Linux Kernel Get_Compat_Timespec和PTrace本地拒绝服务漏洞

CNNVD-ID编号	CNNVD-200601-384
CVE编号	CVE-2006-0482
发布时间	2006-01-31
更新时间	2006-02-01
漏洞类型	设计错误
漏洞来源	Ludovic Courts reported the 'get_compat_timespec()' issue. The original discoverer of the 'ptrace()' issue is currently unknown.
危险等级	低危
威胁类型	本地
厂商	linux

漏洞介绍

Linux kernel 2.6.15.1及更早版本在SPARC体系架构上运行时，本地用户可以通过\"date -s\"命令，向get_compat_timespec函数调用提供无效的符号扩展参数，从而使系统拒绝服务(挂起)。

漏洞补丁

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Linux kernel 2.6 -test6

Linux linux-2.6.15.2.tar.bz2

http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2

Linux kernel 2.6 -test4

Linux linux-2.6.15.2.tar.bz2

http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2

Linux kernel 2.6 -test2

Linux linux-2.6.15.2.tar.bz2

http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2

Linux kernel 2.6 -test11

Linux linux-2.6.15.2.tar.bz2

http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2

Linux kernel 2.6 -test9-CVS

Linux linux-2.6.15.2.tar.bz2

http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2

Linux kernel 2.6

Linux linux-2.6.15.2.tar.bz2

http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2

Linux kernel 2.6 -test3

Linux linux-2.6.15.2.tar.bz2

http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2

Linux kernel 2.6 .10

Linux linux-2.6.15.2.tar.bz2

http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2

Linux kernel 2.6 -test5

Linux linux-2.6.15.2.tar.bz2

http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2

Linux kernel 2.6 -test1

Linux linux-2.6.15.2.tar.bz2

http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2

Linux kernel 2.6 -test7

Linux linux-2.6.15.2.tar.bz2

http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2

Linux kernel 2.6 -test9

Linux linux-2.6.15.2.tar.bz2

http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2

Linux kernel 2.6 -test8

Linux linux-2.6.15.2.tar.bz2

http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2

Linux kernel 2.6 -test10

Linux linux-2.6.15.2.tar.bz2

http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2

Linux kernel 2.6.1 -rc1

Linux linux-2.6.15.2.tar.bz2

http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2

Linux kernel 2.6.1 -rc2

Linux linux-2.6.15.2.tar.bz2

http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2

Linux kernel 2.6.1

Linux linux-2.6.15.2.tar.bz2

http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2

Linux kernel 2.6.10 rc2

Linux linux-2.6.15.2.tar.bz2

http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2

Linux kernel 2.6.10

Linux linux-2.6.15.2.tar.bz2

http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.2.tar.bz2

Ubuntu acpi-modules-2.6.10-6-386-di_2.6.10-34.17_i386.udeb

Ubuntu 5.04:

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.10/acpi -modules-2.6.10-6-386-di_2.6.10-34.17_i386.udeb

Ubuntu acpi-modules-2.6.10-6-amd64-generic-di_2.6.10-34.17_amd64.udeb

Ubuntu 5.04:

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.10/acpi -modules-2.6.10-6-amd64-generic-di_2.6.10-34.17_amd64.udeb

Ubuntu affs-modules-2.6.10-6-power3-di_2.6.10-34.17_powerpc.udeb

Ubuntu 5.04:

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.10/affs -modules-2.6.10-6-power3-di_2.6.10-34.17_powerpc.udeb

Ubuntu affs-modules-2.6.10-6-power4-di_2.6.10-34.17_powerpc.udeb

Ubuntu 5.04:

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.10/affs -modules-2.6.10-6-power4-di_2.6.10-34.17_powerpc.udeb

Ubuntu affs-modules-2.6.10-6-powerpc-di_2.6.10-34.17_powerpc.udeb

Ubuntu 5.04:

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.10/affs -modules-2.6.10-6-powerpc-di_2.6.10-34.17_powerpc.udeb

Ubuntu cdrom-core-modules-2.6.10-6-386-di_2.6.10-34.17_i386.udeb

Ubuntu 5.04:

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.10/cdro m-core-modules-2.6.10-6-386-di_2.6.10-34.17_i386.udeb

Ubuntu cdrom-core-modules-2.6.10-6-amd64-generic-di_2.6.10-34.17_amd64.udeb

Ubuntu 5.04:

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.10/cdro m-core-modules-2.6.10-6-amd64-generic-di_2.6.10-34.17_amd64.udeb

Ubuntu cdrom-core-modules-2.6.10-6-power3-di_2.6.10-34.17_powerpc.udeb

Ubuntu 5.04:

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.10/cdro m-core-modules-2.6.10-6-power3-di_2.6.10-34.17_powerpc.udeb

Ubuntu cdrom-core-modules-2.6.10-6-power4-di_2.6.10-34.17_powerpc.udeb

Ubuntu 5.04:

http://security.ubuntu.com/ubuntu/pool/main/l/li

参考网址

来源: MLIST

名称: [linux-sparc] 20060130 Re: Attempts to set date with 'date -s' hang the machine

链接：http://marc.theaimsgroup.com/?l=linux-sparc&m=113861287813463&w=2
来源: MLIST

名称: [linux-sparc] 20060130 Attempts to set date with 'date -s' hang the machine

链接：http://marc.theaimsgroup.com/?l=linux-sparc&m=113861010514065&w=2
来源: MLIST

名称: [debian-sparc] 20060128 `date -s' on sparc64

链接：http://lists.debian.org/debian-sparc/2006/01/msg00129.html
来源: XF

名称: kernel-date-s-dos(24475)

链接：http://xforce.iss.net/xforce/xfdb/24475
来源: BID

名称: 17216

链接：http://www.securityfocus.com/bid/17216
来源: VUPEN

名称: ADV-2006-0418

链接：http://www.frsirt.com/english/advisories/2006/0418
来源: DEBIAN

名称: DSA-1017

链接：http://www.debian.org/security/2006/dsa-1017

受影响实体

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200601-384

行业资讯-文章归档问答-问答归档