CVE-2002-1319
CVSS2.1
发布时间 :2002-12-11 00:00:00
修订时间 :2016-10-17 22:25:52
NMCO    

[原文]The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs.


[CNNVD]Linux Kernel 系统调用TF/NT标记本地拒绝服务攻击漏洞(CNNVD-200212-012)

        
        Linux Kernel是开放源代码的Linux内核系统。
        Linux内核不正确处理系统调用的TF/NT标记,本地攻击者利用这个漏洞可以进行拒绝服务攻击。
        Linux内核在处理lcall调用时会仿真一个陷阱/中断门. 真正的陷阱/中断门会在进入内核之前清除EFLAGS中的TF和NT标记, 然而Linux内核的仿真代码在实现上没有做这一步处理. 如果本地攻击者在调用lcall之前有意设置了TF或NT标志, 就会导致内核错误地根据EFLAGS进行处理, 这将造成内核崩溃, 系统可能挂起或重启.
        这个漏洞影响x86平台下的Linux kernel 2.2.x, 2.4.20以及更低版本, 2.5.x.
        

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:trustix:secure_linux:1.5Trustix Secure Linux 1.5
cpe:/o:linux:linux_kernel:2.4.12Linux Kernel 2.4.12
cpe:/o:linux:linux_kernel:2.4.11Linux Kernel 2.4.11
cpe:/o:trustix:secure_linux:1.2Trustix Secure Linux 1.2
cpe:/o:trustix:secure_linux:1.1Trustix Secure Linux 1.1
cpe:/o:linux:linux_kernel:2.4.1Linux Kernel 2.4.1
cpe:/o:linux:linux_kernel:2.4.19Linux Kernel 2.4.19
cpe:/o:linux:linux_kernel:2.2.17Linux Kernel 2.2.17
cpe:/o:linux:linux_kernel:2.4.14Linux Kernel 2.4.14
cpe:/o:linux:linux_kernel:2.2.18Linux Kernel 2.2.18
cpe:/o:linux:linux_kernel:2.4.13Linux Kernel 2.4.13
cpe:/o:linux:linux_kernel:2.4.16Linux Kernel 2.4.16
cpe:/o:linux:linux_kernel:2.4.5Linux Kernel 2.4.5
cpe:/o:linux:linux_kernel:2.4.15Linux Kernel 2.4.15
cpe:/o:linux:linux_kernel:2.4.4Linux Kernel 2.4.4
cpe:/o:linux:linux_kernel:2.2.13Linux Kernel 2.2.13
cpe:/o:linux:linux_kernel:2.4.10Linux Kernel 2.4.10
cpe:/o:linux:linux_kernel:2.2.14Linux Kernel 2.2.14
cpe:/o:linux:linux_kernel:2.4.3Linux Kernel 2.4.3
cpe:/o:linux:linux_kernel:2.4.2Linux Kernel 2.4.2
cpe:/o:linux:linux_kernel:2.2.15Linux Kernel 2.2.15
cpe:/o:linux:linux_kernel:2.2.16Linux Kernel 2.2.16
cpe:/o:linux:linux_kernel:2.4.18Linux Kernel 2.4.18
cpe:/o:linux:linux_kernel:2.4.17Linux Kernel 2.4.17
cpe:/o:linux:linux_kernel:2.2.20Linux Kernel 2.2.20
cpe:/o:linux:linux_kernel:2.2.21Linux Kernel 2.2.21
cpe:/o:linux:linux_kernel:2.2.19Linux Kernel 2.2.19
cpe:/o:linux:linux_kernel:2.4.9Linux Kernel 2.4.9
cpe:/o:linux:linux_kernel:2.4.8Linux Kernel 2.4.8
cpe:/o:linux:linux_kernel:2.4.7Linux Kernel 2.4.7
cpe:/o:linux:linux_kernel:2.4.6Linux Kernel 2.4.6

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1319
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1319
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-012
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000553
(UNKNOWN)  CONECTIVA  CLA-2002:553
http://marc.info/?l=bugtraq&m=103714004623587&w=2
(UNKNOWN)  BUGTRAQ  20021111 i386 Linux kernel DoS
http://marc.info/?l=bugtraq&m=103737292709297&w=2
(UNKNOWN)  BUGTRAQ  20021114 Re: i386 Linux kernel DoS
http://rhn.redhat.com/errata/RHSA-2002-262.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2002:262
http://rhn.redhat.com/errata/RHSA-2002-264.html
(UNKNOWN)  REDHAT  RHSA-2002:264
http://www.redhat.com/support/errata/RHSA-2002-263.html
(UNKNOWN)  REDHAT  RHSA-2002:263
http://www.securityfocus.com/bid/6115
(VENDOR_ADVISORY)  BID  6115
http://xforce.iss.net/xforce/xfdb/10576
(UNKNOWN)  XF  linux-kernel-tf-dos(10576)

- 漏洞信息

Linux Kernel 系统调用TF/NT标记本地拒绝服务攻击漏洞
低危 未知
2002-12-11 00:00:00 2005-05-13 00:00:00
本地  
        
        Linux Kernel是开放源代码的Linux内核系统。
        Linux内核不正确处理系统调用的TF/NT标记,本地攻击者利用这个漏洞可以进行拒绝服务攻击。
        Linux内核在处理lcall调用时会仿真一个陷阱/中断门. 真正的陷阱/中断门会在进入内核之前清除EFLAGS中的TF和NT标记, 然而Linux内核的仿真代码在实现上没有做这一步处理. 如果本地攻击者在调用lcall之前有意设置了TF或NT标志, 就会导致内核错误地根据EFLAGS进行处理, 这将造成内核崩溃, 系统可能挂起或重启.
        这个漏洞影响x86平台下的Linux kernel 2.2.x, 2.4.20以及更低版本, 2.5.x.
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 禁止不可信用户登录系统.
        厂商补丁:
        Linux
        -----
        Linus Torvalds 已经发布了升级补丁以修复这个安全问题:
        # The following is the BitKeeper ChangeSet Log
        # --------------------------------------------
        # 02/11/14 torvalds@home.transmeta.com 1.848
        # Fix impressive call gate misuse DoS reported on bugtraq.
        # --------------------------------------------
        # 02/11/14 torvalds@home.transmeta.com 1.849
        # Duh. Fix the other lcall entry point too.
        # --------------------------------------------
        #
        diff -Nru a/arch/i386/kernel/entry.S b/arch/i386/kernel/entry.S
        --- a/arch/i386/kernel/entry.S Thu Nov 14 09:59:08 2002
        +++ b/arch/i386/kernel/entry.S Thu Nov 14 09:59:08 2002
        @@ -66,7 +66,9 @@
         OLDSS = 0x38
        
         CF_MASK = 0x00000001
        +TF_MASK = 0x00000100
         IF_MASK = 0x00000200
        +DF_MASK = 0x00000400
         NT_MASK = 0x00004000
         VM_MASK = 0x00020000
        
        @@ -134,6 +136,17 @@
         movl %eax,EFLAGS(%esp) #
         movl %edx,EIP(%esp) # Now we move them to their "normal" places
         movl %ecx,CS(%esp) #
        +
        + #
        + # Call gates don't clear TF and NT in eflags like
        + # traps do, so we need to do it ourselves.
        + # %eax already contains eflags (but it may have
        + # DF set, clear that also)
        + #
        + andl $~(DF_MASK | TF_MASK | NT_MASK),%eax
        + pushl %eax
        + popfl
        +
         movl %esp, %ebx
         pushl %ebx
         andl $-8192, %ebx # GET_THREAD_INFO
        @@ -156,6 +169,17 @@
         movl %eax,EFLAGS(%esp) #
         movl %edx,EIP(%esp) # Now we move them to their "normal" places
         movl %ecx,CS(%esp) #
        +
        + #
        + # Call gates don't clear TF and NT in eflags like
        + # traps do, so we need to do it ourselves.
        + # %eax already contains eflags (but it may have
        + # DF set, clear that also)
        + #
        + andl $~(DF_MASK | TF_MASK | NT_MASK),%eax
        + pushl %eax
        + popfl
        +
         movl %esp, %ebx
         pushl %ebx
         andl $-8192, %ebx # GET_THREAD_INFO
        RedHat
        ------
        RedHat已经为此发布了一个安全公告(RHSA-2002:264-05)以及相应补丁:
        RHSA-2002:264-05:New kernel 2.2 packages fix local denial of service issue
        链接:https://www.redhat.com/support/errata/RHSA-2002-264.html
        补丁下载:
        Red Hat Linux 6.2:
        
        SRPMS:
         ftp://updates.redhat.com/6.2/en/os/SRPMS/kernel-2.2.22-6.2.3.src.rpm
        
        i386:
         ftp://updates.redhat.com/6.2/en/os/i386/kernel-smp-2.2.22-6.2.3.i386.rpm
         ftp://updates.redhat.com/6.2/en/os/i386/kernel-2.2.22-6.2.3.i386.rpm
         ftp://updates.redhat.com/6.2/en/os/i386/kernel-BOOT-2.2.22-6.2.3.i386.rpm
         ftp://updates.redhat.com/6.2/en/os/i386/kernel-ibcs-2.2.22-6.2.3.i386.rpm
         ftp://updates.redhat.com/6.2/en/os/i386/kernel-utils-2.2.22-6.2.3.i386.rpm
         ftp://updates.redhat.com/6.2/en/os/i386/kernel-pcmcia-cs-2.2.22-6.2.3.i386.rpm
         ftp://updates.redhat.com/6.2/en/os/i386/kernel-doc-2.2.22-6.2.3.i386.rpm
         ftp://updates.redhat.com/6.2/en/os/i386/kernel-headers-2.2.22-6.2.3.i386.rpm
         ftp://updates.redhat.com/6.2/en/os/i386/kernel-source-2.2.22-6.2.3.i386.rpm
        
        i586:
         ftp://updates.redhat.com/6.2/en/os/i586/kernel-smp-2.2.22-6.2.3.i586.rpm
         ftp://updates.redhat.com/6.2/en/os/i586/kernel-2.2.22-6.2.3.i586.rpm
        
        i686:
         ftp://updates.redhat.com/6.2/en/os/i686/kernel-enterprise-2.2.22-6.2.3.i686.rpm
         ftp://updates.redhat.com/6.2/en/os/i686/kernel-smp-2.2.22-6.2.3.i686.rpm
         ftp://updates.redhat.com/6.2/en/os/i686/kernel-2.2.22-6.2.3.i686.rpm
        
        Red Hat Linux 7.0:
        
        SRPMS:
         ftp://updates.redhat.com/7.0/en/os/SRPMS/kernel-2.2.22-7.0.3.src.rpm
        
        i386:
         ftp://updates.redhat.com/7.0/en/os/i386/kernel-smp-2.2.22-7.0.3.i386.rpm
         ftp://updates.redhat.com/7.0/en/os/i386/kernel-2.2.22-7.0.3.i386.rpm
         ftp://updates.redhat.com/7.0/en/os/i386/kernel-BOOT-2.2.22-7.0.3.i386.rpm
         ftp://updates.redhat.com/7.0/en/os/i386/kernel-ibcs-2.2.22-7.0.3.i386.rpm
        

- 漏洞信息

9589
Linux Kernel Emulation Mode TF/NT EFLAGs Local DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-11-06 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站