Linux kernel 2.6.x
Linux Kernel视频输出设备状态本地拒绝服务漏洞
SEBUG-ID:19251
SEBUG-Appdir:Linux
Published:2010-03-08
Vulnerable:
Discription:
BUGTRAQ ID: 38607 Linux Kernel是开放源码操作系统Linux所使用的内核。 运行在某些ThinkPad平台上的Linux操作系统在读取视频输出设备的状态时存在错误,本地用户从/proc/acpi/ibm/video读取数据时就可能导致内核崩溃。
<*References
jidanni (jidanni@jidanni.org)*>
http://secunia.com/advisories/38863/
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=565790
Exploit:
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
$ cat /proc/acpi/ibm/video
SEBUG Solution:
厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b525c06cdbd8a3963f0173ccd23f9147d4c384b5
// sebug.net [2010-03-10]