Boletines de Vulnerabilidades

int(827)

Boletines de Vulnerabilidades

Desbordamiento de entero en el código cpufreq del kernel 2.6 de Linux
Clasificación de la vulnerabilidad
Propiedad	Valor
Nivel de Confianza	Oficial
Impacto	Compromiso Root
Dificultad	Experto
Requerimientos del atacante	Acceso remoto con cuenta
Información sobre el sistema
Propiedad	Valor
Fabricant afectat	GNU/Linux
Software afectado	kernel 2.6 <=2.6.5
Descripción
Se ha descubierto una vulnerabilidad de desbordamiento de entero en la rama 2.6 (<=2.6.5) del kernel de Linux. La vulnerabilidad reside en la función cpufreq_procctl() y podría permitir a un atacante local obtener contenidos de la memoria del kernel con lo que el atacante podría llegar a obtener privilegios de root.
Solución
Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo. Actualización de software Linux Kernel Linux Kernel 2.6.6 http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.6.tar.gz Mandrake Linux Mandrakelinux 9.2 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/kernel-2.4.22.32mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/kernel-enterprise-2.4.22.32mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/kernel-i686-up-4GB-2.4.22.32mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/kernel-p3-smp-64GB-2.4.22.32mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/kernel-secure-2.4.22.32mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/kernel-smp-2.4.22.32mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/kernel-source-2.4.22-32mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/kernel-2.4.22.32mdk-1-1mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/kernel-2.4.22.32mdk-1-1mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/kernel-secure-2.4.22.32mdk-1-1mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/kernel-smp-2.4.22.32mdk-1-1mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/kernel-source-2.4.22-32mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/kernel-2.4.22.32mdk-1-1mdk.src.rpm Mandrakelinux 10.0 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-2.4.25.5mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-2.6.3.13mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-enterprise-2.4.25.5mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-enterprise-2.6.3.13mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-i686-up-4GB-2.4.25.5mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-i686-up-4GB-2.6.3.13mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-p3-smp-64GB-2.4.25.5mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-p3-smp-64GB-2.6.3.13mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-secure-2.6.3.13mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-smp-2.4.25.5mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-smp-2.6.3.13mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-source-2.4.25-5mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-source-2.6.3-13mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-source-stripped-2.6.3-13mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/kernel-2.4.25.5mdk-1-1mdk.src.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/kernel-2.6.3.13mdk-1-1mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kernel-2.4.25.5mdk-1-1mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kernel-2.6.3.13mdk-1-1mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kernel-secure-2.6.3.13mdk-1-1mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kernel-smp-2.4.25.5mdk-1-1mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kernel-smp-2.6.3.13mdk-1-1mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kernel-source-2.4.25-5mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kernel-source-2.6.3-13mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kernel-source-stripped-2.6.3-13mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/kernel-2.4.25.5mdk-1-1mdk.src.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/kernel-2.6.3.13mdk-1-1mdk.src.rpm SuSe Linux SuSE-9.1 i386 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-default-2.6.4-54.3.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-smp-2.6.4-54.3.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-bigsmp-2.6.4-54.3.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-syms-2.6.4-54.3.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-default-2.6.4-54.3.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-smp-2.6.4-54.3.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-bigsmp-2.6.4-54.3.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-syms-2.6.4-54.3.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-source-2.6.4-54.3.src.rpm Opteron x86_64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-default-2.6.4-54.3.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-smp-2.6.4-54.3.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-syms-2.6.4-54.3.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-default-2.6.4-54.3.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-smp-2.6.4-54.3.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-syms-2.6.4-54.3.src.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-source-2.6.4-54.3.src.rpm SuSE-9.0 i386 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_deflt-2.4.21-215.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_athlon-2.4.21-215.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_smp-2.4.21-215.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/kernel-source-2.4.21-215.src.rpm Opteron x86_64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/k_deflt-2.4.21-215.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/k_smp-2.4.21-215.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/kernel-source-2.4.21-215.src.rpm SuSE-8.2 i386 ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_deflt-2.4.20-111.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_athlon-2.4.20-111.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_smp-2.4.20-111.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_psmp-2.4.20-111.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/kernel-source-2.4.20.SuSE-111.src.rpm SuSE-8.1 i386 ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_deflt-2.4.21-215.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_athlon-2.4.21-215.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_smp-2.4.21-215.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_psmp-2.4.21-215.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/kernel-source-2.4.21-215.src.rpm SuSE-8.0 i386 ftp://ftp.suse.com/pub/suse/i386/update/8.0/images/k_deflt-2.4.18-293.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/images/k_smp-2.4.18-293.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/images/k_psmp-2.4.18-293.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/images/k_i386-2.4.18-293.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/kernel-source-2.4.18.SuSE-293.nosrc.rpm
Identificadores estándar
Propiedad	Valor
CVE	CAN-2004-0228
BID
Recursos adicionales
Mandrakesoft Security Advisory MDKSA-2004:050 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:050 SuSe Security Advisory SuSE-SA:2004:010 http://www.suse.de/de/security/2004_10_kernel.html

Histórico de versiones
Versión	Comentario	Data
1.0	Aviso emitido	2004-05-24

Boletines de Vulnerabilidades

Desbordamiento de entero en el código cpufreq del kernel 2.6 de Linux

Clasificación de la vulnerabilidad

Información sobre el sistema

Descripción

Solución

Identificadores estándar

Recursos adicionales

Histórico de versiones