Linux Kernel 'nfs4_proc_lock()'本地拒绝服务漏洞

Bugraq ID: 36936
CVE ID：CVE-2009-3726

Linux是一款开放源代码的操作性系统。
Linux Kernel 'nfs4_proc_lock()'函数对Null值检查缺少充分检查，本地攻击者可以利用漏洞对系统进行拒绝服务攻击。
Null指针引用触发发生在_nfs4_proc_setlk函数的起始部分：
static int _nfs4_proc_setlk(struct nfs4_state *state, int cmd, struct
file_lock *request)
{
struct nfs_client *clp = state->owner->so_client;

尝试引用state->owner时可触发Oops，根据反汇编显示’state’已经为Null值：
fbf: ab stos %eax,%es:(%rdi)
fc0: ab stos %eax,%es:(%rdi)
fc1: ab stos %eax,%es:(%rdi)
fc2: 49 8b 45 30 mov 0x30(%r13),%rax <== oops
here
fc6: 4c 89 e6 mov %r12,%rsi
fc9: 4c 89 ef mov %r13,%rdi
这意味着nfs4_proc_lock对变量’state’缺少充分检查，提交Null值给nfs4_proc_setlk时可导致触发Oops。

Linux kernel 2.6.31 -rc3

• Trustix Secure Enterprise Linux 2.0
• Trustix Secure Linux 2.2
• Trustix Secure Linux 2.1
• Trustix Secure Linux 2.0
  Linux kernel 2.6.31 -rc1
  Linux kernel 2.6.31
  Linux kernel 2.6.30 rc6
  Linux kernel 2.6.30 1
  Linux kernel 2.6.30 -rc5
  Linux kernel 2.6.30 -rc3
  Linux kernel 2.6.30 -rc2
  Linux kernel 2.6.30 -rc1
  Linux kernel 2.6.30
  Linux kernel 2.6.29 4
  Linux kernel 2.6.29 1
  Linux kernel 2.6.29 -git8
  Linux kernel 2.6.29 -git14
  Linux kernel 2.6.29 -git1
  Linux kernel 2.6.29
  Linux kernel 2.6.28 9
  Linux kernel 2.6.28 8
  Linux kernel 2.6.28 6
  Linux kernel 2.6.28 5
  Linux kernel 2.6.28 3
  Linux kernel 2.6.28 2
  Linux kernel 2.6.28 1
  Linux kernel 2.6.28 -rc7
  Linux kernel 2.6.28 -rc5
  Linux kernel 2.6.28 -rc1
  Linux kernel 2.6.28 -git7
  Linux kernel 2.6.28
  Linux kernel 2.6.27 6
  Linux kernel 2.6.27 3
  Linux kernel 2.6.27 24
  Linux kernel 2.6.27 14
  Linux kernel 2.6.27 13
  Linux kernel 2.6.27 12
  Linux kernel 2.6.27 12
  Linux kernel 2.6.27 .8
  Linux kernel 2.6.27 .5
  Linux kernel 2.6.27 .5
  Linux kernel 2.6.27 -rc8-git5
  Linux kernel 2.6.27 -rc8
  Linux kernel 2.6.27 -rc6-git6
  Linux kernel 2.6.27 -rc6
  Linux kernel 2.6.27 -rc5
  Linux kernel 2.6.27 -rc2
  Linux kernel 2.6.27 -rc1
  Linux kernel 2.6.27
  Linux kernel 2.6.26 7
  Linux kernel 2.6.26 4
  Linux kernel 2.6.26 3
  Linux kernel 2.6.26 .6
  Linux kernel 2.6.26 -rc6
  Linux kernel 2.6.26
  Linux kernel 2.6.25 19
  Linux kernel 2.6.25 .9
  Linux kernel 2.6.25 .8
  Linux kernel 2.6.25 .7
  Linux kernel 2.6.25 .6
  Linux kernel 2.6.25 .5
  Linux kernel 2.6.25 .15
  Linux kernel 2.6.25 .13
  Linux kernel 2.6.25 .12
  Linux kernel 2.6.25 .11
  Linux kernel 2.6.25 .10
  Linux kernel 2.6.25
  Linux kernel 2.6.25
  Linux kernel 2.6.24 .2
  Linux kernel 2.6.24 .1
  Linux kernel 2.6.24 -rc5
  Linux kernel 2.6.24 -rc4
  Linux kernel 2.6.24 -rc3
  Linux kernel 2.6.24 -git13
  Linux kernel 2.6.24
  Linux kernel 2.6.23 .7
  Linux kernel 2.6.23 .6
  Linux kernel 2.6.23 .5
  Linux kernel 2.6.23 .4
  Linux kernel 2.6.23 .3
  Linux kernel 2.6.23 .2
  Linux kernel 2.6.23 -rc2
  Linux kernel 2.6.23 -rc1
  Linux kernel 2.6.23
  Linux kernel 2.6.22 7
  Linux kernel 2.6.22 1
  Linux kernel 2.6.22 .8
  Linux kernel 2.6.22 .6
  Linux kernel 2.6.22 .5
  Linux kernel 2.6.22 .4
  Linux kernel 2.6.22 .3
  Linux kernel 2.6.22 .17
  Linux kernel 2.6.22 .16
  Linux kernel 2.6.22 .15
  Linux kernel 2.6.22 .14
  Linux kernel 2.6.22 .13
  Linux kernel 2.6.22 .12
  Linux kernel 2.6.22 .11
  Linux kernel 2.6.22
  Linux kernel 2.6.22
  Linux kernel 2.6.21 4
  Linux kernel 2.6.21 .7
  Linux kernel 2.6.21 .6
  Linux kernel 2.6.21 .2
  Linux kernel 2.6.21 .1
  Linux kernel 2.6.21
  Linux kernel 2.6.21
  Linux kernel 2.6.21
  Linux kernel 2.6.20 .9
  Linux kernel 2.6.20 .8
  Linux kernel 2.6.20 .5
  Linux kernel 2.6.20 .4
  Linux kernel 2.6.20 .15
  Linux kernel 2.6.20 -git5
  Linux kernel 2.6.20
• Trustix Secure Enterprise Linux 2.0
• Trustix Secure Linux 2.2
• Trustix Secure Linux 2.1
• Trustix Secure Linux 2.0
  Linux kernel 2.6.20
  Linux kernel 2.6.19 1
  Linux kernel 2.6.19 .2
  Linux kernel 2.6.19 .1
  Linux kernel 2.6.19 -rc4
  Linux kernel 2.6.19 -rc3
• Trustix Secure Enterprise Linux 2.0
• Trustix Secure Linux 2.2
• Trustix Secure Linux 2.1
• Trustix Secure Linux 2.0
  Linux kernel 2.6.19 -rc2
• Trustix Secure Enterprise Linux 2.0
• Trustix Secure Linux 2.2
• Trustix Secure Linux 2.1
• Trustix Secure Linux 2.0
  Linux kernel 2.6.19 -rc1
  Linux kernel 2.6.19
• Trustix Secure Enterprise Linux 2.0
• Trustix Secure Linux 2.2
• Trustix Secure Linux 2.1
• Trustix Secure Linux 2.0
  Linux kernel 2.6.18 .4
  Linux kernel 2.6.18 .3
  Linux kernel 2.6.18 .1
  Linux kernel 2.6.18
  Linux kernel 2.6.17 .8
  Linux kernel 2.6.17 .7
  Linux kernel 2.6.17 .6
  Linux kernel 2.6.17 .5
  Linux kernel 2.6.17 .3
  Linux kernel 2.6.17 .2
  Linux kernel 2.6.17 .14
  Linux kernel 2.6.17 .13
  Linux kernel 2.6.17 .12
  Linux kernel 2.6.17 .11
  Linux kernel 2.6.17 .10
  Linux kernel 2.6.17 .1
  Linux kernel 2.6.17 -rc5
  Linux kernel 2.6.17
  Linux kernel 2.6.17
  Linux kernel 2.6.17
  Linux kernel 2.6.17
  Linux kernel 2.6.17
  Linux kernel 2.6.17
  Linux kernel 2.6.16 27
  Linux kernel 2.6.16 13
  Linux kernel 2.6.16 .9
  Linux kernel 2.6.16 .7
  Linux kernel 2.6.16 .23
  Linux kernel 2.6.16 .19
  Linux kernel 2.6.16 .12
  Linux kernel 2.6.16 .11
  Linux kernel 2.6.16 .1
  Linux kernel 2.6.16 -rc1
  Linux kernel 2.6.16
  Linux kernel 2.6.16
  Linux kernel 2.6.16
  Linux kernel 2.6.16
  Linux kernel 2.6.16
  Linux kernel 2.6.16
  Linux kernel 2.6.16
  Linux kernel 2.6.16
  Linux kernel 2.6.16
  Linux kernel 2.6.16
  Linux kernel 2.6.16
  Linux kernel 2.6.15 .4
  Linux kernel 2.6.15 .3
  Linux kernel 2.6.15 .2
  Linux kernel 2.6.15 .1
  Linux kernel 2.6.15 -rc3
  Linux kernel 2.6.15 -rc2
  Linux kernel 2.6.15 -rc1
  Linux kernel 2.6.15
  Linux kernel 2.6.15
  Linux kernel 2.6.15
  Linux kernel 2.6.15
  Linux kernel 2.6.15
  Linux kernel 2.6.15
• Trustix Secure Enterprise Linux 2.0
• Trustix Secure Linux 2.2
• Trustix Secure Linux 2.1
• Trustix Secure Linux 2.0
  Linux kernel 2.6.14 .5
  Linux kernel 2.6.14 .4
  Linux kernel 2.6.14 .3
  Linux kernel 2.6.14 .2
  Linux kernel 2.6.14 .1
  Linux kernel 2.6.14 -rc4
  Linux kernel 2.6.14 -rc3
  Linux kernel 2.6.14 -rc2
  Linux kernel 2.6.14 -rc1
  Linux kernel 2.6.14
  Linux kernel 2.6.14
  Linux kernel 2.6.13 .4
  Linux kernel 2.6.13 .3
  Linux kernel 2.6.13 .2
  Linux kernel 2.6.13 .1
  Linux kernel 2.6.13 -rc7
  Linux kernel 2.6.13 -rc6
  Linux kernel 2.6.13 -rc4
  Linux kernel 2.6.13 -rc1
  Linux kernel 2.6.13
  Linux kernel 2.6.13
• Trustix Secure Enterprise Linux 2.0
• Trustix Secure Linux 2.2
• Trustix Secure Linux 2.1
• Trustix Secure Linux 2.0
  Linux kernel 2.6.12 .6
  Linux kernel 2.6.12 .5
  Linux kernel 2.6.12 .4
  Linux kernel 2.6.12 .3
  Linux kernel 2.6.12 .22
  Linux kernel 2.6.12 .2
  Linux kernel 2.6.12 .12
  Linux kernel 2.6.12 .1
  Linux kernel 2.6.12 -rc5
  Linux kernel 2.6.12 -rc4
  Linux kernel 2.6.12 -rc1
  Linux kernel 2.6.12
  Linux kernel 2.6.12
  Linux kernel 2.6.11 .8
  Linux kernel 2.6.11 .7
  Linux kernel 2.6.11 .6
  Linux kernel 2.6.11 .5
  Linux kernel 2.6.11 .4
  Linux kernel 2.6.11 .12
  Linux kernel 2.6.11 .11
  Linux kernel 2.6.11 -rc4
  Linux kernel 2.6.11 -rc3
  Linux kernel 2.6.11 -rc2
  Linux kernel 2.6.11
  Linux kernel 2.6.11
  Linux kernel 2.6.10 rc2
  Linux kernel 2.6.10
  Linux kernel 2.6.10
  Linux kernel 2.6.3
  Linux kernel 2.6.2
  Linux kernel 2.6.1 -rc2
  Linux kernel 2.6.1 -rc1
  Linux kernel 2.6.1
  Linux kernel 2.6 .10
  Linux kernel 2.6 -test9-CVS
  Linux kernel 2.6 -test9
  Linux kernel 2.6 -test8
  Linux kernel 2.6 -test7
  Linux kernel 2.6 -test6
  Linux kernel 2.6 -test5
  Linux kernel 2.6 -test4
  Linux kernel 2.6 -test3
  Linux kernel 2.6 -test2
  Linux kernel 2.6 -test11
  Linux kernel 2.6 -test10
  Linux kernel 2.6 -test1
  Linux kernel 2.6
  Linux kernel 2.6.31-rc2
  Linux kernel 2.6.31-git11
• Trustix Secure Enterprise Linux 2.0
• Trustix Secure Linux 2.2
• Trustix Secure Linux 2.1
• Trustix Secure Linux 2.0
  Linux kernel 2.6.30.5
  Linux kernel 2.6.30.4
  Linux kernel 2.6.30.3
  Linux kernel 2.6.29-rc2-git1
  Linux kernel 2.6.29-rc2
  Linux kernel 2.6.29-rc1
  Linux kernel 2.6.28.4
  Linux kernel 2.6.26.1
  Linux kernel 2.6.26-rc5-git1
  Linux kernel 2.6.25.4
  Linux kernel 2.6.25.3
  Linux kernel 2.6.25.2
  Linux kernel 2.6.25.1
  Linux kernel 2.6.25-rc1
  Linux kernel 2.6.24.6
  Linux kernel 2.6.24-rc2
  Linux kernel 2.6.24-rc1
  Linux kernel 2.6.23.14
  Linux kernel 2.6.23.10
  Linux kernel 2.6.23.1
  Linux kernel 2.6.23.09
  Linux kernel 2.6.22-rc7
  Linux kernel 2.6.22-rc1
  Linux kernel 2.6.21-RC6
  Linux kernel 2.6.21-RC5
  Linux kernel 2.6.21-RC4
  Linux kernel 2.6.21-RC3
  Linux kernel 2.6.21-RC3
  Linux kernel 2.6.20.3
  Linux kernel 2.6.20.2
  Linux kernel 2.6.20.13
  Linux kernel 2.6.20.11
  Linux kernel 2.6.20.1
  Linux kernel 2.6.20-rc2
  Linux kernel 2.6.20-2
  Linux kernel 2.6.19 -rc6
  Linux kernel 2.6.18-8.1.8.el5
  Linux kernel 2.6.18-53
  Linux kernel 2.6.18
  Linux kernel 2.6.15.5
  Linux kernel 2.6.15.11
  Linux kernel 2.6.15-27.48
  Linux kernel 2.6.11.4
  厂商解决方案
  用户可参考如下安全公告获得补丁信息：
  http://permalink.gmane.org/gmane.comp.security.oss.general/2283