首页 -> 安全研究
安全研究
绿盟月刊
绿盟安全月刊->第35期->最新漏洞
日期:2002-09-16
Linux Kernel 2.4.18本地可提升权限安全漏洞
发布日期:2002-08-21
更新日期:2002-08-28
受影响系统:
Linux kernel 2.4.19pre-6
Linux kernel 2.4.19pre-5
Linux kernel 2.4.19pre-4
Linux kernel 2.4.19pre-3
Linux kernel 2.4.19pre-2
Linux kernel 2.4.19pre-1
Linux kernel 2.4.18pre-8
Linux kernel 2.4.18pre-7
Linux kernel 2.4.18pre-6
Linux kernel 2.4.18pre-5
Linux kernel 2.4.18pre-4
Linux kernel 2.4.18pre-3
Linux kernel 2.4.18pre-2
Linux kernel 2.4.18pre-1
Linux kernel 2.4.18
- Mandrake Linux 8.2
- Mandrake Linux 8.1
- Mandrake Linux 8.0
- RedHat Linux 7.3
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 5539
Linux Kernel是一款开放源代码操作系统内核。
Redhat发现在Linux内核2.4.18版本中存在几个安全问题,本地攻击者可以利用这些漏洞可能进行权限提升攻击。
Linux内核2.4.18版本中相关的系列设备驱动程序存在安全问题:
stradis
rio500
se401
usbvideo
apm
此外,Procfs虚拟文件系统组件也存在漏洞可导致内核内存泄露,可能导致攻击者提升权限。
当目前为止还没有发现任何相关可利用代码。
<*来源:Silvio Cesare (silvio@qualys.com)
Stas Sergeev
Andi Kleen
Solar Designer (solar@openwall.com)
链接:https://www.redhat.com/support/errata/RHSA-2002-158.html
*>
建议:
--------------------------------------------------------------------------------
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 加强本地用户的管理。建议给Kernel打上补丁。
厂商补丁:
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2002:158-09)以及相应补丁:
RHSA-2002:158-09:New kernel update available, fixes i810 video oops, several security issues
链接:https://www.redhat.com/support/errata/RHSA-2002-158.html
补丁下载:
Red Hat RPM kernel-2.4.18-10.src.rpm
ftp://updates.redhat.com/7.3/en/os/SRPMS/kernel-2.4.18-10.src.rpm
Source RPM.
Red Hat RPM kernel-2.4.18-10.athlon.rpm
ftp://updates.redhat.com/7.3/en/os/athlon/kernel-2.4.18-10.athlon.rpm
Optimized for Athlon systems.
Red Hat RPM kernel-smp-2.4.18-10.athlon.rpm
ftp://updates.redhat.com/7.3/en/os/athlon/kernel-smp-2.4.18-10.athlon.rpm
Optimized for SMP Athlon systems.
Red Hat RPM kernel-2.4.18-10.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-2.4.18-10.i386.rpm
Optimized for i386 systems.
Red Hat RPM kernel-source-2.4.18-10.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-source-2.4.18-10.i386.rpm
Red Hat RPM kernel-doc-2.4.18-10.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-doc-2.4.18-10.i386.rpm
Red Hat RPM kernel-BOOT-2.4.18-10.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-BOOT-2.4.18-10.i386.rpm
Red Hat RPM kernel-2.4.18-10.i586.rpm
ftp://updates.redhat.com/7.3/en/os/i586/kernel-2.4.18-10.i586.rpm
Optimized for i586 systems.
Red Hat RPM kernel-smp-2.4.18-10.i586.rpm
ftp://updates.redhat.com/7.3/en/os/i586/kernel-smp-2.4.18-10.i586.rpm
Optimized for SMP i586 systems.
Red Hat RPM kernel-2.4.18-10.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-2.4.18-10.i686.rpm
Optimized for i686 systems.
Red Hat RPM kernel-smp-2.4.18-10.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-smp-2.4.18-10.i686.rpm
Optimized for SMP i686 systems.
Red Hat RPM kernel-bigmem-2.4.18-10.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-bigmem-2.4.18-10.i686.rpm
Additional package for i686 systems.
Red Hat RPM kernel-debug-2.4.18-10.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-debug-2.4.18-10.i686.rpm
Additional package for i686 systems.
MD5校验如下:
MD5 sum Package Name
--------------------------------------------------------------------------
4473420c7f9bf2b9c83e6c1ec69f597f 7.3/en/os/SRPMS/kernel-2.4.18-10.src.rpm
1b836ea01aa4aef62cc3c185e8547952 7.3/en/os/athlon/kernel-2.4.18-10.athlon.rpm
b88c661fddd81194503be2acd168bff5 7.3/en/os/athlon/kernel-smp-2.4.18-10.athlon.rpm
b2bacd0954832353ecddb507f087b338 7.3/en/os/i386/kernel-2.4.18-10.i386.rpm
d105a7cc4d3e21bc9c5ace02f0b0152e 7.3/en/os/i386/kernel-BOOT-2.4.18-10.i386.rpm
91a1978068ee80c53a7500d4486b66e4 7.3/en/os/i386/kernel-doc-2.4.18-10.i386.rpm
51bc76e8c016e00aa26d798a85f53759 7.3/en/os/i386/kernel-source-2.4.18-10.i386.rpm
2cd340835d9acb309ccd61cb7581fc2d 7.3/en/os/i586/kernel-2.4.18-10.i586.rpm
a0925e2445b68abe21225a4d3842c1a2 7.3/en/os/i586/kernel-smp-2.4.18-10.i586.rpm
32b3df55a27018ea85cf8ebcad6186dd 7.3/en/os/i686/kernel-2.4.18-10.i686.rpm
96df823d6e481142b446f278abb91a70 7.3/en/os/i686/kernel-bigmem-2.4.18-10.i686.rpm
2c3ac524c7da4188905a28a37acd8afd 7.3/en/os/i686/kernel-debug-2.4.18-10.i686.rpm
51ba272488114c3b61d7c0fdc63ee04b 7.3/en/os/i686/kernel-smp-2.4.18-10.i686.rpm
版权所有,未经许可,不得转载