FreeBSD内核/proc文件系统实现整数溢出漏洞发布时间:2003-10-02 更新时间:2003-10-03 严重程度:高 威胁程度:本地拒绝服务 错误类型:设计错误 利用方式:服务器模式 BUGTRAQ ID:8748 受影响系统 FreeBSD FreeBSD 3.x详细描述 FreeBSD内核的/proc伪文件系统的实现上存在漏洞,程序实现上没有对用户可以影响的uio->uio_offset变量做充分的合法性检查,本地攻击者可以利用此漏洞导致系统崩溃或者泄露内存中的敏感信息。 解决方案 厂商已经提供了补丁: FreeBSD FreeBSD 4.3 -STABLE: FreeBSD Patch procfs43.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs43.patch FreeBSD FreeBSD 4.3 -RELENG: FreeBSD Patch procfs43.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs43.patch FreeBSD FreeBSD 4.3 -RELEASE-p38: FreeBSD Patch procfs43.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs43.patch FreeBSD FreeBSD 4.3 -RELEASE: FreeBSD Patch procfs43.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs43.patch FreeBSD FreeBSD 4.3: FreeBSD Patch procfs43.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs43.patch FreeBSD FreeBSD 4.4 -STABLE: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.4 -RELENG: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.4 -RELENG: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.4 -RELEASE-p42: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.4: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.5 -STABLE: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.5 -RELENG: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.5 -RELEASE-p32: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.5 -RELEASE: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.5: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/rocfs4x.patch FreeBSD FreeBSD 4.6 -STABLE: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.6 -RELENG: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.6 -RELEASE-p20: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.6 -RELEASE: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.6: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.6.2: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.7 -STABLE: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.7 -RELENG: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.7 -RELEASE-p17: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.7 -RELEASE: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.7: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.8 -RELENG: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.8 -RELEASE-p7: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.8 -PRERELEASE: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.8: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 4.9 -PRERELEASE: FreeBSD Patch procfs4x.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch FreeBSD FreeBSD 5.0 -RELENG: FreeBSD Patch procfs50.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs50.patch FreeBSD FreeBSD 5.0 -RELEASE-p14: FreeBSD Patch procfs50.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs50.patch FreeBSD FreeBSD 5.0: FreeBSD Patch procfs50.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs50.patch FreeBSD FreeBSD 5.1 -RELENG: FreeBSD Patch procfs51.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs51.patch FreeBSD FreeBSD 5.1 -RELEASE-p5: FreeBSD Patch procfs51.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs51.patch FreeBSD FreeBSD 5.1: FreeBSD Patch procfs51.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs51.patch 相关信息 PINE-CERT-20030902 http://archives.neohapsis.com/archives/bugtraq/2003-10/att-0020/00-part |
