Linux Kernel SCSI ProcFS拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109061 漏洞类型 资源管理错误
发布时间 2005-09-09 更新时间 2007-01-09
CVE编号 CVE-2005-2800 CNNVD-ID CNNVD-200509-043
漏洞平台 Linux CVSS评分 2.1
|漏洞来源
https://www.exploit-db.com/exploits/26248
https://www.securityfocus.com/bid/14790
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200509-043
|漏洞详情
Linuxkernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。NFSv4implementation是其中的一个分布式文件系统协议。LinuxKernel的SCSI驱动的procfs接口中存在拒绝服务漏洞。本地攻击者可以反复读取/proc/scsi/sg/devices,而next()iterator返回NULL或错误时没有正确的处理这种情况,耗尽kernel内存,导致拒绝服务。
|漏洞EXP
source: http://www.securityfocus.com/bid/14790/info

The Linux kernel is prone to a denial-of-service vulnerability. The kernel is affected by a memory leak, which eventually can result in a denial of service.

A local attacker can exploit this vulnerability by making repeated reads to the '/proc/scsi/sg/devices' file, which will exhaust kernel memory and lead to a denial of service. 

#!/bin/sh

while true; do
cat /proc/scsi/sg/devices > /dev/null
done
|受影响的产品
Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4
|参考资料

来源:www.kernel.org
链接:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=729d70f5dfd663b44bca68a4479c96bde7e535d6
来源:BID
名称:14790
链接:http://www.securityfocus.com/bid/14790
来源:FEDORA
名称:FLSA:157459-3
链接:http://www.securityfocus.com/archive/1/archive/1/427980/100/0/threaded
来源:SUSE
名称:SUSE-SA:2005:068
链接:http://www.securityfocus.com/archive/1/archive/1/419522/100/0/threaded
来源:REDHAT
名称:RHSA-2006:0101
链接:http://www.redhat.com/support/errata/RHSA-2006-0101.html
来源:MANDRAKE
名称:MDKSA-2005:220
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2005:220
来源:MANDRAKE
名称:MDKSA-2005:219
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2005:219
来源:MANDRAKE
名称:MDKSA-2005:218
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2005:218
来源:DEBIAN
名称:DSA-1017
链接:http://www.debian.org/security/2006/dsa-1017
来源:SECUNIA
名称:19374
链接:http://secunia.com/advisories/19374
来源:SECUNIA
名称:18510
链接:http://secunia.com/advisories/18510
来源:SECUNIA
名称:17918
链接:ht