漏洞信息详情
Linux Kernel tty_ldisc_hangup函数空指针解引用拒绝服务漏洞
- CNNVD编号:CNNVD-200909-039
- 危害等级: 低危
- CVE编号: CVE-2009-3043
- 漏洞类型: 资源管理错误
- 发布时间: 2009-08-19
- 威胁类型: 本地
- 更新时间: 2009-09-24
- 厂 商: linux
- 漏洞来源: Eric W. Biederman
漏洞简介
Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。NFSv4 implementation是其中的一个分布式文件系统协议。 如果本地用户执行了某些伪终端I/O操作,就可以在Linux Kernel的drivers/char/tty_ldisc.c文件的tty_ldisc_hangup函数中触发空指针解引用,导致系统崩溃。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: http://www.kernel.org/pub/linux/kernel/v2.6/testing/linux-2.6.31-rc8.tar.bz2
参考网址
来源: BID 名称: 36191 链接:http://www.securityfocus.com/bid/36191 来源: MLIST 名称: [oss-security] 20090904 Re: CVE request: kernel: tty: make sure to flush any pending work when halting the ldisc 链接:http://www.openwall.com/lists/oss-security/2009/09/03/7 来源: MLIST 名称: [oss-security] 20090903 Re: CVE request: kernel: tty: make sure to flush any pending work when halting the ldisc 链接:http://www.openwall.com/lists/oss-security/2009/09/03/6 来源: MLIST 名称: [oss-security] 20090831 CVE request: kernel: tty: make sure to flush any pending work when halting the ldisc 链接:http://www.openwall.com/lists/oss-security/2009/08/31/1 来源: www.kernel.org 链接:http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc8 来源: MLIST 名称: [linux-kernel] 20090820 Re: v2.6.31-rc6: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 链接:http://lkml.org/lkml/2009/8/20/68 来源: MLIST 名称: [linux-kernel] 20090819 Re: v2.6.31-rc6: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 链接:http://lkml.org/lkml/2009/8/20/27 来源: MLIST 名称: [linux-kernel] 20090819 v2.6.31-rc6: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 链接:http://lkml.org/lkml/2009/8/20/21 来源: git.kernel.org 链接:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5c58ceff103d8a654f24769bb1baaf84a841b0cc
受影响实体
- Linux Linux_kernel:2.6.17.10
- Linux Linux_kernel:2.6.17.8
- Linux Linux_kernel:2.6.17.9
- Linux Linux_kernel:2.6.17.11
- Linux Linux_kernel:2.6.17.12
补丁
暂无
评论