NSFOCUS绿盟科技

首页 -> 安全研究

安全研究

安全漏洞

Linux Kernel LSM ReadV/WriteV绕过安全限制提升权限漏洞

发布日期：2006-05-25
更新日期：2006-05-25

受影响系统：

Linux kernel <= 2.6.16.11
RedHat Linux WS 4
RedHat Linux ES 4
RedHat Linux Desktop 4
RedHat Linux AS 4

不受影响系统：

Linux kernel 2.6.16.12

描述：

BUGTRAQ  ID: 18105
CVE(CAN) ID: CVE-2006-1856

Linux Kernel是开放源码操作系统Linux所使用的内核。

Linux Kernel没有对readv和writev函数添加适当的Linux安全模块（LSM）中的用于检查文件访问权限的file_permission钩子，允许攻击者绕过预期的访问限制造成权限提升。

<*来源：Kostik Belousov （kostikbel@gmail.com）

  链接：http://lists.jammed.com/linux-security-module/2005/09/0019.html
        http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.12
        http://lwn.net/Alerts/184913/?format=printable
*>

建议：

厂商补丁：

Linux
-----
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.16.12.tar.bz2

RedHat
------
RedHat已经为此发布了一个安全公告（RHSA-2006:0493-01）以及相应补丁:
RHSA-2006:0493-01：Important: kernel security update
链接：http://lwn.net/Alerts/184913/?format=printable

补丁下载：

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kerne...
d43492e556689a0607d7bafd927024b7  kernel-2.6.9-34.0.1.EL.src.rpm

i386:
34813080d97fdd6f647fd7d4f809c7fc  kernel-2.6.9-34.0.1.EL.i686.rpm
c7518db018da32cf470378154154687d  kernel-debuginfo-2.6.9-34.0.1.EL.i686.rpm
e78b9ccc0c954cff7cb40e6f02b24674  kernel-devel-2.6.9-34.0.1.EL.i686.rpm
3c00e3363ab92e43224a3017fb7bb4a3  kernel-hugemem-2.6.9-34.0.1.EL.i686.rpm
861c261dc99531fecc8b90a579e3d406  kernel-hugemem-devel-2.6.9-34.0.1.EL.i686.rpm
ac1a65bd4766603619c7871c8454312d  kernel-smp-2.6.9-34.0.1.EL.i686.rpm
20bb2e56287af558784e341a22ecc899  kernel-smp-devel-2.6.9-34.0.1.EL.i686.rpm

ia64:
bb16d7851570a9973acc285b1c10d4c5  kernel-2.6.9-34.0.1.EL.ia64.rpm
b09b0d137ec1fe6f4362c3a278b4181e  kernel-debuginfo-2.6.9-34.0.1.EL.ia64.rpm
20207fbb33c783bad9de5c2d8d8b9a07  kernel-devel-2.6.9-34.0.1.EL.ia64.rpm
3a4a43172ab8119ffcec9a28abce6a69  kernel-largesmp-2.6.9-34.0.1.EL.ia64.rpm
58810e499bf182b64a4a11b2391e04b3  kernel-largesmp-devel-2.6.9-34.0.1.EL.ia64.rpm

noarch:
4969d66062c65e2f969a5b23f3d038fb  kernel-doc-2.6.9-34.0.1.EL.noarch.rpm

ppc:
50f16a3bc3db576300e8ed39b7e58696  kernel-2.6.9-34.0.1.EL.ppc64.rpm
40f0c5f7d16d02e70f7058572c59829d  kernel-2.6.9-34.0.1.EL.ppc64iseries.rpm
9c189ac2cd58ae5db8c6bc98858cf411  kernel-debuginfo-2.6.9-34.0.1.EL.ppc64.rpm
ed5ae1b541ca2147b6acfda916fb0524  kernel-debuginfo-2.6.9-34.0.1.EL.ppc64iseries.rpm
80b022ce31c0fd4fe94742f36e528d75  kernel-devel-2.6.9-34.0.1.EL.ppc64.rpm
65479dc320135ebefacb42c27ded8277  kernel-devel-2.6.9-34.0.1.EL.ppc64iseries.rpm
1e22096056638a03e4c473a0d0158268  kernel-largesmp-2.6.9-34.0.1.EL.ppc64.rpm
224188bba442a6b6109689afb7bba903  kernel-largesmp-devel-2.6.9-34.0.1.EL.ppc64.rpm

s390:
8ddc9750a621e3ea4142d1adfd06a5c5  kernel-2.6.9-34.0.1.EL.s390.rpm
390b94a99981c86375e2b5d7bc2d6084  kernel-debuginfo-2.6.9-34.0.1.EL.s390.rpm
ba2a9b707ce91af1e7ae817b726ed6c5  kernel-devel-2.6.9-34.0.1.EL.s390.rpm

s390x:
4bf39050d27a794cc1df5b3eb916484a  kernel-2.6.9-34.0.1.EL.s390x.rpm
ee55f330c834a2fd38f31759caec18e0  kernel-debuginfo-2.6.9-34.0.1.EL.s390x.rpm
e959fb20625849eccbd399958265fe84  kernel-devel-2.6.9-34.0.1.EL.s390x.rpm

x86_64:
055f1e2e0ec115d813792811018da5e6  kernel-2.6.9-34.0.1.EL.x86_64.rpm
2fe393eb2dea769a7c673658b85d3166  kernel-debuginfo-2.6.9-34.0.1.EL.x86_64.rpm
ab2acc3e78f549776c01be84b8aae710  kernel-devel-2.6.9-34.0.1.EL.x86_64.rpm
4c09ae42fe85e7fa0699cde07b163802  kernel-largesmp-2.6.9-34.0.1.EL.x86_64.rpm
3bb0bc6a400c3bd7faebe3070402f356  kernel-largesmp-devel-2.6.9-34.0.1.EL.x86_64.rpm
f11147d14d9f88a9760aa67af12d7d6c  kernel-smp-2.6.9-34.0.1.EL.x86_64.rpm
c411c259c433dd3fe50222a5a3ebc472  kernel-smp-devel-2.6.9-34.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/...
d43492e556689a0607d7bafd927024b7  kernel-2.6.9-34.0.1.EL.src.rpm

i386:
34813080d97fdd6f647fd7d4f809c7fc  kernel-2.6.9-34.0.1.EL.i686.rpm
c7518db018da32cf470378154154687d  kernel-debuginfo-2.6.9-34.0.1.EL.i686.rpm
e78b9ccc0c954cff7cb40e6f02b24674  kernel-devel-2.6.9-34.0.1.EL.i686.rpm
3c00e3363ab92e43224a3017fb7bb4a3  kernel-hugemem-2.6.9-34.0.1.EL.i686.rpm
861c261dc99531fecc8b90a579e3d406  kernel-hugemem-devel-2.6.9-34.0.1.EL.i686.rpm
ac1a65bd4766603619c7871c8454312d  kernel-smp-2.6.9-34.0.1.EL.i686.rpm
20bb2e56287af558784e341a22ecc899  kernel-smp-devel-2.6.9-34.0.1.EL.i686.rpm

ia64:
bb16d7851570a9973acc285b1c10d4c5  kernel-2.6.9-34.0.1.EL.ia64.rpm
b09b0d137ec1fe6f4362c3a278b4181e  kernel-debuginfo-2.6.9-34.0.1.EL.ia64.rpm
20207fbb33c783bad9de5c2d8d8b9a07  kernel-devel-2.6.9-34.0.1.EL.ia64.rpm
3a4a43172ab8119ffcec9a28abce6a69  kernel-largesmp-2.6.9-34.0.1.EL.ia64.rpm
58810e499bf182b64a4a11b2391e04b3  kernel-largesmp-devel-2.6.9-34.0.1.EL.ia64.rpm

noarch:
4969d66062c65e2f969a5b23f3d038fb  kernel-doc-2.6.9-34.0.1.EL.noarch.rpm

x86_64:
055f1e2e0ec115d813792811018da5e6  kernel-2.6.9-34.0.1.EL.x86_64.rpm
2fe393eb2dea769a7c673658b85d3166  kernel-debuginfo-2.6.9-34.0.1.EL.x86_64.rpm
ab2acc3e78f549776c01be84b8aae710  kernel-devel-2.6.9-34.0.1.EL.x86_64.rpm
4c09ae42fe85e7fa0699cde07b163802  kernel-largesmp-2.6.9-34.0.1.EL.x86_64.rpm
3bb0bc6a400c3bd7faebe3070402f356  kernel-largesmp-devel-2.6.9-34.0.1.EL.x86_64.rpm
f11147d14d9f88a9760aa67af12d7d6c  kernel-smp-2.6.9-34.0.1.EL.x86_64.rpm
c411c259c433dd3fe50222a5a3ebc472  kernel-smp-devel-2.6.9-34.0.1.EL.x86_64.rpm

可使用下列命令安装补丁：

rpm -Fvh [文件名]

浏览次数：3996
严重程度：0（网友投票）

关于我们: 公司介绍; 公司荣誉; 公司新闻

联系我们: 公司总部; 分支机构; 海外机构

快速链接: 绿盟云; 绿盟威胁情报中心NTI; 技术博客