正文

Linux sysctl()核内存读取漏洞

admin
admin V管理员 /0 评论 /6 阅读
1230
此篇文章发布距今已超过1287天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Linux sysctl()核内存读取漏洞

  • CNNVD编号:CNNVD-200105-081
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2001-0316
  • 漏洞类型: 边界条件错误
  • 发布时间: 2001-05-03
  • 威胁类型: 本地
  • 更新时间: 2005-05-02
  • 厂        商: linux
  • 漏洞来源: This vulnerability...

漏洞简介

Linux kernel 2.4和2.2版本存在漏洞。本地用户借助sysctl调用的负参数读取核内存以及可能提升特权。

漏洞公告

Upgrades available. This kernel module was provided by Stephen White . /* Stephen White 10/2/2001 [email protected] sysctl_fix.c, compile: gcc -Wall -DMODULE -D__KERNEL__ -c sysctl_fix.c (on Redhat/UltraSparc with sparc64-linux-gcc -m64 -mno-fpu -mcmodel=medlow -mcpu=ultrasparc -ffixed-g4 -fcall-used-g5 -fcall-used-g7 -Wall -DMODULE -D__KERNEL__ -c sysctl_fix.c ) Prevent sysctl exploit discovered by Chris Evans by properly validating input against negative numbers, */ #include #include #include #include #include #include #include #include #include #include #include extern void *sys_call_table[]; int (*old_sysctl)(struct __sysctl_args *args); asmlinkage int validate_sysctl(struct __sysctl_args *args) { struct __sysctl_args tmp; if(copy_from_user(&tmp, args, sizeof(tmp))) return -EFAULT; if (tmp.nlen uid); return -EINVAL; } int init_module() { old_sysctl = sys_call_table[__NR__sysctl]; sys_call_table[__NR__sysctl] = validate_sysctl; return 0; } void cleanup_module() { sys_call_table[__NR__sysctl] = old_sysctl; } RedHat kernel-doc-2.2.16-22.i386.rpm

  • Red Hat Inc. 7.0 i386 kernel-doc-2.2.17-14.i386.rpm ftp://updates.redhat.com/7.0/i386/kernel-doc-2.2.17-14.i386.rpm
RedHat kernel-smp-2.2.16-22.i386.rpm
  • Red Hat Inc. 7.0 i386 kernel-smp-2.2.17-14.i386.rpm ftp://updates.redhat.com/7.0/i386/kernel-smp-2.2.17-14.i386.rpm
  • Red Hat Inc. 7.0 i586 kernel-smp-2.2.17-14.i586.rpm ftp://updates.redhat.com/7.0/i586/kernel-smp-2.2.17-14.i586.rpm
  • Red Hat Inc. 7.0 i686 kernel-smp-2.2.17-14.i686.rpm ftp://updates.redhat.com/7.0/i686/kernel-smp-2.2.17-14.i686.rpm
RedHat kernel-source-2.2.16-22.i386.rpm
  • Red Hat Inc. 7.0 i386 kernel-source-2.2.17-14.i386.rpm ftp://updates.redhat.com/7.0/i386/kernel-source-2.2.17-14.i386.rpm
RedHat kernel-2.2.16-22.i686.rpm
  • Red Hat Inc. 7.0 i386 kernel-2.2.17-14.i386.rpm ftp://updates.redhat.com/7.0/i386/kernel-2.2.17-14.i386.rpm
  • Red Hat Inc. 7.0 i586 kernel-2.2.17-14.i586.rpm ftp://updates.redhat.com/7.0/i586/kernel-2.2.17-14.i586.rpm
  • Red Hat Inc. 7.0 i686 kernel-2.2.17-14.i686.rpm ftp://updates.redhat.com/7.0/i686/kernel-2.2.17-14.i686.rpm
RedHat kernel-2.2.16-22.i586.rpm
  • Red Hat Inc. 7.0 i386 kernel-2.2.17-14.i386.rpm ftp://updates.redhat.com/7.0/i386/kernel-2.2.17-14.i386.rpm
  • Red Hat Inc. 7.0 i586 kernel-2.2.17-14.i586.rpm ftp://updates.redhat.com/7.0/i586/kernel-2.2.17-14.i586.rpm
  • Red Hat Inc. 7.0 i686 kernel-2.2.17-14.i686.rpm ftp://updates.redhat.com/7.0/i686/kernel-2.2.17-14.i686.rpm
RedHat kernel-utils-2.2.16-22.i386.rpm
  • Red Hat Inc. 7.0 i386 kernel-utils-2.2.17-14.i386.rpm ftp://updates.redhat.com/7.0/i386/kernel-utils-2.2.17-14.i386.rpm
RedHat kernel-enterprise-2.2.16-22.i686.rpm
  • Red Hat Inc. 7.0 i686 kernel-enterprise-2.2.17-14.i686.rpm ftp://updates.redhat.com/7.0/i686/kernel-enterprise-2.2.17-14.i686.rpm
RedHat kernel-smp-2.2.16-22.i586.rpm
  • Red Hat Inc. 7.0 i386 kernel-smp-2.2.17-14.i386.rpm ftp://updates.redhat.com/7.0/i386/kernel-smp-2.2.17-14.i386.rpm
  • Red Hat Inc. 7.0 i586 kernel-smp-2.2.17-14.i586.rpm ftp://updates.redhat.com/7.0/i586/kernel-smp-2.2.17-14.i586.rpm
  • Red Hat Inc. 7.0 i686 kernel-smp-2.2.17-14.i686.rpm ftp://updates.redhat.com/7.0/i686/kernel-smp-2.2.17-14.i686.rpm
RedHat kernel-2.2.16-22.i386.rpm
  • Red Hat Inc. 7.0 i386 kernel-2.2.17-14.i386.rpm ftp://updates.redhat.com/7.0/i386/kernel-2.2.17-14.i386.rpm
  • Red Hat Inc. 7.0 i586 kernel-2.2.17-14.i586.rpm ftp://updates.redhat.com/7.0/i586/kernel-2.2.17-14.i586.rpm
  • Red Hat Inc. 7.0 i686 kernel-2.2.17-14.i686.rpm ftp://updates.redhat.com/7.0/i686/kernel-2.2.17-14.i686.rpm
RedHat kernel-pcmcia-cs-2.2.16-22.i386.rpm
  • Red Hat Inc. 7.0 i386 kernel-pcmcia-cs-2.2.17-14.i386.rpm ftp://updates.redhat.com/7.0/i386/kernel-pcmcia-cs-2.2.17-14.i386.rpm
RedHat kernel-ibcs-2.2.16-22.i386.rpm
  • Red Hat Inc. 7.0 i386 kernel-ibcs-2.2.17-14.i386.rpm ftp://updates.redhat.com/7.0/i386/kernel-ibcs-2.2.17-14.i386.rpm
RedHat kernel-BOOT-2.2.16-22.i386.rpm
  • Red Hat Inc. 7.0 i386 kernel-BOOT-2.2.17-14.i386.rpm ftp://updates.redhat.com/7.0/i386/kernel-BOOT-2.2.17-14.i386.rpm
RedHat kernel-smp-2.2.16-22.i686.rpm
  • Red Hat Inc. 7.0 i386 kernel-smp-2.2.17-14.i386.rpm ftp://updates.redhat.com/7.0/i386/kernel-smp-2.2.17-14.i386.rpm
  • Red Hat Inc. 7.0 i586 kernel-smp-2.2.17-14.i586.rpm ftp://updates.redhat.com/7.0/i586/kernel-smp-2.2.17-14.i586.rpm
  • Red Hat Inc. 7.0 i686 kernel-smp-2.2.17-14.i686.rpm ftp://updates.redhat.com/7.0/i686/kernel-smp-2.2.17-14.i686.rpm
Linux kernel 2.2.18
  • Red Hat Inc. 6.x alpha kernel-2.2.17-14.alpha.rpm

参考网址

来源: CALDERA 名称: CSSA-2001-009 链接:http://www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt 来源: BUGTRAQ 名称: 20010213 Trustix Security Advisory - proftpd, kernel 链接:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html 来源: XF 名称: linux-sysctl-read-memory(6079) 链接:http://xforce.iss.net/xforce/xfdb/6079 来源: BID 名称: 2364 链接:http://www.securityfocus.com/bid/2364 来源: REDHAT 名称: RHSA-2001:013 链接:http://www.redhat.com/support/errata/RHSA-2001-013.html 来源: OSVDB 名称: 6017 链接:http://www.osvdb.org/6017

受影响实体

  • Linux Linux_kernel:2.2.0  
    <!--
    2000-1-1
    -->
  • Linux Linux_kernel:2.4.0  
    <!--
    2000-1-1
    -->

补丁

    暂无