CVE-2005-3623
CVSS5.0
发布时间 :2005-12-31 00:00:00
修订时间 :2010-08-21 00:00:00
NMCOS    

[原文]nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems.


[CNNVD]Linux Kernel NFS ACL访问控制绕过漏洞(CNNVD-200512-754)

        Linux Kernel是开放源码操作系统Linux所使用的内核。
        Linux Kernel的NFS实现上存在漏洞,远程攻击者可能绕过访问控制获取非授权访问。Linux Kernel的NFS实现中在设置ACL之前没有验证远程用户的权限,攻击者可以在NFS文件系统上更改ACL,这样就可以绕过访问控制获得非授权访问。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-264 [权限、特权与访问控制]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11707nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3623
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3623
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-754
(官方数据源) CNNVD

- 其它链接及资源

http://secunia.com/advisories/19038
(VENDOR_ADVISORY)  SECUNIA  19038
http://secunia.com/advisories/18788
(VENDOR_ADVISORY)  SECUNIA  18788
http://lkml.org/lkml/2005/12/23/171
(PATCH)  MISC  http://lkml.org/lkml/2005/12/23/171
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html
(PATCH)  SUSE  SUSE-SA:2006:012
http://www.securityfocus.com/bid/16570
(UNKNOWN)  BID  16570
http://www.redhat.com/support/errata/RHSA-2006-0575.html
(UNKNOWN)  REDHAT  RHSA-2006:0575
http://www.novell.com/linux/security/advisories/2006_06_kernel.html
(VENDOR_ADVISORY)  SUSE  SUSE-SA:2006:006
http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
http://secunia.com/advisories/22417
(VENDOR_ADVISORY)  SECUNIA  22417
http://secunia.com/advisories/21465
(VENDOR_ADVISORY)  SECUNIA  21465

- 漏洞信息

Linux Kernel NFS ACL访问控制绕过漏洞
中危 访问验证错误
2005-12-31 00:00:00 2006-05-15 00:00:00
远程  
        Linux Kernel是开放源码操作系统Linux所使用的内核。
        Linux Kernel的NFS实现上存在漏洞,远程攻击者可能绕过访问控制获取非授权访问。Linux Kernel的NFS实现中在设置ACL之前没有验证远程用户的权限,攻击者可以在NFS文件系统上更改ACL,这样就可以绕过访问控制获得非授权访问。
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.14.5.tar.bz2

- 漏洞信息

22179
Linux Kernel nfs*acl.c Exported NFS readonly ACL Bypass
Remote / Network Access Other
Loss of Integrity
Exploit Unknown Vendor Verified

- 漏洞描述

The Linux kernel contains a flaw that may allow a malicious user to perform unauthorised actions. The issue is triggered because attackers can set permissions on exported NFS shares flagged as 'read-only'. This flaw may result in a loss of integrity.

- 时间线

2005-12-20 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.6.14.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Linux Kernel NFS ACL Access Control Bypass Vulnerability
Access Validation Error 16570
Yes No
2006-02-09 12:00:00 2007-01-25 04:19:00
Martin Walter <mawa@uni-freiburg.de> reported this issue to the vendor.

- 受影响的程序版本

SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. SuSE Linux Open-Xchange 4.1
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Openexchange Server
S.u.S.E. Linux Office Server
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux Database Server 0
S.u.S.E. Linux Connectivity Server
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Enterprise Linux AS 4
Linux kernel 2.6.14 .4
Linux kernel 2.6.14 .3
Linux kernel 2.6.14 .2
Linux kernel 2.6.14 .1
Linux kernel 2.6.14 -rc4
Linux kernel 2.6.14 -rc3
Linux kernel 2.6.14 -rc2
Linux kernel 2.6.14 -rc1
Linux kernel 2.6.14
Linux kernel 2.6.13 .4
Linux kernel 2.6.13 .3
Linux kernel 2.6.13 .2
Linux kernel 2.6.13 .1
Linux kernel 2.6.13 -rc7
Linux kernel 2.6.13 -rc6
Linux kernel 2.6.13 -rc4
Linux kernel 2.6.13 -rc1
Linux kernel 2.6.13
Linux kernel 2.6.12 .6
Linux kernel 2.6.12 .5
Linux kernel 2.6.12 .4
Linux kernel 2.6.12 .3
Linux kernel 2.6.12 .2
Linux kernel 2.6.12 .1
Linux kernel 2.6.12 -rc5
Linux kernel 2.6.12 -rc4
Linux kernel 2.6.12 -rc1
Linux kernel 2.6.11 .8
Linux kernel 2.6.11 .7
Linux kernel 2.6.11 .6
Linux kernel 2.6.11 .5
Linux kernel 2.6.11 .12
Linux kernel 2.6.11 .11
Linux kernel 2.6.11 -rc4
Linux kernel 2.6.11 -rc3
Linux kernel 2.6.11 -rc2
Linux kernel 2.6.11
+ Red Hat Fedora Core4
Linux kernel 2.6.10 rc2
Linux kernel 2.6.10
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
+ Trustix Secure Linux 3.0
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
Linux kernel 2.6.9
Linux kernel 2.6.8 rc3
Linux kernel 2.6.8 rc2
Linux kernel 2.6.8 rc1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.8
Linux kernel 2.6.7 rc1
Linux kernel 2.6.7
Linux kernel 2.6.6 rc1
Linux kernel 2.6.6
Linux kernel 2.6.5
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 2.6.1 -rc2
Linux kernel 2.6.1 -rc1
Linux kernel 2.6.1
Linux kernel 2.6 .10
Linux kernel 2.6 -test9-CVS
Linux kernel 2.6 -test9
Linux kernel 2.6 -test8
Linux kernel 2.6 -test7
Linux kernel 2.6 -test6
Linux kernel 2.6 -test5
Linux kernel 2.6 -test4
Linux kernel 2.6 -test3
Linux kernel 2.6 -test2
Linux kernel 2.6 -test11
Linux kernel 2.6 -test10
Linux kernel 2.6 -test1
Linux kernel 2.6
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8710 CM 3.1
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8700 CM 3.1
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8500 CM 3.1
Avaya S8500 0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya S8300 CM 3.1
Avaya S8300 0
Avaya Messaging Storage Server MM3.0
Avaya Converged Communications Server 2.0
Linux kernel 2.6.14 .5

- 不受影响的程序版本

Linux kernel 2.6.14 .5

- 漏洞讨论

The Linux kernel's NFS implementation is prone to a remote access-control-bypass vulnerability. The software fails to validate the privileges of remote users before setting ACLs.

This issue allows remote attackers to improperly alter ACLs on NFS filesystems, allowing them to bypass access controls. Disclosure of sensitive information, modification of arbitrary files, and other attacks are possible.

Kernel versions prior to 2.6.14.5 in the 2.6 kernel series are vulnerable to this issue.

- 漏洞利用

An exploit is not required.

- 解决方案

The vendor has released version 2.6.14.5 of the Linux kernel to address this issue.

Please see the referenced vendor advisories for details on obtaining and applying fixes.


S.u.S.E. Linux Professional 10.0

Linux kernel 2.6 -test6

Linux kernel 2.6 -test4

Linux kernel 2.6 -test2

Linux kernel 2.6 -test9-CVS

Linux kernel 2.6 -test7

Linux kernel 2.6 -test9

Linux kernel 2.6 -test10

Linux kernel 2.6 -test11

Linux kernel 2.6

Linux kernel 2.6.1 -rc2

Linux kernel 2.6.1

Linux kernel 2.6.10 rc2

Linux kernel 2.6.10

Linux kernel 2.6.11 -rc3

Linux kernel 2.6.11 .11

Linux kernel 2.6.11 .7

Linux kernel 2.6.11

Linux kernel 2.6.11 .6

Linux kernel 2.6.11 .12

Linux kernel 2.6.12 .4

Linux kernel 2.6.12 .1

Linux kernel 2.6.12 -rc4

Linux kernel 2.6.12 .2

Linux kernel 2.6.12 -rc1

Linux kernel 2.6.12 .3

Linux kernel 2.6.12 .5

Linux kernel 2.6.13 -rc4

Linux kernel 2.6.13 .3

Linux kernel 2.6.13

Linux kernel 2.6.13 -rc7

Linux kernel 2.6.13 -rc1

Linux kernel 2.6.14 .4

Linux kernel 2.6.14 .1

Linux kernel 2.6.14 .3

Linux kernel 2.6.14 -rc2

Linux kernel 2.6.14 -rc3

Linux kernel 2.6.2

Linux kernel 2.6.3

Linux kernel 2.6.4

Linux kernel 2.6.6 rc1

Linux kernel 2.6.6

Linux kernel 2.6.7

Linux kernel 2.6.8 rc2

Linux kernel 2.6.8 rc1

Linux kernel 2.6.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站