CVE-2001-1384
CVSS7.2
发布时间 :2001-10-18 00:00:00
修订时间 :2016-10-17 22:14:49
NMCOES    

[原文]ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows local users to gain root privileges by running ptrace on a setuid or setgid program that itself calls an unprivileged program, such as newgrp.


[CNNVD]Linux Ptrace/Setuid Exec漏洞(CNNVD-200110-072)

        Linux 2.2.x至2.2.19,和2.4.x至2.4.9版本中ptrace存在漏洞。本地用户通过在setuid或者setgid程序中运行ptrace提升根特权,setgid程序调用无特权的程序,比如newgrp。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.2.10Linux Kernel 2.2.10
cpe:/o:linux:linux_kernel:2.2.11Linux Kernel 2.2.11
cpe:/o:linux:linux_kernel:2.2.3Linux Kernel 2.2.3
cpe:/o:linux:linux_kernel:2.2.12Linux Kernel 2.2.12
cpe:/o:linux:linux_kernel:2.2.2Linux Kernel 2.2.2
cpe:/o:linux:linux_kernel:2.2.17Linux Kernel 2.2.17
cpe:/o:linux:linux_kernel:2.2.18Linux Kernel 2.2.18
cpe:/o:linux:linux_kernel:2.2.7Linux Kernel 2.2.7
cpe:/o:linux:linux_kernel:2.2.6Linux Kernel 2.2.6
cpe:/o:linux:linux_kernel:2.2.1Linux Kernel 2.2.1
cpe:/o:linux:linux_kernel:2.2.13Linux Kernel 2.2.13
cpe:/o:linux:linux_kernel:2.4.10Linux Kernel 2.4.10
cpe:/o:linux:linux_kernel:2.2.0Linux Kernel 2.2
cpe:/o:linux:linux_kernel:2.2.14Linux Kernel 2.2.14
cpe:/o:linux:linux_kernel:2.2.5Linux Kernel 2.2.5
cpe:/o:linux:linux_kernel:2.4.3Linux Kernel 2.4.3
cpe:/o:linux:linux_kernel:2.2.4Linux Kernel 2.2.4
cpe:/o:linux:linux_kernel:2.4.2Linux Kernel 2.4.2
cpe:/o:linux:linux_kernel:2.2.15Linux Kernel 2.2.15
cpe:/o:linux:linux_kernel:2.2.16Linux Kernel 2.2.16
cpe:/o:linux:linux_kernel:2.2.19Linux Kernel 2.2.19
cpe:/o:linux:linux_kernel:2.4.9Linux Kernel 2.4.9
cpe:/o:linux:linux_kernel:2.4.8Linux Kernel 2.4.8
cpe:/o:linux:linux_kernel:2.2.9Linux Kernel 2.2.9
cpe:/o:linux:linux_kernel:2.4.7Linux Kernel 2.4.7
cpe:/o:linux:linux_kernel:2.2.8Linux Kernel 2.2.8

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1384
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1384
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200110-072
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-036.0.txt
(UNKNOWN)  CALDERA  CSSA-2001-036.0
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-035-01
(UNKNOWN)  IMMUNIX  IMNX-2001-70-035-01
http://marc.info/?l=bugtraq&m=100343090106914&w=2
(UNKNOWN)  BUGTRAQ  20011018 Flaws in recent Linux kernels
http://marc.info/?l=bugtraq&m=100350685431610&w=2
(UNKNOWN)  BUGTRAQ  20011019 TSLSA-2001-0028
http://online.securityfocus.com/advisories/3713
(UNKNOWN)  HP  HPSBTL0112-003
http://www.iss.net/security_center/static/7311.php
(VENDOR_ADVISORY)  XF  linux-ptrace-race-condition(7311)
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-079.php3
(UNKNOWN)  MANDRAKE  MDKSA-2001:079
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3
(UNKNOWN)  MANDRAKE  MDKSA-2001:082
http://www.linuxsecurity.com/advisories/other_advisory-1650.html
(VENDOR_ADVISORY)  ENGARDE  ESA-20011019-02
http://www.novell.com/linux/security/advisories/2001_036_kernel_txt.html
(UNKNOWN)  SUSE  SuSE-SA:2001:036
http://www.redhat.com/support/errata/RHSA-2001-129.html
(UNKNOWN)  REDHAT  RHSA-2001:129
http://www.redhat.com/support/errata/RHSA-2001-130.html
(UNKNOWN)  REDHAT  RHSA-2001:130
http://www.securityfocus.com/bid/3447
(UNKNOWN)  BID  3447

- 漏洞信息

Linux Ptrace/Setuid Exec漏洞
高危 设计错误
2001-10-18 00:00:00 2005-10-20 00:00:00
本地  
        Linux 2.2.x至2.2.19,和2.4.x至2.4.9版本中ptrace存在漏洞。本地用户通过在setuid或者setgid程序中运行ptrace提升根特权,setgid程序调用无特权的程序,比如newgrp。

- 公告与补丁

        An unofficial kernel patch has been made available by Nergal.
        Upgrades are also available from a number of vendors.
        RedHat kernel-source-2.4.7-10.i386.rpm
        
        RedHat kernel-headers-2.4.7-10.i386.rpm
        
        RedHat kernel-2.4.7-10.i386.rpm
        
        RedHat kernel-2.4.7-10.i686.rpm
        
        RedHat kernel-BOOT-2.4.7-10.i386.rpm
        
        RedHat kernel-doc-2.4.7-10.i386.rpm
        
        Linux kernel 2.2.10
        
        Linux kernel 2.2.14
        

- 漏洞信息 (21124)

Linux Kernel 2.2/2.4 Ptrace/Setuid Exec Vulnerability (EDBID:21124)
linux local
2001-10-18 Verified
0 Rafal Wojtczuk
N/A [点击下载]
source: http://www.securityfocus.com/bid/3447/info

Linux contains a vulnerability in it's exec() implementation that may allow for modification of setuid process memory via ptrace(). The vulnerability is due to the fact that it is possible for a traced process to exec() a setuid image if the tracing process is setuid.

Attackers can exploit this to elevate privileges.

Note: There are currently conflicting reports about the exploitability of this vulnerability.

http://www.exploit-db.com/sploits/21124.tgz		

- 漏洞信息

12014
Linux Kernel ptrace Race Local Privilege Escalation
Local Access Required Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

- 时间线

2001-10-18 Unknow
2001-10-18 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux Ptrace/Setuid Exec Vulnerability
Design Error 3447
No Yes
2001-10-18 12:00:00 2009-07-11 09:06:00
Reported to Bugtraq by Rafal Wojtczuk <nergal@7bulls.com> on October 18, 2001.

- 受影响的程序版本

RedHat kernel-source-2.4.7-10.i386.rpm
+ RedHat Linux 7.2
RedHat kernel-headers-2.4.7-10.i386.rpm
+ RedHat Linux 7.2
RedHat kernel-doc-2.4.7-10.i386.rpm
+ RedHat Linux 7.2
RedHat kernel-BOOT-2.4.7-10.i386.rpm
+ RedHat Linux 7.2
RedHat kernel-2.4.7-10.i686.rpm
+ RedHat Linux 7.2
RedHat kernel-2.4.7-10.i386.rpm
+ RedHat Linux 7.2
Linux kernel 2.4.10
+ S.u.S.E. Linux 7.3
Linux kernel 2.4.9
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0
Linux kernel 2.4.8
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.7
+ RedHat Linux 7.2
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
Linux kernel 2.4.3
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.2
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
Linux kernel 2.2.19
+ EnGarde Secure Linux 1.0.1
+ Immunix Immunix OS 7+
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 6.4
+ S.u.S.E. Linux 6.3
+ Trustix Secure Linux 1.5
Linux kernel 2.2.18
+ Caldera OpenLinux 2.4
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux 4.2
+ Conectiva Linux 4.1
+ Conectiva Linux 4.0 es
+ Conectiva Linux 4.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ Mandriva Linux Mandrake 7.0
+ Mandriva Linux Mandrake 6.1
+ Mandriva Linux Mandrake 6.0
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.1 sparc
+ RedHat Linux 6.1 i386
+ RedHat Linux 6.1 alpha
+ RedHat Linux 6.0 sparc
+ RedHat Linux 6.0 alpha
+ RedHat Linux 6.0
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4
+ S.u.S.E. Linux 6.3 ppc
+ S.u.S.E. Linux 6.3 alpha
+ S.u.S.E. Linux 6.3
+ S.u.S.E. Linux 6.1 alpha
+ S.u.S.E. Linux 6.1
+ S.u.S.E. Linux 6.0
+ SCO eDesktop 2.4
+ SCO eServer 2.3.1
+ Slackware Linux 7.1
+ Slackware Linux 7.0
+ Slackware Linux 4.0
+ Wirex Immunix OS 7.0 -Beta
+ Wirex Immunix OS 7.0
+ Wirex Immunix OS 6.2
Linux kernel 2.2.17
+ Mandriva Linux Mandrake 7.2
+ S.u.S.E. Linux 7.0
+ Trustix Secure Linux 1.2
Linux kernel 2.2.16
+ RedHat Linux 7.0
+ Sun Cobalt Qube 3
+ Sun Cobalt RaQ XTR
+ Trustix Secure Linux 1.1
Linux kernel 2.2.15
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 7.1
Linux kernel 2.2.14
+ Red Hat Linux 6.2
+ SCO eDesktop 2.4
+ SCO eServer 2.3.1
+ Sun Cobalt RaQ 4
Linux kernel 2.2.13
+ S.u.S.E. Linux 6.4
+ S.u.S.E. Linux 6.3
Linux kernel 2.2.12
Linux kernel 2.2.11
Linux kernel 2.2.10
+ Caldera OpenLinux 2.3
Linux kernel 2.2.9
Linux kernel 2.2.8
Linux kernel 2.2.7
Linux kernel 2.2.6
Linux kernel 2.2.5
Linux kernel 2.2.4
Linux kernel 2.2.3
Linux kernel 2.2.2
Linux kernel 2.2.1
Linux kernel 2.2

- 漏洞讨论

Linux contains a vulnerability in it's exec() implementation that may allow for modification of setuid process memory via ptrace(). The vulnerability is due to the fact that it is possible for a traced process to exec() a setuid image if the tracing process is setuid.

Attackers can exploit this to elevate privileges.

Note: There are currently conflicting reports about the exploitability of this vulnerability.

- 漏洞利用

CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

An exploit is available:

- 解决方案

An unofficial kernel patch has been made available by Nergal.

Upgrades are also available from a number of vendors.


RedHat kernel-source-2.4.7-10.i386.rpm

RedHat kernel-headers-2.4.7-10.i386.rpm

RedHat kernel-2.4.7-10.i386.rpm

RedHat kernel-2.4.7-10.i686.rpm

RedHat kernel-BOOT-2.4.7-10.i386.rpm

RedHat kernel-doc-2.4.7-10.i386.rpm

Linux kernel 2.2.10

Linux kernel 2.2.14

Linux kernel 2.2.15

Linux kernel 2.2.17

Linux kernel 2.2.19

Linux kernel 2.4.10

Linux kernel 2.4.2

Linux kernel 2.4.3

Linux kernel 2.4.7

Linux kernel 2.4.8

Linux kernel 2.4.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站