Vulnerability Bulletins |
Desbordamiento de entero en el código cpufreq del kernel 2.6 de Linux |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Compromiso Root |
Dificulty | Experto |
Required attacker level | Acceso remoto con cuenta |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software | kernel 2.6 <=2.6.5 |
Description |
|
Se ha descubierto una vulnerabilidad de desbordamiento de entero en la rama 2.6 (<=2.6.5) del kernel de Linux. La vulnerabilidad reside en la función cpufreq_procctl() y podría permitir a un atacante local obtener contenidos de la memoria del kernel con lo que el atacante podría llegar a obtener privilegios de root. | |
Solution |
|
Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo. Actualización de software Linux Kernel Linux Kernel 2.6.6 http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.6.tar.gz Mandrake Linux Mandrakelinux 9.2 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/kernel-2.4.22.32mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/kernel-enterprise-2.4.22.32mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/kernel-i686-up-4GB-2.4.22.32mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/kernel-p3-smp-64GB-2.4.22.32mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/kernel-secure-2.4.22.32mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/kernel-smp-2.4.22.32mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/kernel-source-2.4.22-32mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/kernel-2.4.22.32mdk-1-1mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/kernel-2.4.22.32mdk-1-1mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/kernel-secure-2.4.22.32mdk-1-1mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/kernel-smp-2.4.22.32mdk-1-1mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/kernel-source-2.4.22-32mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/kernel-2.4.22.32mdk-1-1mdk.src.rpm Mandrakelinux 10.0 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-2.4.25.5mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-2.6.3.13mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-enterprise-2.4.25.5mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-enterprise-2.6.3.13mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-i686-up-4GB-2.4.25.5mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-i686-up-4GB-2.6.3.13mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-p3-smp-64GB-2.4.25.5mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-p3-smp-64GB-2.6.3.13mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-secure-2.6.3.13mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-smp-2.4.25.5mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-smp-2.6.3.13mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-source-2.4.25-5mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-source-2.6.3-13mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kernel-source-stripped-2.6.3-13mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/kernel-2.4.25.5mdk-1-1mdk.src.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/kernel-2.6.3.13mdk-1-1mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kernel-2.4.25.5mdk-1-1mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kernel-2.6.3.13mdk-1-1mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kernel-secure-2.6.3.13mdk-1-1mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kernel-smp-2.4.25.5mdk-1-1mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kernel-smp-2.6.3.13mdk-1-1mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kernel-source-2.4.25-5mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kernel-source-2.6.3-13mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kernel-source-stripped-2.6.3-13mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/kernel-2.4.25.5mdk-1-1mdk.src.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/kernel-2.6.3.13mdk-1-1mdk.src.rpm SuSe Linux SuSE-9.1 i386 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-default-2.6.4-54.3.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-smp-2.6.4-54.3.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-bigsmp-2.6.4-54.3.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-syms-2.6.4-54.3.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-default-2.6.4-54.3.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-smp-2.6.4-54.3.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-bigsmp-2.6.4-54.3.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-syms-2.6.4-54.3.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-source-2.6.4-54.3.src.rpm Opteron x86_64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-default-2.6.4-54.3.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-smp-2.6.4-54.3.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-syms-2.6.4-54.3.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-default-2.6.4-54.3.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-smp-2.6.4-54.3.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-syms-2.6.4-54.3.src.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-source-2.6.4-54.3.src.rpm SuSE-9.0 i386 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_deflt-2.4.21-215.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_athlon-2.4.21-215.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_smp-2.4.21-215.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/kernel-source-2.4.21-215.src.rpm Opteron x86_64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/k_deflt-2.4.21-215.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/k_smp-2.4.21-215.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/kernel-source-2.4.21-215.src.rpm SuSE-8.2 i386 ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_deflt-2.4.20-111.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_athlon-2.4.20-111.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_smp-2.4.20-111.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_psmp-2.4.20-111.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/kernel-source-2.4.20.SuSE-111.src.rpm SuSE-8.1 i386 ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_deflt-2.4.21-215.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_athlon-2.4.21-215.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_smp-2.4.21-215.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_psmp-2.4.21-215.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/kernel-source-2.4.21-215.src.rpm SuSE-8.0 i386 ftp://ftp.suse.com/pub/suse/i386/update/8.0/images/k_deflt-2.4.18-293.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/images/k_smp-2.4.18-293.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/images/k_psmp-2.4.18-293.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/images/k_i386-2.4.18-293.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/kernel-source-2.4.18.SuSE-293.nosrc.rpm |
|
Standar resources |
|
Property | Value |
CVE | CAN-2004-0228 |
BID | |
Other resources |
|
Mandrakesoft Security Advisory MDKSA-2004:050 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:050 SuSe Security Advisory SuSE-SA:2004:010 http://www.suse.de/de/security/2004_10_kernel.html |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2004-05-24 |