首页 -> 安全研究
安全研究
安全漏洞
Linux Kernel 系统调用TF/NT标记本地拒绝服务攻击漏洞
发布日期:2002-11-06
更新日期:2002-11-12
受影响系统:
Linux kernel 2.4.9描述:
Linux kernel 2.4.8
Linux kernel 2.4.7
Linux kernel 2.4.6
Linux kernel 2.4.5
Linux kernel 2.4.4
Linux kernel 2.4.3
Linux kernel 2.4.2
Linux kernel 2.4.17
Linux kernel 2.4.16
Linux kernel 2.4.15
Linux kernel 2.4.14
Linux kernel 2.4.13
Linux kernel 2.4.12
Linux kernel 2.4.11
Linux kernel 2.4.10
Linux kernel 2.4.1
Linux kernel 2.2.21
Linux kernel 2.2.20
Linux kernel 2.2.19
Linux kernel 2.2.18
Linux kernel 2.2.17
Linux kernel 2.2.16
Linux kernel 2.2.15
Linux kernel 2.2.14
Linux kernel 2.2.13
Linux kernel 2.4.18
- Debian Linux 3.0 i386
- Debian Linux 3.0 sparc
- Debian Linux 3.0 alpha
- Debian Linux 3.0 IA-32
- Debian Linux 3.0 arm
- Debian Linux 3.0 powerpc
- Debian Linux 3.0 68k
- Mandrake Linux 8.2
- Mandrake Linux 8.1
- RedHat Linux 8.0
- RedHat Linux 7.3
- Slackware Linux 8.1
BUGTRAQ ID: 6115
CVE(CAN) ID: CVE-2002-1319
Linux Kernel是开放源代码的Linux内核系统。
Linux内核不正确处理系统调用的TF/NT标记,本地攻击者利用这个漏洞可以进行拒绝服务攻击。
Linux内核在处理lcall调用时会仿真一个陷阱/中断门. 真正的陷阱/中断门会在进入内核之前清除EFLAGS中的TF和NT标记, 然而Linux内核的仿真代码在实现上没有做这一步处理. 如果本地攻击者在调用lcall之前有意设置了TF或NT标志, 就会导致内核错误地根据EFLAGS进行处理, 这将造成内核崩溃, 系统可能挂起或重启.
这个漏洞影响x86平台下的Linux kernel 2.2.x, 2.4.20以及更低版本, 2.5.x.
<*来源:Georgi Guninski (guninski@guninski.com)
Christophe Devine (devine@iie.cnam.fr)
链接:http://www.guninski.com/php1.html
http://marc.theaimsgroup.com/?l=bugtraq&m=103721681629765&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=103737292709297&w=2
https://www.redhat.com/support/errata/RHSA-2002-264.html
http://www.trustix.net/errata/misc/2002/TSL-2002-0077-kernel.asc.txt
https://www.redhat.com/support/errata/RHSA-2002-262.html
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 禁止不可信用户登录系统.
厂商补丁:
Linux
-----
Linus Torvalds 已经发布了升级补丁以修复这个安全问题:
# The following is the BitKeeper ChangeSet Log
# --------------------------------------------
# 02/11/14 torvalds@home.transmeta.com 1.848
# Fix impressive call gate misuse DoS reported on bugtraq.
# --------------------------------------------
# 02/11/14 torvalds@home.transmeta.com 1.849
# Duh. Fix the other lcall entry point too.
# --------------------------------------------
#
diff -Nru a/arch/i386/kernel/entry.S b/arch/i386/kernel/entry.S
--- a/arch/i386/kernel/entry.S Thu Nov 14 09:59:08 2002
+++ b/arch/i386/kernel/entry.S Thu Nov 14 09:59:08 2002
@@ -66,7 +66,9 @@
OLDSS = 0x38
CF_MASK = 0x00000001
+TF_MASK = 0x00000100
IF_MASK = 0x00000200
+DF_MASK = 0x00000400
NT_MASK = 0x00004000
VM_MASK = 0x00020000
@@ -134,6 +136,17 @@
movl %eax,EFLAGS(%esp) #
movl %edx,EIP(%esp) # Now we move them to their "normal" places
movl %ecx,CS(%esp) #
+
+ #
+ # Call gates don't clear TF and NT in eflags like
+ # traps do, so we need to do it ourselves.
+ # %eax already contains eflags (but it may have
+ # DF set, clear that also)
+ #
+ andl $~(DF_MASK | TF_MASK | NT_MASK),%eax
+ pushl %eax
+ popfl
+
movl %esp, %ebx
pushl %ebx
andl $-8192, %ebx # GET_THREAD_INFO
@@ -156,6 +169,17 @@
movl %eax,EFLAGS(%esp) #
movl %edx,EIP(%esp) # Now we move them to their "normal" places
movl %ecx,CS(%esp) #
+
+ #
+ # Call gates don't clear TF and NT in eflags like
+ # traps do, so we need to do it ourselves.
+ # %eax already contains eflags (but it may have
+ # DF set, clear that also)
+ #
+ andl $~(DF_MASK | TF_MASK | NT_MASK),%eax
+ pushl %eax
+ popfl
+
movl %esp, %ebx
pushl %ebx
andl $-8192, %ebx # GET_THREAD_INFO
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2002:264-05)以及相应补丁:
RHSA-2002:264-05:New kernel 2.2 packages fix local denial of service issue
链接:https://www.redhat.com/support/errata/RHSA-2002-264.html
补丁下载:
Red Hat Linux 6.2:
SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/kernel-2.2.22-6.2.3.src.rpm
i386:
ftp://updates.redhat.com/6.2/en/os/i386/kernel-smp-2.2.22-6.2.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-2.2.22-6.2.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-BOOT-2.2.22-6.2.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-ibcs-2.2.22-6.2.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-utils-2.2.22-6.2.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-pcmcia-cs-2.2.22-6.2.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-doc-2.2.22-6.2.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-headers-2.2.22-6.2.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-source-2.2.22-6.2.3.i386.rpm
i586:
ftp://updates.redhat.com/6.2/en/os/i586/kernel-smp-2.2.22-6.2.3.i586.rpm
ftp://updates.redhat.com/6.2/en/os/i586/kernel-2.2.22-6.2.3.i586.rpm
i686:
ftp://updates.redhat.com/6.2/en/os/i686/kernel-enterprise-2.2.22-6.2.3.i686.rpm
ftp://updates.redhat.com/6.2/en/os/i686/kernel-smp-2.2.22-6.2.3.i686.rpm
ftp://updates.redhat.com/6.2/en/os/i686/kernel-2.2.22-6.2.3.i686.rpm
Red Hat Linux 7.0:
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/kernel-2.2.22-7.0.3.src.rpm
i386:
ftp://updates.redhat.com/7.0/en/os/i386/kernel-smp-2.2.22-7.0.3.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/kernel-2.2.22-7.0.3.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/kernel-BOOT-2.2.22-7.0.3.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/kernel-ibcs-2.2.22-7.0.3.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/kernel-utils-2.2.22-7.0.3.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/kernel-pcmcia-cs-2.2.22-7.0.3.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/kernel-doc-2.2.22-7.0.3.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/kernel-source-2.2.22-7.0.3.i386.rpm
i586:
ftp://updates.redhat.com/7.0/en/os/i586/kernel-smp-2.2.22-7.0.3.i586.rpm
ftp://updates.redhat.com/7.0/en/os/i586/kernel-2.2.22-7.0.3.i586.rpm
i686:
ftp://updates.redhat.com/7.0/en/os/i686/kernel-enterprise-2.2.22-7.0.3.i686.rpm
ftp://updates.redhat.com/7.0/en/os/i686/kernel-smp-2.2.22-7.0.3.i686.rpm
ftp://updates.redhat.com/7.0/en/os/i686/kernel-2.2.22-7.0.3.i686.rpm
RedHat已经为此发布了一个安全公告(RHSA-2002:262-07)以及相应补丁:
RHSA-2002:262-07:New kernel fixes local denial of service issue
链接:https://www.redhat.com/support/errata/RHSA-2002-262.html
补丁下载:
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/kernel-2.4.18-18.7.x.src.rpm
athlon:
ftp://updates.redhat.com/7.1/en/os/athlon/kernel-2.4.18-18.7.x.athlon.rpm
ftp://updates.redhat.com/7.1/en/os/athlon/kernel-smp-2.4.18-18.7.x.athlon.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.18-18.7.x.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.18-18.7.x.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.18-18.7.x.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.18-18.7.x.i386.rpm
i586:
ftp://updates.redhat.com/7.1/en/os/i586/kernel-2.4.18-18.7.x.i586.rpm
ftp://updates.redhat.com/7.1/en/os/i586/kernel-smp-2.4.18-18.7.x.i586.rpm
i686:
ftp://updates.redhat.com/7.1/en/os/i686/kernel-2.4.18-18.7.x.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-smp-2.4.18-18.7.x.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-bigmem-2.4.18-18.7.x.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-debug-2.4.18-18.7.x.i686.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/kernel-2.4.18-18.7.x.src.rpm
athlon:
ftp://updates.redhat.com/7.2/en/os/athlon/kernel-2.4.18-18.7.x.athlon.rpm
ftp://updates.redhat.com/7.2/en/os/athlon/kernel-smp-2.4.18-18.7.x.athlon.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/kernel-2.4.18-18.7.x.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-source-2.4.18-18.7.x.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-doc-2.4.18-18.7.x.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-BOOT-2.4.18-18.7.x.i386.rpm
i586:
ftp://updates.redhat.com/7.2/en/os/i586/kernel-2.4.18-18.7.x.i586.rpm
ftp://updates.redhat.com/7.2/en/os/i586/kernel-smp-2.4.18-18.7.x.i586.rpm
i686:
ftp://updates.redhat.com/7.2/en/os/i686/kernel-2.4.18-18.7.x.i686.rpm
ftp://updates.redhat.com/7.2/en/os/i686/kernel-smp-2.4.18-18.7.x.i686.rpm
ftp://updates.redhat.com/7.2/en/os/i686/kernel-bigmem-2.4.18-18.7.x.i686.rpm
ftp://updates.redhat.com/7.2/en/os/i686/kernel-debug-2.4.18-18.7.x.i686.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/kernel-2.4.18-18.7.x.src.rpm
athlon:
ftp://updates.redhat.com/7.3/en/os/athlon/kernel-2.4.18-18.7.x.athlon.rpm
ftp://updates.redhat.com/7.3/en/os/athlon/kernel-smp-2.4.18-18.7.x.athlon.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/kernel-2.4.18-18.7.x.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-source-2.4.18-18.7.x.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-doc-2.4.18-18.7.x.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-BOOT-2.4.18-18.7.x.i386.rpm
i586:
ftp://updates.redhat.com/7.3/en/os/i586/kernel-2.4.18-18.7.x.i586.rpm
ftp://updates.redhat.com/7.3/en/os/i586/kernel-smp-2.4.18-18.7.x.i586.rpm
i686:
ftp://updates.redhat.com/7.3/en/os/i686/kernel-2.4.18-18.7.x.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-smp-2.4.18-18.7.x.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-bigmem-2.4.18-18.7.x.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-debug-2.4.18-18.7.x.i686.rpm
Red Hat Linux 8.0:
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/kernel-2.4.18-18.8.0.src.rpm
athlon:
ftp://updates.redhat.com/8.0/en/os/athlon/kernel-2.4.18-18.8.0.athlon.rpm
ftp://updates.redhat.com/8.0/en/os/athlon/kernel-smp-2.4.18-18.8.0.athlon.rpm
i386:
ftp://updates.redhat.com/8.0/en/os/i386/kernel-2.4.18-18.8.0.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-source-2.4.18-18.8.0.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-doc-2.4.18-18.8.0.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-BOOT-2.4.18-18.8.0.i386.rpm
i586:
ftp://updates.redhat.com/8.0/en/os/i586/kernel-2.4.18-18.8.0.i586.rpm
ftp://updates.redhat.com/8.0/en/os/i586/kernel-smp-2.4.18-18.8.0.i586.rpm
i686:
ftp://updates.redhat.com/8.0/en/os/i686/kernel-2.4.18-18.8.0.i686.rpm
ftp://updates.redhat.com/8.0/en/os/i686/kernel-smp-2.4.18-18.8.0.i686.rpm
ftp://updates.redhat.com/8.0/en/os/i686/kernel-bigmem-2.4.18-18.8.0.i686.rpm
ftp://updates.redhat.com/8.0/en/os/i686/kernel-debug-2.4.18-18.8.0.i686.rpm
ftp://updates.redhat.com/8.0/en/os/i686/kernel-uml-2.4.18-18.8.0.i686.rpm
可使用下列命令安装补丁:
rpm -Fvh [文件名]
Trustix
-------
Trustix已经为此发布了一个安全公告(TSLSA-2002-0077)以及相应补丁:
TSLSA-2002-0077:kernel
链接:http://www.trustix.net/errata/misc/2002/TSL-2002-0077-kernel.asc.txt
补丁下载:
http://www.trustix.net/pub/Trustix/updates/
浏览次数:3478
严重程度:0(网友投票)
绿盟科技给您安全的保障