漏洞信息详情
Linux Kernel utrace/ptrace Local 未明拒绝服务漏洞
- CNNVD编号:CNNVD-200806-401
- 危害等级: 低危
- CVE编号: CVE-2008-2365
- 漏洞类型: 竞争条件
- 发布时间: 2008-06-30
- 威胁类型: 本地
- 更新时间: 2009-01-29
- 厂 商: linux
- 漏洞来源: Alexei Dobryanov
漏洞简介
Linux kernel 2.6.9 至2.6.25的ptrace 和 utrace support中的竞争条件,当在Red Hat Enterprise Linux (RHEL) 4中运行时, 会允许本地用户通过一个长的PTRACE_ATTACH ptrace调用其它用户的程序,已引起拒绝服务(联机物体临时接线系统)。该程序会触发utrace_detach 和 report_quiescent之间的冲突。该漏洞与 \"late ptrace_may_attach() check\" 和 \"race around &dead_engine_ops setting,\" 有关,不同于 CVE-2007-0771 和CVE-2008-1514。注意: 该漏洞可能只影响2.6.16.x之前的内核版本。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Linux kernel 2.6.25.3
Linux [PATCH] fix zap_thread's ptrace related problems
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=5ecfbae093f0c37311e89b29bfc0c9d586eace87
Linux Fix ptrace_attach()/ptrace_traceme()/de_thread() race
http://git.kernel.org/?p=linux/kernel/git/stable/linux-.6.25.y.git;a=commit;h=f5b40e363ad6041a96e3da32281d8faa191597b9
Linux ptrace_attach: fix possible deadlock schenario withp://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=f358166a9405e4f1d8e50d8f415c26d95505b6de
Linux kernel 2.6.25.2
Linux [PATCH] fix zap_thread's ptrace related problems
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=5ecfbae093f0c37311e89b29bfc0c9d586eace87
Linux Fix ptrace_attach()/ptrace_traceme()/de_thread() race
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=f5b40e363ad6041a96e3da32281d8faa191597b9
Linux ptrace_attach: fix possible deadlock schenario with irqs
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=f358166a9405e4f1d8e50d8f415c26d95505b6de
Linux kernel 2.6.25 .5
Linux [PATCH] fix zap_thread's ptrace related problems
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=5ecfbae093f0c37311e89b29bfc0c9d586eace87
Linux Fix ptrace_attach()/ptrace_traceme()/de_thread() race
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=f5b40e363ad6041a96e3da32281d8faa191597b9
Linux ptrace_attach: fix possible deadlock schenario with irqs
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=f358166a9405e4f1d8e50d8f415c26d95505b6de
参考网址
来源: MLIST
名称: [oss-security] 20080626 CVE-2008-2365 kernel: ptrace: Crash on PTRACE_{ATTACH,DETACH} race -- affecting kernel versions <=>
链接:http://www.openwall.com/lists/oss-security/2008/06/26/1
来源: REDHAT
名称: RHSA-2008:0508
链接:http://rhn.redhat.com/errata/RHSA-2008-0508.HTML
来源: bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=449359
来源: XF
名称: linux-kernel-ptraceattach-dos(43567)
链接:http://xforce.iss.net/xforce/xfdb/43567
来源: UBUNTU
名称: USN-625-1
链接:http://www.ubuntu.com/usn/usn-625-1
来源: SECTRACK
名称: 1020362
链接:http://www.securitytracker.com/id?1020362
来源: BID
名称: 29945
链接:http://www.securityfocus.com/bid/29945
来源: MLIST
名称: [oss-security] 20080714 Re: CVE-2008-2365 kernel: ptrace: Crash on PTRACE_{ATTACH,DETACH} race -- affecting kernel versions <=>
链接:http://www.openwall.com/lists/oss-security/2008/07/14/1
来源: MISC
名称: http://sources.redhat.com/cgi-bin/cvsweb.cgi/~checkout~/tests/ptrace-tests/tests/late-ptrace-may-attach-check.c?cvsroot=systemtap
链接:http://sources.redhat.com/cgi-bin/cvsweb.cgi/~checkout~/tests/ptrace-tests/tests/late-ptrace-may-attach-check.c?cvsroot=systemtap
来源: SREASON
名称: 3965
链接:http://securityreason.com/securityalert/3965
来源: SECUNIA
名称: 31107
链接:http://secunia.com/advisories/31107
来源: SECUNIA
名称: 30850
链接:http://secunia.com/advisories/30850
来源: MLIST
名称: [linux-kernel] 20070508 Re: [PATCH -utrace] Move utrace into task_struct
链接:http://marc.info/?l=linux-kernel&m=117863520707703&w=2
来源: git.kernel.org
链接:http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=f5b40e363ad6041a96e3da32281d8faa191597b9
来源: git.kernel.org
链接:http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=f358166a9405e4f1d8e50d8f415c26d95505b6de
来源: git.kernel.org
链接:http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=5ecfbae093f0c37311e89b29bfc0c9d586eace87
受影响实体
- Linux Linux_kernel:2.6.16.11
- Linux Linux_kernel:2.6.16.1
- Linux Linux_kernel:2.6.16.13
- Linux Linux_kernel:2.6.16.12
- Linux Linux_kernel:2.6.16.19
补丁
暂无
评论