漏洞信息详情
Linux Kernel 系统调用TF/NT标记本地拒绝服务攻击漏洞
- CNNVD编号:CNNVD-200212-012
- 危害等级: 低危
- CVE编号: CVE-2002-1319
- 漏洞类型: 未知
- 发布时间: 2002-11-06
- 威胁类型: 本地
- 更新时间: 2005-05-13
- 厂 商: linux
- 漏洞来源: Georgi Guninski※ g...
漏洞简介
Linux Kernel是开放源代码的Linux内核系统。 Linux内核不正确处理系统调用的TF/NT标记,本地攻击者利用这个漏洞可以进行拒绝服务攻击。 Linux内核在处理lcall调用时会仿真一个陷阱/中断门. 真正的陷阱/中断门会在进入内核之前清除EFLAGS中的TF和NT标记, 然而Linux内核的仿真代码在实现上没有做这一步处理. 如果本地攻击者在调用lcall之前有意设置了TF或NT标志, 就会导致内核错误地根据EFLAGS进行处理, 这将造成内核崩溃, 系统可能挂起或重启. 这个漏洞影响x86平台下的Linux kernel 2.2.x, 2.4.20以及更低版本, 2.5.x.
漏洞公告
临时解决方法: 如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
* 禁止不可信用户登录系统. 厂商补丁: Linux ----- Linus Torvalds 已经发布了升级补丁以修复这个安全问题:
# The following is the BitKeeper ChangeSet Log
# --------------------------------------------
# 02/11/14 [email protected] 1.848
# Fix impressive call gate misuse DoS reported on bugtraq.
# --------------------------------------------
# 02/11/14 [email protected] 1.849
# Duh. Fix the other lcall entry point too.
# --------------------------------------------
#
diff -Nru a/arch/i386/kernel/entry.S b/arch/i386/kernel/entry.S
--- a/arch/i386/kernel/entry.S Thu Nov 14 09:59:08 2002
+++ b/arch/i386/kernel/entry.S Thu Nov 14 09:59:08 2002
@@ -66,7 +66,9 @@
OLDSS = 0x38
CF_MASK = 0x00000001
+TF_MASK = 0x00000100
IF_MASK = 0x00000200
+DF_MASK = 0x00000400
NT_MASK = 0x00004000
VM_MASK = 0x00020000
@@ -134,6 +136,17 @@
movl %eax,EFLAGS(%esp) #
movl %edx,EIP(%esp) # Now we move them to their "normal" places
movl %ecx,CS(%esp) #
+
+ #
+ # Call gates don't clear TF and NT in eflags like
+ # traps do, so we need to do it ourselves.
+ # %eax already contains eflags (but it may have
+ # DF set, clear that also)
+ #
+ andl $~(DF_MASK | TF_MASK | NT_MASK),%eax
+ pushl %eax
+ popfl
+
movl %esp, %ebx
pushl %ebx
andl $-8192, %ebx # GET_THREAD_INFO
@@ -156,6 +169,17 @@
movl %eax,EFLAGS(%esp) #
movl %edx,EIP(%esp) # Now we move them to their "normal" places
movl %ecx,CS(%esp) #
+
+ #
+ # Call gates don't clear TF and NT in eflags like
+ # traps do, so we need to do it ourselves.
+ # %eax already contains eflags (but it may have
+ # DF set, clear that also)
+ #
+ andl $~(DF_MASK | TF_MASK | NT_MASK),%eax
+ pushl %eax
+ popfl
+
movl %esp, %ebx
pushl %ebx
andl $-8192, %ebx # GET_THREAD_INFO RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2002:264-05)以及相应补丁:
RHSA-2002:264-05:New kernel 2.2 packages fix local denial of service issue
链接:https://www.redhat.com/support/errata/RHSA-2002-264.HTML
补丁下载:
Red Hat Linux 6.2:
SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/kernel-2.2.22-6.2.3.src.rpm
i386:
ftp://updates.redhat.com/6.2/en/os/i386/kernel-smp-2.2.22-6.2.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-2.2.22-6.2.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-BOOT-2.2.22-6.2.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-ibcs-2.2.22-6.2.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-utils-2.2.22-6.2.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-pcmcia-cs-2.2.22-6.2.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-doc-2.2.22-6.2.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-headers-2.2.22-6.2.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-source-2.2.22-6.2.3.i386.rpm
i586:
ftp://updates.redhat.com/6.2/en/os/i586/kernel-smp-2.2.22-6.2.3.i586.rpm
ftp://updates.redhat.com/6.2/en/os/i586/kernel-2.2.22-6.2.3.i586.rpm
i686:
ftp://updates.redhat.com/6.2/en/os/i686/kernel-enterprise-2.2.22-6.2.3.i686.rpm
ftp://updates.redhat.com/6.2/en/os/i686/kernel-smp-2.2.22-6.2.3.i686.rpm
ftp://updates.redhat.com/6.2/en/os/i686/kernel-2.2.22-6.2.3.i686.rpm
Red Hat Linux 7.0:
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/kernel-2.2.22-7.0.3.src.rpm
i386:
ftp://updates.redhat.com/7.0/en/os/i386/kernel-smp-2.2.22-7.0.3.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/kernel-2.2.22-7.0.3.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/kernel-BOOT-2.2.22-7.0.3.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/kernel-ibcs-2.2.22-7.0.3.i386.rpm
参考网址
来源: BID 名称: 6115 链接:http://www.securityfocus.com/bid/6115 来源: REDHAT 名称: RHSA-2002:262 链接:http://rhn.redhat.com/errata/RHSA-2002-262.HTML 来源: BUGTRAQ 名称: 20021111 i386 Linux kernel DoS 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103714004623587&w=2 来源: XF 名称: linux-kernel-tf-dos(10576) 链接:http://xforce.iss.net/xforce/xfdb/10576 来源: REDHAT 名称: RHSA-2002:263 链接:http://www.redhat.com/support/errata/RHSA-2002-263.HTML 来源: REDHAT 名称: RHSA-2002:264 链接:http://rhn.redhat.com/errata/RHSA-2002-264.HTML 来源: BUGTRAQ 名称: 20021114 Re: i386 Linux kernel DoS 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103737292709297&w=2 来源: CONECTIVA 名称: CLA-2002:553 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000553
受影响实体
- Linux Linux_kernel:2.4.7
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论