CVE-2001-0316
CVSS4.6
发布时间 :2001-05-03 00:00:00
修订时间 :2008-09-10 15:07:44
NMCOE    

[原文]Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call.


[CNNVD]Linux sysctl()核内存读取漏洞(CNNVD-200105-081)

        Linux kernel 2.4和2.2版本存在漏洞。本地用户借助sysctl调用的负参数读取核内存以及可能提升特权。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.2.0Linux Kernel 2.2
cpe:/o:linux:linux_kernel:2.4.0Linux Kernel 2.4.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0316
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0316
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200105-081
(官方数据源) CNNVD

- 其它链接及资源

http://www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt
(VENDOR_ADVISORY)  CALDERA  CSSA-2001-009
http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html
(VENDOR_ADVISORY)  BUGTRAQ  20010213 Trustix Security Advisory - proftpd, kernel
http://xforce.iss.net/xforce/xfdb/6079
(UNKNOWN)  XF  linux-sysctl-read-memory(6079)
http://www.securityfocus.com/bid/2364
(UNKNOWN)  BID  2364
http://www.redhat.com/support/errata/RHSA-2001-013.html
(UNKNOWN)  REDHAT  RHSA-2001:013
http://www.osvdb.org/6017
(UNKNOWN)  OSVDB  6017

- 漏洞信息

Linux sysctl()核内存读取漏洞
中危 边界条件错误
2001-05-03 00:00:00 2005-05-02 00:00:00
本地  
        Linux kernel 2.4和2.2版本存在漏洞。本地用户借助sysctl调用的负参数读取核内存以及可能提升特权。

- 公告与补丁

        Upgrades available.
        This kernel module was provided by Stephen White .
        /* Stephen White 10/2/2001
         swhite@ox.compsoc.net
        sysctl_fix.c, compile:
         gcc -Wall -DMODULE -D__KERNEL__ -c sysctl_fix.c
        (on Redhat/UltraSparc with
        sparc64-linux-gcc -m64 -mno-fpu -mcmodel=medlow -mcpu=ultrasparc
        -ffixed-g4 -fcall-used-g5 -fcall-used-g7 -Wall -DMODULE -D__KERNEL__
        -c sysctl_fix.c )
        Prevent sysctl exploit discovered by Chris Evans by properly validating
        input against negative numbers,
        */
        #include
        #include
        #include
        #include
        #include
        #include
        #include
        #include
        #include
        #include
        #include
        extern void *sys_call_table[];
        int (*old_sysctl)(struct __sysctl_args *args);
        asmlinkage int validate_sysctl(struct __sysctl_args *args)
        {
        struct __sysctl_args tmp;
        if(copy_from_user(&tmp, args, sizeof(tmp)))
        return -EFAULT;
        if (tmp.nlen < 0) goto bad;
        if (tmp.oldval) {
        int old_len;
        if (copy_from_user(&old_len, tmp.oldlenp, sizeof(old_len)))
         return -EFAULT;
        if (old_len < 0) goto bad;
        }
        if (tmp.newval)
        if (tmp.newlen < 0) goto bad;
        return (*old_sysctl)(args);
        bad:
        printk("sysctl: arguments failed sanity check for user %i\n",current->uid);
        return -EINVAL;
        }
        int init_module()
        {
         old_sysctl = sys_call_table[__NR__sysctl];
         sys_call_table[__NR__sysctl] = validate_sysctl;
        return 0;
        }
        void cleanup_module()
        {
         sys_call_table[__NR__sysctl] = old_sysctl;
        }
        RedHat kernel-doc-2.2.16-22.i386.rpm
        
        RedHat kernel-smp-2.2.16-22.i386.rpm
        
        RedHat kernel-source-2.2.16-22.i386.rpm
        
        RedHat kernel-2.2.16-22.i686.rpm
        
        RedHat kernel-2.2.16-22.i586.rpm
        
        RedHat kernel-utils-2.2.16-22.i386.rpm
        
        RedHat kernel-enterprise-2.2.16-22.i686.rpm
        
        RedHat kernel-smp-2.2.16-22.i586.rpm
        
        RedHat kernel-2.2.16-22.i386.rpm
        
        RedHat kernel-pcmcia-cs-2.2.16-22.i386.rpm
        
        RedHat kernel-ibcs-2.2.16-22.i386.rpm
        
        RedHat kernel-BOOT-2.2.16-22.i386.rpm
        
        RedHat kernel-smp-2.2.16-22.i686.rpm
        
        Linux kernel 2.2.18
        

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站