CVE-2003-0859
CVSS4.9
发布时间 :2003-12-15 00:00:00
修订时间 :2010-08-21 00:16:52
NMCOS    

[原文]The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.


[CNNVD]伪造内核Netlink接口消息本地拒绝服务攻击漏洞(CNNVD-200312-059)

        
        kernel Netlink是一网络接口实现。
        应用程序在调用内核Netlink时没有正确实现getifaddrs()函数,本地攻击者可以利用这个漏洞对应用程序进行拒绝服务攻击。
        问题是应用程序实现getifaddrs()与netlink设备进行交互时存在问题,在部分环境下,由getifaddrs()函数处理的匿名netlink消息可引起应用程序崩溃。
        Red Hat声称GNU Zebra、Quagga和iproute均受此漏洞影响,会使这些应用程序崩溃。目前没有详细漏洞细节提供。
        

- CVSS (基础分值)

CVSS分值: 4.9 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:redhat:enterprise_linux:2.1::workstation_ia64
cpe:/o:redhat:enterprise_linux:2.1::advanced_server_ia64
cpe:/a:gnu:zebra:0.92aGNU Zebra 0.92a
cpe:/a:sgi:propack:2.2.1SGI ProPack 2.2.1
cpe:/o:redhat:enterprise_linux:3.0::advanced_servers
cpe:/o:redhat:enterprise_linux:2.1::workstation
cpe:/a:gnu:glibc:2.3.2GNU glibc 2.3.2
cpe:/o:redhat:enterprise_linux:2.1::advanced_server
cpe:/o:redhat:linux_advanced_workstation:2.1::itanium_processor
cpe:/a:gnu:zebra:0.93bGNU Zebra 0.93b
cpe:/a:quagga:quagga_routing_software_suite:0.96.2
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server_ia64
cpe:/o:redhat:enterprise_linux:3.0::enterprise_server
cpe:/a:gnu:zebra:0.93aGNU Zebra 0.93a
cpe:/h:intel:ia64Intel IA64
cpe:/a:sgi:propack:2.3SGI ProPack 2.3
cpe:/a:gnu:zebra:0.91aGNU Zebra 0.91a
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11337The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0859
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0859
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200312-059
(官方数据源) CNNVD

- 其它链接及资源

http://www.redhat.com/support/errata/RHSA-2003-325.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2003:325
http://www.redhat.com/support/errata/RHSA-2003-334.html
(UNKNOWN)  REDHAT  RHSA-2003:334

- 漏洞信息

伪造内核Netlink接口消息本地拒绝服务攻击漏洞
中危 其他
2003-12-15 00:00:00 2005-12-05 00:00:00
本地  
        
        kernel Netlink是一网络接口实现。
        应用程序在调用内核Netlink时没有正确实现getifaddrs()函数,本地攻击者可以利用这个漏洞对应用程序进行拒绝服务攻击。
        问题是应用程序实现getifaddrs()与netlink设备进行交互时存在问题,在部分环境下,由getifaddrs()函数处理的匿名netlink消息可引起应用程序崩溃。
        Red Hat声称GNU Zebra、Quagga和iproute均受此漏洞影响,会使这些应用程序崩溃。目前没有详细漏洞细节提供。
        

- 公告与补丁

        厂商补丁:
        RedHat
        ------
        RedHat已经为此发布了一个安全公告(RHSA-2003:307-01)以及相应补丁:
        RHSA-2003:307-01:Updated zebra packages fix security vulnerabilities
        链接:https://www.redhat.com/support/errata/RHSA-2003-307.html
        补丁下载:
        Red Hat Linux 7.2:
        SRPMS:
        ftp://updates.redhat.com/7.2/en/os/SRPMS/zebra-0.91a-8.7.2.src.rpm
        i386:
        ftp://updates.redhat.com/7.2/en/os/i386/zebra-0.91a-8.7.2.i386.rpm
        ia64:
        ftp://updates.redhat.com/7.2/en/os/ia64/zebra-0.91a-8.7.2.ia64.rpm
        Red Hat Linux 7.3:
        SRPMS:
        ftp://updates.redhat.com/7.3/en/os/SRPMS/zebra-0.92a-5.7.3.src.rpm
        i386:
        ftp://updates.redhat.com/7.3/en/os/i386/zebra-0.92a-5.7.3.i386.rpm
        Red Hat Linux 8.0:
        SRPMS:
        ftp://updates.redhat.com/8.0/en/os/SRPMS/zebra-0.93a-5.8.0.src.rpm
        i386:
        ftp://updates.redhat.com/8.0/en/os/i386/zebra-0.93a-5.8.0.i386.rpm
        Red Hat Linux 9:
        SRPMS:
        ftp://updates.redhat.com/9/en/os/SRPMS/zebra-0.93b-4.9.src.rpm
        i386:
        ftp://updates.redhat.com/9/en/os/i386/zebra-0.93b-4.9.i386.rpm
        GNU glibc 2.3.2:
        Red Hat Upgrade glibc-2.3.2-27.9.7.i386.rpm
        ftp://updates.redhat.com/9/en/os/i386/glibc-2.3.2-27.9.7.i386.rpm
        Red Hat Upgrade glibc-common-2.3.2-27.9.7.i386.rpm
        ftp://updates.redhat.com/9/en/os/i386/glibc-common-2.3.2-27.9.7.i386.rpm
        Red Hat Upgrade glibc-debug-2.3.2-27.9.7.i386.rpm
        ftp://updates.redhat.com/9/en/os/i386/glibc-debug-2.3.2-27.9.7.i386.rpm
        Red Hat Upgrade glibc-profile-2.3.2-27.9.7.i386.rpm
        ftp://updates.redhat.com/9/en/os/i386/glibc-profile-2.3.2-27.9.7.i386.rpm
        Red Hat Upgrade glibc-utils-2.3.2-27.9.7.i386.rpm
        ftp://updates.redhat.com/9/en/os/i386/glibc-utils-2.3.2-27.9.7.i386.rpm
        Red Hat Upgrade nscd-2.3.2-27.9.7.i386.rpm
        ftp://updates.redhat.com/9/en/os/i386/nscd-2.3.2-27.9.7.i386.rpm
        Red Hat Upgrade glibc-2.3.2-27.9.7.i686.rpm
        ftp://updates.redhat.com/9/en/os/i686/glibc-2.3.2-27.9.7.i686.rpm
        Red Hat Upgrade nptl-devel-2.3.2-27.9.7.i686.rpm
        ftp://updates.redhat.com/9/en/os/i686/nptl-devel-2.3.2-27.9.7.i686.rpm
        Red Hat Upgrade glibc-devel-2.3.2-27.9.7.i386.rpm
        ftp://updates.redhat.com/9/en/os/i386/glibc-devel-2.3.2-27.9.7.i386.rpm
        可使用下列命令安装补丁:
        rpm -Fvh [文件名]

- 漏洞信息

55381
GNU C Library (glibc) getifaddrs Function Netlink Interface Spoofed Message Local DoS
Local Access Required Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

- 时间线

2003-11-12 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Spoofed Kernel Netlink Interface Message Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 9027
No Yes
2003-11-12 12:00:00 2009-07-12 12:56:00
The discovery of this vulnerability has been credited to Herbert Xu.

- 受影响的程序版本

SGI ProPack 2.3
SGI ProPack 2.2.1
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Quagga Quagga Routing Software Suite 0.96.2
+ Red Hat Enterprise Linux AS 3
+ RedHat Enterprise Linux ES 3
GNU Zebra 0.93 b
+ Conectiva Linux 9.0
+ Conectiva Linux Enterprise Edition 1.0
+ OpenPKG OpenPKG 1.3
+ OpenPKG OpenPKG 1.2
+ RedHat Linux 9.0 i386
GNU Zebra 0.93 a
+ RedHat Linux 8.0
GNU Zebra 0.92 a
+ RedHat Linux 7.3
GNU Zebra 0.91 a
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
+ Sun Linux 5.0.7
GNU glibc 2.3.2
+ Conectiva Linux 9.0
+ RedHat Linux 9.0 i386
+ RedHat Linux 8.0
+ Trustix Secure Linux 2.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
GNU glibc 2.2.4
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 8.0
+ HP Secure OS software for Linux 1.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i686
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alphaev6
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 alphaev6
+ RedHat Linux 7.0 i686
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux Advanced Work Station 2.1
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Enterprise Server for S/390
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. SuSE eMail Server III
+ Sun Linux 5.0.7
+ Sun Linux 5.0.6
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0
+ SuSE SUSE Linux Enterprise Server 7

- 漏洞讨论

Applications which make use of the kernel Netlink interface are said to be prone to denial of service attacks.

It has been reported that applications implementing the getifaddrs() glibc function may be prone to denial of service attacks. The problem is said to occur due to the way getifaddrs() interacts with the netlink device. Under some circumstances, an anonymous netlink message handled by the getifaddrs() function may cause the application to crash.

Red Hat has stated that GNU Zebra, Quagga and iproute are also affected by this vulnerability due to the way they interact with the netlink interface; exploitation may result in a denial of service.

The precise technical details regarding this issue are currently unknown. This BID will be updated, as further information is made available.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

OpenPKG has released advisory (OpenPKG-SA-2003.049) to address this issue. Users are advised to apply relative patches as soon as possible. Further information, including patch information, can be found in the attached advisory. Fixes are linked below.

Red Hat has released a security advisory (RHSA-2003:325-01) containing fixes to address this and a separate issue. Users are advised to upgrade as soon as possible. Further information can be found in the attached advisory.

*** November 13, 2003 - An updated versions of the above advisory has been released containing revised fixes for Red Hat 9. Users are advised to upgrade to the latest fixes.

Red Hat has released advisory RHSA-2003:305-12 to address this issue in their Linux Enterprise software. Relevant patches are available through the Red Hat Network. See the referenced advisory for additional details.

Red Hat has released advisory RHSA-2003:317-08 to address this issue in their Linux Enterprise software. Relevant patches are available through the Red Hat Network. See the referenced advisory for additional details.

Red Hat has released advisory RHSA-2003:307-01 to address this issue in their Linux Enterprise software. Users are advised to upgrade as soon as possible. Further information, including patch information, can be found in the attached advisory.

Red Hat has released advisory RHSA-2003:315-08 to address this issue in their Linux Enterprise software. Relevant patches are available through the Red Hat Network. See the referenced advisory for additional details.

SGI has released an advisory (20031101-01-U) pertaining to their ProPack Linux distribution. The advisory has been released in response to a number of RHSA advisories, and includes a patch (Patch 10032) containing updated RPM packages relating to a number of different BIDS. These RPMs address both the Zebra and Iproute packages detailed in this BID.

Patch 10032 can be obtained via the following link:
http://support.sgi.com/

For information regarding how to obtain individual RPM packages included in Patch 10032, please see the attached advisory.

Conectiva has released an advisory that includes updates for this issue. Conectiva also released an advisory for Conectiva Linux Enterprise Edition with fixes.

TurboLinux has released an advisory, and made fixes for this issue available. Affected users are advised to execute one of the following commands:

# turbopkg

OR

# zabom update glibc glibc-devel glibc-profile mtrace nscd

Additional TurboLinux information is available in the referenced advisory.

Sun has released a fix for Sun Linux 5.0.7.

Debian has issued fixes and an advisory for zebra.

Fixes:


GNU Zebra 0.91 a

GNU Zebra 0.92 a

GNU Zebra 0.93 b

GNU glibc 2.2.4

GNU glibc 2.3.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站