.4.27 -pre4
Linux linux-2.4.36.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.4/linux-2.4.36.4.tar.bz2
Linux kernel 2.4.29 -rc2
Linux linux-2.4.36.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.4/linux-2.4.36.4.tar.bz2
Linux kernel 2.4.30 rc3
Linux linux-2.4.36.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.4/linux-2.4.36.4.tar.bz2
Linux kernel 2.4.31 -pre1
Linux linux-2.4.36.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.4/linux-2.4.36.4.tar.bz2
Linux kernel 2.4.32 -pre2
Linux linux-2.4.36.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.4/linux-2.4.36.4.tar.bz2
Linux kernel 2.4.32 -pre1
Linux linux-2.4.36.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.4/linux-2.4.36.4.tar.bz2
Linux kernel 2.4.33 -pre1
Linux linux-2.4.36.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.4/linux-2.4.36.4.tar.bz2
Linux kernel 2.4.36 1
Linux linux-2.4.36.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.4/linux-2.4.36.4.tar.bz2
Linux kernel 2.4.5
Linux linux-2.4.36.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.4/linux-2.4.36.4.tar.bz2
Linux kernel 2.6 -test4
Linux linux-2.6.25.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.2.tar.bz2
Linux kernel 2.6 -test9
Linux linux-2.6.25.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.2.tar.bz2
Linux kernel 2.6 -test10
Linux linux-2.6.25.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.2.tar.bz2
Linux kernel 2.6.1
Linux linux-2.6.25.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.2.tar.bz2
Linux kernel 2.6.10 rc2
Linux linux-2.6.25.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.2.tar.bz2
Linux kernel 2.6.11 -rc3
Linux linux-2.6.25.2.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.2.tar.bz2
Linux kernel 2.6.11 .11
Linux
参考网址
来源: BID
名称: 29076
链接:http://www.securityfocus.com/bid/29076
来源: XF
名称: linux-kernel-fcntlsetlk-dos(42242)
链接:http://xforce.iss.net/xforce/xfdb/42242
来源: UBUNTU
名称: USN-618-1
链接:http://www.ubuntu.com/usn/usn-618-1
来源: BUGTRAQ
名称: 20080507 rPSA-2008-0162-1 kernel
链接:http://www.securityfocus.com/archive/1/archive/1/491740/100/0/threaded
来源: REDHAT
名称: RHSA-2008:0237
链接:http://www.redhat.com/support/errata/RHSA-2008-0237.HTML
来源: REDHAT
名称: RHSA-2008:0233
链接:http://www.redhat.com/support/errata/RHSA-2008-0233.HTML
来源: REDHAT
名称: RHSA-2008:0211
链接:http://www.redhat.com/support/errata/RHSA-2008-0211.HTML
来源: MANDRIVA
名称: MDVSA-2008:167
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:167
来源: MANDRIVA
名称: MDVSA-2008:104
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:104
来源: www.kernel.org
链接:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.2
来源: VUPEN
名称: ADV-2008-2222
链接:http://www.frsirt.com/english/advisories/2008/2222/references
来源: SECUNIA
名称: 31246
链接:http://secunia.com/advisories/31246
来源: SECUNIA
名称: 30962
链接:http://secunia.com/advisories/30962
来源: SECUNIA
名称: 30818
链接:http://secunia.com/advisories/30818
来源: SECUNIA
名称: 30769
链接:http://secunia.com/advisories/30769
来源: SECUNIA
名称: 30116
链接:http://secunia.com/advisories/30116
来源: SECUNIA
名称: 30112
链接:http://secunia.com/advisories/30112
来源: SECUNIA
名称: 30110
链接:http://secunia.com/advisories/30110
来源: SECUNIA
名称: 30101
链接:http://secunia.com/advisories/30101
来源: MLIST
名称: [Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix
链接:http://lists.vmware.com/pipermail/security-announce/2008/000023.HTML
来源: SUSE
名称: SUSE-SA:2008:038
链接:http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.HTML
来源: SUSE
名称: SUSE-SA:2008:035
链接:http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.HTML
来源: SUSE
名称: SUSE-SA:2008:032
链接:http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.HTML
来源: SUSE
名称: SUSE-SA:2008:030
链接:http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.HTML
来源: FEDORA
名称: FEDORA-2008-4043
链接:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00357.HTML
来源: FEDORA
名称: FEDORA-2008-3949
链接:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00294.HTML
来源: FEDORA
名称: FEDORA-2008-3873
链接:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00232.HTML
来源: issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-2518
来源: UBUNTU
名称: USN-614-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-614-1
来源: SECTRACK
名称: 1019974
链接:http://www.securitytracker.com/id?1019974
来源: MANDRIVA
名称: MDVSA-2008:105
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
来源: www.kernel.org
链接:http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.4
来源: VUPEN
名称: ADV-2008-1452
链接:http://www.frsirt.com/english/advisories/2008/1452/references
来源: VUPEN
名称: ADV-2008-1451
链接:http://www.frsirt.com/english/advisories/2008/1451/references
来源: DEBIAN
名称: DSA-1575
链接:http://www.debian.org/security/2008/dsa-1575
来源: wiki.rpath.com
链接:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0162
来源: SECUNIA
名称: 30515
链接:http://secunia.com/advisories/30515
来源: SECUNIA
名称: 30276
链接:http://secunia.com/advisories/30276
来源: SECUNIA
名称: 30260
链接:http://secunia.com/advisories/30260
来源: SECUNIA
名称: 30252
链接:http://secunia.com/advisories/30252
来源: SECUNIA
名称: 30164
链接:http://secunia.com/advisories/30164
来源: SECUNIA
名称: 30108
链接:http://secunia.com/advisories/30108
来源: SECUNIA
名称: 30077
链接:http://secunia.com/advisories/30077
受影响实体
- Linux Linux_kernel:2.6_test9_cvs
- Linux Linux_kernel:2.6.9:Rc4
- Linux Linux_kernel:2.6.9:Rc3
- Linux Linux_kernel:2.6.9:Rc2
- Linux Linux_kernel:2.6.9:Rc1
补丁
暂无
评论