漏洞信息详情
Linux eCryptfs工具parse_tag_11_packet函数栈溢出漏洞
- CNNVD编号:CNNVD-200907-457
- 危害等级: 中危
- CVE编号: CVE-2009-2406
- 漏洞类型: 缓冲区溢出
- 发布时间: 2009-07-31
- 威胁类型: 本地
- 更新时间: 2009-09-19
- 厂 商: linux
- 漏洞来源: Ramon de Carvalho ...
漏洞简介
eCryptfs是Linux平台下的企业级加密文件系统 。
eCryptfs的密钥管理代码中的parse_tag_11_packet函数没有检查tag 11报文所包含的文字数据大小(tag11_contents_size)是否大于max_contents_bytes就作为内存参数将其拷贝到了大小为ECRYPTFS_SIG_SIZE的栈缓冲区中,这可能触发栈溢出漏洞 。
fs/ecryptfs/keystore.c -- static int parse_tag_11_packet(unsigned char *data, unsigned char *contents, size_t max_contents_bytes, size_t *tag_11_contents_size, size_t *packet_size, size_t max_packet_size) { size_t body_size; size_t length_size; int rc = 0; ... rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size, &length_size); if (rc) { printk(KERN_WARNING Invalid tag 11 packet format\n); goto out; } if (body_size < 14) { printk(KERN_WARNING Invalid body size ([\\%td])\n, body_size); rc = -EINVAL; goto out; } (*packet_size) += length_size; (*tag_11_contents_size) = (body_size - 14); if (unlikely((*packet_size) + body_size + 1 > max_packet_size)) { printk(KERN_ERR Packet size exceeds max\n); rc = -EINVAL; goto out; } if (data[(*packet_size)++] != 0x62) { printk(KERN_WARNING Unrecognizable packet\n); rc = -EINVAL; goto out; } ... (*packet_size) += 12; /* Ignore filename and modification date */ memcpy(contents, &data[(*packet_size)], (*tag_11_contents_size)); (*packet_size) += (*tag_11_contents_size); ... --
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu linux-doc-2.6.27_2.6.27-14.35_all.deb
http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc-2.6.27_2 .6.27-14.35_all.deb
Ubuntu linux-doc-2.6.27_2.6.27-14.37_all.deb
http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc-2.6.27_2 .6.27-14.37_all.deb
Ubuntu linux-headers-2.6.27-14_2.6.27-14.35_all.deb
http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6. 27-14_2.6.27-14.35_all.deb
Ubuntu linux-headers-2.6.27-14_2.6.27-14.37_all.deb
http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6. 27-14_2.6.27-14.37_all.deb
Ubuntu linux-source-2.6.27_2.6.27-14.35_all.deb
http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.2 7_2.6.27-14.35_all.deb
Ubuntu linux-source-2.6.27_2.6.27-14.37_all.deb
http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.2 7_2.6.27-14.37_all.deb
Debian Linux 5.0 alpha
Debian linux-doc-2.6.26_2.6.26-17lenny1_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6 .26_2.6.26-17lenny1_all.deb
Debian linux-headers-2.6.26-2-all-alpha_2.6.26-17lenny1_alpha.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.26-2-all-alpha_2.6.26-17lenny1_alpha.deb
Debian linux-headers-2.6.26-2-all_2.6.26-17lenny1_alpha.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.26-2-all_2.6.26-17lenny1_alpha.deb
Debian linux-headers-2.6.26-2-alpha-generic_2.6.26-17lenny1_alpha.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.26-2-alpha-generic_2.6.26-17lenny1_alpha.deb
Debian linux-headers-2.6.26-2-alpha-legacy_2.6.26-17lenny1_alpha.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.26-2-alpha-legacy_2.6.26-17lenny1_alpha.deb
Debian linux-headers-2.6.26-2-alpha-smp_2.6.26-17lenny1_alpha.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.26-2-alpha-smp_2.6.26-17lenny1_alpha.deb
Debian linux-headers-2.6.26-2-common_2.6.26-17lenny1_alpha.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.26-2-common_2.6.26-17lenny1_alpha.deb
Debian linux-image-2.6.26-2-alpha-generic_2.6.26-17lenny1_alpha.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.26-2-alpha-generic_2.6.26-17lenny1_alpha.deb
Debian linux-image-2.6.26-2-alpha-legacy_2.6.26-17lenny1_alpha.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.26-2-alpha-legacy_2.6.26-17lenny1_alpha.deb
Debian linux-image-2.6.26-2-alpha-smp_2.6.26-17lenny1_alpha.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.26-2-alpha-smp_2.6.26-17lenny1_alpha.deb
Debian linux-libc-dev_2.6.26-17lenny1_alpha.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-de v_2.6.26-17lenny1_alpha.deb
Debian linux-manual-2.6.26_2.6.26-17lenny1_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual- 2.6.26_2.6.26-17lenny1_all.deb
Debian linux-patch-debian-2.6.26_2.6.26-17lenny1_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-d ebian-2.6.26_2.6.26-17lenny1_all.deb
Debian linux-source-2.6.26_2.6.26-17lenny1_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source- 2.6.26_2.6.26-17lenny1_all.deb
Debian linux-support-2.6.26-2_2.6.26-17lenny1_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support -2.6.26-2_2.6.26-17lenny1_all.deb
Debian linux-tree-2.6.26_2.6.26-17lenny1_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2. 6.26_2.6.26-17lenny1_all.deb
Debian Linux 4.0 amd64
Debian linux-doc-2.6.24_2.6.24-6~etchnhalf.8etch2_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc- 2.6.24_2.6.24-6~etchnhalf.8etch2_all.deb
Debian linux-headers-2.6.24-etchnhalf.1-all-amd64_2.6.24-6~etchnhalf.8etch2_amd64.deb
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head ers-2.6.24-etchnhalf.1-all-amd
参考网址
来源: VUPEN
名称: ADV-2009-2041
链接:http://www.vupen.com/english/advisories/2009/2041
来源: BID
名称: 35851
链接:http://www.securityfocus.com/bid/35851
来源: DEBIAN
名称: DSA-1845
链接:http://www.debian.org/security/2009/dsa-1845
来源: DEBIAN
名称: DSA-1844
链接:http://www.debian.org/security/2009/dsa-1844
来源: FEDORA
名称: FEDORA-2009-8144
链接:https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00223.HTML
来源: FEDORA
名称: FEDORA-2009-8264
链接:https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00166.HTML
来源: UBUNTU
名称: USN-807-1
链接:http://www.ubuntu.com/usn/usn-807-1
来源: SECTRACK
名称: 1022663
链接:http://www.securitytracker.com/id?1022663
来源: BUGTRAQ
名称: 20090728 [RISE-2009002] Linux eCryptfs parse_tag_11_packet Literal Data Buffer Overflow Vulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/505334/100/0/threaded
来源: REDHAT
名称: RHSA-2009:1193
链接:http://www.redhat.com/support/errata/RHSA-2009-1193.HTML
来源: www.kernel.org
链接:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.4
来源: SECUNIA
名称: 36131
链接:http://secunia.com/advisories/36131
来源: SECUNIA
名称: 36116
链接:http://secunia.com/advisories/36116
来源: SECUNIA
名称: 36054
链接:http://secunia.com/advisories/36054
来源: SECUNIA
名称: 36051
链接:http://secunia.com/advisories/36051
来源: SECUNIA
名称: 36045
链接:http://secunia.com/advisories/36045
来源: SECUNIA
名称: 35985
链接:http://secunia.com/advisories/35985
来源: MISC
链接:http://risesecurity.org/advisories/RISE-2009002.txt
来源: SUSE
名称: SUSE-SR:2009:015
链接:http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.HTML
来源: git.kernel.org
链接:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6352a29305373ae6196491e6d4669f301e26492e
受影响实体
- Linux Linux_kernel:2.6.11.11
- Linux Linux_kernel:2.6.11.10
- Linux Linux_kernel:2.6.11.1
- Linux Linux_kernel:2.6.11
- Linux Linux_kernel:2.6.10
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论