漏洞信息详情

Linux sysctl()核内存读取漏洞

  • CNNVD编号:CNNVD-200105-081
  • 危害等级: 中危
  • CVE编号: CVE-2001-0316
  • 漏洞类型: 边界条件错误
  • 发布时间: 2001-05-03
  • 威胁类型: 本地
  • 更新时间: 2005-05-02
  • 厂        商: linux
  • 漏洞来源: This vulnerability...

漏洞简介

Linux kernel 2.4和2.2版本存在漏洞。本地用户借助sysctl调用的负参数读取核内存以及可能提升特权。

漏洞公告

Upgrades available. This kernel module was provided by Stephen White . /* Stephen White 10/2/2001 swhite@ox.compsoc.net sysctl_fix.c, compile: gcc -Wall -DMODULE -D__KERNEL__ -c sysctl_fix.c (on Redhat/UltraSparc with sparc64-linux-gcc -m64 -mno-fpu -mcmodel=medlow -mcpu=ultrasparc -ffixed-g4 -fcall-used-g5 -fcall-used-g7 -Wall -DMODULE -D__KERNEL__ -c sysctl_fix.c ) Prevent sysctl exploit discovered by Chris Evans by properly validating input against negative numbers, */ #include #include #include #include #include #include #include #include #include #include #include extern void *sys_call_table[]; int (*old_sysctl)(struct __sysctl_args *args); asmlinkage int validate_sysctl(struct __sysctl_args *args) { struct __sysctl_args tmp; if(copy_from_user(&tmp, args, sizeof(tmp))) return -EFAULT; if (tmp.nlen < 0) goto bad; if (tmp.oldval) { int old_len; if (copy_from_user(&old_len, tmp.oldlenp, sizeof(old_len))) return -EFAULT; if (old_len < 0) goto bad; } if (tmp.newval) if (tmp.newlen < 0) goto bad; return (*old_sysctl)(args); bad: printk("sysctl: arguments failed sanity check for user %i\n",current->uid); return -EINVAL; } int init_module() { old_sysctl = sys_call_table[__NR__sysctl]; sys_call_table[__NR__sysctl] = validate_sysctl; return 0; } void cleanup_module() { sys_call_table[__NR__sysctl] = old_sysctl; } RedHat kernel-doc-2.2.16-22.i386.rpm

RedHat kernel-smp-2.2.16-22.i386.rpm RedHat kernel-source-2.2.16-22.i386.rpm RedHat kernel-2.2.16-22.i686.rpm RedHat kernel-2.2.16-22.i586.rpm RedHat kernel-utils-2.2.16-22.i386.rpm RedHat kernel-enterprise-2.2.16-22.i686.rpm RedHat kernel-smp-2.2.16-22.i586.rpm RedHat kernel-2.2.16-22.i386.rpm RedHat kernel-pcmcia-cs-2.2.16-22.i386.rpm RedHat kernel-ibcs-2.2.16-22.i386.rpm RedHat kernel-BOOT-2.2.16-22.i386.rpm RedHat kernel-smp-2.2.16-22.i686.rpm Linux kernel 2.2.18

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多