漏洞信息详情

Linux Kernel 系统调用TF/NT标记本地拒绝服务攻击漏洞

• CNNVD编号：CNNVD-200212-012
• 危害等级： 低危
  
• CVE编号： CVE-2002-1319
• 漏洞类型： 未知
• 发布时间： 2002-11-06
• 威胁类型： 本地
• 更新时间： 2005-05-13
• 厂        商： linux
• 漏洞来源： Georgi Guninski※ g...

漏洞简介

Linux Kernel是开放源代码的Linux内核系统。 Linux内核不正确处理系统调用的TF/NT标记，本地攻击者利用这个漏洞可以进行拒绝服务攻击。 Linux内核在处理lcall调用时会仿真一个陷阱/中断门. 真正的陷阱/中断门会在进入内核之前清除EFLAGS中的TF和NT标记， 然而Linux内核的仿真代码在实现上没有做这一步处理. 如果本地攻击者在调用lcall之前有意设置了TF或NT标志， 就会导致内核错误地根据EFLAGS进行处理， 这将造成内核崩溃， 系统可能挂起或重启. 这个漏洞影响x86平台下的Linux kernel 2.2.x， 2.4.20以及更低版本， 2.5.x.

漏洞公告

临时解决方法： 如果您不能立刻安装补丁或者升级，CNNVD建议您采取以下措施以降低威胁：

* 禁止不可信用户登录系统. 厂商补丁： Linux ----- Linus Torvalds 已经发布了升级补丁以修复这个安全问题：

# The following is the BitKeeper ChangeSet Log

# --------------------------------------------

# 02/11/14 [email protected] 1.848

# Fix impressive call gate misuse DoS reported on bugtraq.

# --------------------------------------------

# 02/11/14 [email protected] 1.849

# Duh. Fix the other lcall entry point too.

# --------------------------------------------

#

diff -Nru a/arch/i386/kernel/entry.S b/arch/i386/kernel/entry.S

--- a/arch/i386/kernel/entry.S Thu Nov 14 09:59:08 2002

+++ b/arch/i386/kernel/entry.S Thu Nov 14 09:59:08 2002

@@ -66,7 +66,9 @@

OLDSS = 0x38

CF_MASK = 0x00000001

+TF_MASK = 0x00000100

IF_MASK = 0x00000200

+DF_MASK = 0x00000400

NT_MASK = 0x00004000

VM_MASK = 0x00020000

@@ -134,6 +136,17 @@

movl %eax,EFLAGS(%esp) #

movl %edx,EIP(%esp) # Now we move them to their "normal" places

movl %ecx,CS(%esp) #

+

+ #

+ # Call gates don't clear TF and NT in eflags like

+ # traps do, so we need to do it ourselves.

+ # %eax already contains eflags (but it may have

+ # DF set, clear that also)

+ #

+ andl $~(DF_MASK | TF_MASK | NT_MASK),%eax

+ pushl %eax

+ popfl

+

movl %esp, %ebx

pushl %ebx

andl $-8192, %ebx # GET_THREAD_INFO

@@ -156,6 +169,17 @@

movl %eax,EFLAGS(%esp) #

movl %edx,EIP(%esp) # Now we move them to their "normal" places

movl %ecx,CS(%esp) #

+

+ #

+ # Call gates don't clear TF and NT in eflags like

+ # traps do, so we need to do it ourselves.

+ # %eax already contains eflags (but it may have

+ # DF set, clear that also)

+ #

+ andl $~(DF_MASK | TF_MASK | NT_MASK),%eax

+ pushl %eax

+ popfl

+

movl %esp, %ebx

pushl %ebx

andl $-8192, %ebx # GET_THREAD_INFO RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2002:264-05)以及相应补丁:

RHSA-2002:264-05：New kernel 2.2 packages fix local denial of service issue

链接：https://www.redhat.com/support/errata/RHSA-2002-264.HTML

补丁下载：

Red Hat Linux 6.2:

SRPMS:

ftp://updates.redhat.com/6.2/en/os/SRPMS/kernel-2.2.22-6.2.3.src.rpm

i386:

ftp://updates.redhat.com/6.2/en/os/i386/kernel-smp-2.2.22-6.2.3.i386.rpm

ftp://updates.redhat.com/6.2/en/os/i386/kernel-2.2.22-6.2.3.i386.rpm

ftp://updates.redhat.com/6.2/en/os/i386/kernel-BOOT-2.2.22-6.2.3.i386.rpm

ftp://updates.redhat.com/6.2/en/os/i386/kernel-ibcs-2.2.22-6.2.3.i386.rpm

ftp://updates.redhat.com/6.2/en/os/i386/kernel-utils-2.2.22-6.2.3.i386.rpm

ftp://updates.redhat.com/6.2/en/os/i386/kernel-pcmcia-cs-2.2.22-6.2.3.i386.rpm

ftp://updates.redhat.com/6.2/en/os/i386/kernel-doc-2.2.22-6.2.3.i386.rpm

ftp://updates.redhat.com/6.2/en/os/i386/kernel-headers-2.2.22-6.2.3.i386.rpm

ftp://updates.redhat.com/6.2/en/os/i386/kernel-source-2.2.22-6.2.3.i386.rpm

i586:

ftp://updates.redhat.com/6.2/en/os/i586/kernel-smp-2.2.22-6.2.3.i586.rpm

ftp://updates.redhat.com/6.2/en/os/i586/kernel-2.2.22-6.2.3.i586.rpm

i686:

ftp://updates.redhat.com/6.2/en/os/i686/kernel-enterprise-2.2.22-6.2.3.i686.rpm

ftp://updates.redhat.com/6.2/en/os/i686/kernel-smp-2.2.22-6.2.3.i686.rpm

ftp://updates.redhat.com/6.2/en/os/i686/kernel-2.2.22-6.2.3.i686.rpm

Red Hat Linux 7.0:

SRPMS:

ftp://updates.redhat.com/7.0/en/os/SRPMS/kernel-2.2.22-7.0.3.src.rpm

i386:

ftp://updates.redhat.com/7.0/en/os/i386/kernel-smp-2.2.22-7.0.3.i386.rpm

ftp://updates.redhat.com/7.0/en/os/i386/kernel-2.2.22-7.0.3.i386.rpm

ftp://updates.redhat.com/7.0/en/os/i386/kernel-BOOT-2.2.22-7.0.3.i386.rpm

ftp://updates.redhat.com/7.0/en/os/i386/kernel-ibcs-2.2.22-7.0.3.i386.rpm

参考网址

来源: BID 名称: 6115 链接:http://www.securityfocus.com/bid/6115 来源: REDHAT 名称: RHSA-2002:262 链接:http://rhn.redhat.com/errata/RHSA-2002-262.HTML 来源: BUGTRAQ 名称: 20021111 i386 Linux kernel DoS 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103714004623587&w=2 来源: XF 名称: linux-kernel-tf-dos(10576) 链接:http://xforce.iss.net/xforce/xfdb/10576 来源: REDHAT 名称: RHSA-2002:263 链接:http://www.redhat.com/support/errata/RHSA-2002-263.HTML 来源: REDHAT 名称: RHSA-2002:264 链接:http://rhn.redhat.com/errata/RHSA-2002-264.HTML 来源: BUGTRAQ 名称: 20021114 Re: i386 Linux kernel DoS 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103737292709297&w=2 来源: CONECTIVA 名称: CLA-2002:553 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000553

受影响实体

• Linux Linux_kernel:2.4.7  

补丁

暂无