CVE-2002-0570
CVSS2.1
发布时间 :2002-07-03 00:00:00
修订时间 :2008-09-05 16:28:22
NMCOS    

[原文]The encrypted loop device in Linux kernel 2.4.10 and earlier does not authenticate the entity that is encrypting data, which allows local users to modify encrypted data without knowing the key.


[CNNVD]Linux加密回路系统重放攻击漏洞(CNNVD-200207-012)

        Linux内核2.4.10版本及之前版本的加密回路设备不认证加密数据的实体,本地用户无需知道密钥就可以修改加密数据。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.4.16Linux Kernel 2.4.16
cpe:/o:linux:linux_kernel:2.2.2Linux Kernel 2.2.2
cpe:/o:linux:linux_kernel:2.4.1Linux Kernel 2.4.1
cpe:/o:linux:linux_kernel:2.4.6Linux Kernel 2.4.6
cpe:/o:linux:linux_kernel:2.2.9Linux Kernel 2.2.9
cpe:/o:linux:linux_kernel:2.4.17Linux Kernel 2.4.17
cpe:/o:linux:linux_kernel:2.4.14Linux Kernel 2.4.14
cpe:/o:linux:linux_kernel:2.2.12Linux Kernel 2.2.12
cpe:/o:linux:linux_kernel:2.4.7Linux Kernel 2.4.7
cpe:/o:linux:linux_kernel:2.2.15Linux Kernel 2.2.15
cpe:/o:linux:linux_kernel:2.4.10Linux Kernel 2.4.10
cpe:/o:linux:linux_kernel:2.4.11Linux Kernel 2.4.11
cpe:/o:linux:linux_kernel:2.4.4Linux Kernel 2.4.4
cpe:/o:linux:linux_kernel:2.4.13Linux Kernel 2.4.13
cpe:/o:linux:linux_kernel:2.2.3Linux Kernel 2.2.3
cpe:/o:linux:linux_kernel:2.2.5Linux Kernel 2.2.5
cpe:/o:linux:linux_kernel:2.2.10Linux Kernel 2.2.10
cpe:/o:linux:linux_kernel:2.2.8Linux Kernel 2.2.8
cpe:/o:linux:linux_kernel:2.4.9Linux Kernel 2.4.9
cpe:/o:linux:linux_kernel:2.2.17Linux Kernel 2.2.17
cpe:/o:linux:linux_kernel:2.4.8Linux Kernel 2.4.8
cpe:/o:linux:linux_kernel:2.2.19Linux Kernel 2.2.19
cpe:/o:linux:linux_kernel:2.4.5Linux Kernel 2.4.5
cpe:/o:linux:linux_kernel:2.2.14Linux Kernel 2.2.14
cpe:/o:linux:linux_kernel:2.2.1Linux Kernel 2.2.1
cpe:/o:linux:linux_kernel:2.2.13Linux Kernel 2.2.13
cpe:/o:linux:linux_kernel:2.4.12Linux Kernel 2.4.12
cpe:/o:linux:linux_kernel:2.2.6Linux Kernel 2.2.6
cpe:/o:linux:linux_kernel:2.2.16Linux Kernel 2.2.16
cpe:/o:linux:linux_kernel:2.2.20Linux Kernel 2.2.20
cpe:/o:linux:linux_kernel:2.2.0Linux Kernel 2.2
cpe:/o:linux:linux_kernel:2.2.7Linux Kernel 2.2.7
cpe:/o:linux:linux_kernel:2.2.11Linux Kernel 2.2.11
cpe:/o:linux:linux_kernel:2.2.4Linux Kernel 2.2.4
cpe:/o:linux:linux_kernel:2.4.15Linux Kernel 2.4.15
cpe:/o:linux:linux_kernel:2.4.0Linux Kernel 2.4.0
cpe:/o:linux:linux_kernel:2.2.18Linux Kernel 2.2.18
cpe:/o:linux:linux_kernel:2.4.2Linux Kernel 2.4.2
cpe:/o:linux:linux_kernel:2.4.3Linux Kernel 2.4.3

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0570
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0570
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200207-012
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/static/7769.php
(VENDOR_ADVISORY)  XF  linux-loop-device-encryption(7769)
http://www.securityfocus.com/bid/3775
(VENDOR_ADVISORY)  BID  3775
http://archives.neohapsis.com/archives/bugtraq/2002-01/0010.html
(VENDOR_ADVISORY)  BUGTRAQ  20020102 Vulnerability in encrypted loop device for linux

- 漏洞信息

Linux加密回路系统重放攻击漏洞
低危 设计错误
2002-07-03 00:00:00 2005-10-20 00:00:00
本地  
        Linux内核2.4.10版本及之前版本的加密回路设备不认证加密数据的实体,本地用户无需知道密钥就可以修改加密数据。

- 公告与补丁

        Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .

- 漏洞信息

9588
Linux Kernel Encrypted Loop Device Arbitrary Local Data Modification

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-01-02 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux Encrypted Loop Filesystem Replay Attack Vulnerability
Design Error 3775
No Yes
2002-01-02 12:00:00 2009-07-11 09:56:00
Reported by Jerome Etienne <jme@off.net> on January 2, 2002.

- 受影响的程序版本

Linux kernel 2.4.17
Linux kernel 2.4.16
+ Sun Cobalt RaQ 550
Linux kernel 2.4.15
Linux kernel 2.4.14
Linux kernel 2.4.13
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
Linux kernel 2.4.12
+ Conectiva Linux 7.0
Linux kernel 2.4.11
Linux kernel 2.4.10
+ S.u.S.E. Linux 7.3
Linux kernel 2.4.9
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0
Linux kernel 2.4.8
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.7
+ RedHat Linux 7.2
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
Linux kernel 2.4.6
Linux kernel 2.4.5
+ Slackware Linux 8.0
Linux kernel 2.4.4
+ S.u.S.E. Linux 7.2
Linux kernel 2.4.3
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.2
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
Linux kernel 2.4.1
Linux kernel 2.4
Linux kernel 2.2.20
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
Linux kernel 2.2.19
+ EnGarde Secure Linux 1.0.1
+ Immunix Immunix OS 7+
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 6.4
+ S.u.S.E. Linux 6.3
+ Trustix Secure Linux 1.5
Linux kernel 2.2.18
+ Caldera OpenLinux 2.4
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux 4.2
+ Conectiva Linux 4.1
+ Conectiva Linux 4.0 es
+ Conectiva Linux 4.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ Mandriva Linux Mandrake 7.0
+ Mandriva Linux Mandrake 6.1
+ Mandriva Linux Mandrake 6.0
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.1 sparc
+ RedHat Linux 6.1 i386
+ RedHat Linux 6.1 alpha
+ RedHat Linux 6.0 sparc
+ RedHat Linux 6.0 alpha
+ RedHat Linux 6.0
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4
+ S.u.S.E. Linux 6.3 ppc
+ S.u.S.E. Linux 6.3 alpha
+ S.u.S.E. Linux 6.3
+ S.u.S.E. Linux 6.1 alpha
+ S.u.S.E. Linux 6.1
+ S.u.S.E. Linux 6.0
+ SCO eDesktop 2.4
+ SCO eServer 2.3.1
+ Slackware Linux 7.1
+ Slackware Linux 7.0
+ Slackware Linux 4.0
+ Wirex Immunix OS 7.0 -Beta
+ Wirex Immunix OS 7.0
+ Wirex Immunix OS 6.2
Linux kernel 2.2.17
+ Mandriva Linux Mandrake 7.2
+ S.u.S.E. Linux 7.0
+ Trustix Secure Linux 1.2
Linux kernel 2.2.16
+ RedHat Linux 7.0
+ Sun Cobalt Qube 3
+ Sun Cobalt RaQ XTR
+ Trustix Secure Linux 1.1
Linux kernel 2.2.15
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 7.1
Linux kernel 2.2.14
+ Red Hat Linux 6.2
+ SCO eDesktop 2.4
+ SCO eServer 2.3.1
+ Sun Cobalt RaQ 4
Linux kernel 2.2.13
+ S.u.S.E. Linux 6.4
+ S.u.S.E. Linux 6.3
Linux kernel 2.2.12
Linux kernel 2.2.11
Linux kernel 2.2.10
+ Caldera OpenLinux 2.3
Linux kernel 2.2.9
Linux kernel 2.2.8
Linux kernel 2.2.7
Linux kernel 2.2.6
Linux kernel 2.2.5
Linux kernel 2.2.4
Linux kernel 2.2.3
Linux kernel 2.2.2
Linux kernel 2.2.1
Linux kernel 2.2

- 漏洞讨论

Linux includes support for encrypted filesystems through a loop device. While a variety of encryption algorithms are supported, the basic operation is based on a block cipher in cipher block chaining (CBC) mode. Encryption is done individually on different blocks of the filesystem, and the same key is used throughout. While the initialization vector is different for each block (and is in fact based on the block number), the self correcting property of CBC ciphers allows a form of a replay attack.

Encrypted data may be copied between various areas of the file system. With the exception of the boundary area between the original and inserted data, the resulting plaintext will be correct. An attacker with knowledge of the physical layout of the file system may take advantage of this to replace data on the file system. Examples would include areas known to contain plain text, or guesses as to the locations of inode data.

Write access to the encrypted file system is required for this attack. This will generally require local or physical access to the machine or media. In general, it should not be assumed that integrity of data is provided for by this encryption model.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站