Lucene search

K
seebugRootSSV:12588
HistoryNov 07, 2009 - 12:00 a.m.

Linux Kernel 'nfs4_proc_lock()'本地拒绝服务漏洞

2009-11-0700:00:00
Root
www.seebug.org
20

0.003 Low

EPSS

Percentile

69.6%

Bugraq ID: 36936
CVE ID:CVE-2009-3726

Linux是一款开放源代码的操作性系统。
Linux Kernel 'nfs4_proc_lock()'函数对Null值检查缺少充分检查,本地攻击者可以利用漏洞对系统进行拒绝服务攻击。
Null指针引用触发发生在_nfs4_proc_setlk函数的起始部分:
static int _nfs4_proc_setlk(struct nfs4_state *state, int cmd, struct
file_lock *request)
{
struct nfs_client *clp = state->owner->so_client;

尝试引用state->owner时可触发Oops,根据反汇编显示’state’已经为Null值:
fbf: ab stos %eax,%es:(%rdi)
fc0: ab stos %eax,%es:(%rdi)
fc1: ab stos %eax,%es:(%rdi)
fc2: 49 8b 45 30 mov 0x30(%r13),%rax <== oops
here
fc6: 4c 89 e6 mov %r12,%rsi
fc9: 4c 89 ef mov %r13,%rdi
这意味着nfs4_proc_lock对变量’state’缺少充分检查,提交Null值给nfs4_proc_setlk时可导致触发Oops。

Linux kernel 2.6.31 -rc3

  • Trustix Secure Enterprise Linux 2.0
  • Trustix Secure Linux 2.2
  • Trustix Secure Linux 2.1
  • Trustix Secure Linux 2.0
    Linux kernel 2.6.31 -rc1
    Linux kernel 2.6.31
    Linux kernel 2.6.30 rc6
    Linux kernel 2.6.30 1
    Linux kernel 2.6.30 -rc5
    Linux kernel 2.6.30 -rc3
    Linux kernel 2.6.30 -rc2
    Linux kernel 2.6.30 -rc1
    Linux kernel 2.6.30
    Linux kernel 2.6.29 4
    Linux kernel 2.6.29 1
    Linux kernel 2.6.29 -git8
    Linux kernel 2.6.29 -git14
    Linux kernel 2.6.29 -git1
    Linux kernel 2.6.29
    Linux kernel 2.6.28 9
    Linux kernel 2.6.28 8
    Linux kernel 2.6.28 6
    Linux kernel 2.6.28 5
    Linux kernel 2.6.28 3
    Linux kernel 2.6.28 2
    Linux kernel 2.6.28 1
    Linux kernel 2.6.28 -rc7
    Linux kernel 2.6.28 -rc5
    Linux kernel 2.6.28 -rc1
    Linux kernel 2.6.28 -git7
    Linux kernel 2.6.28
    Linux kernel 2.6.27 6
    Linux kernel 2.6.27 3
    Linux kernel 2.6.27 24
    Linux kernel 2.6.27 14
    Linux kernel 2.6.27 13
    Linux kernel 2.6.27 12
    Linux kernel 2.6.27 12
    Linux kernel 2.6.27 .8
    Linux kernel 2.6.27 .5
    Linux kernel 2.6.27 .5
    Linux kernel 2.6.27 -rc8-git5
    Linux kernel 2.6.27 -rc8
    Linux kernel 2.6.27 -rc6-git6
    Linux kernel 2.6.27 -rc6
    Linux kernel 2.6.27 -rc5
    Linux kernel 2.6.27 -rc2
    Linux kernel 2.6.27 -rc1
    Linux kernel 2.6.27
    Linux kernel 2.6.26 7
    Linux kernel 2.6.26 4
    Linux kernel 2.6.26 3
    Linux kernel 2.6.26 .6
    Linux kernel 2.6.26 -rc6
    Linux kernel 2.6.26
    Linux kernel 2.6.25 19
    Linux kernel 2.6.25 .9
    Linux kernel 2.6.25 .8
    Linux kernel 2.6.25 .7
    Linux kernel 2.6.25 .6
    Linux kernel 2.6.25 .5
    Linux kernel 2.6.25 .15
    Linux kernel 2.6.25 .13
    Linux kernel 2.6.25 .12
    Linux kernel 2.6.25 .11
    Linux kernel 2.6.25 .10
    Linux kernel 2.6.25
    Linux kernel 2.6.25
    Linux kernel 2.6.24 .2
    Linux kernel 2.6.24 .1
    Linux kernel 2.6.24 -rc5
    Linux kernel 2.6.24 -rc4
    Linux kernel 2.6.24 -rc3
    Linux kernel 2.6.24 -git13
    Linux kernel 2.6.24
    Linux kernel 2.6.23 .7
    Linux kernel 2.6.23 .6
    Linux kernel 2.6.23 .5
    Linux kernel 2.6.23 .4
    Linux kernel 2.6.23 .3
    Linux kernel 2.6.23 .2
    Linux kernel 2.6.23 -rc2
    Linux kernel 2.6.23 -rc1
    Linux kernel 2.6.23
    Linux kernel 2.6.22 7
    Linux kernel 2.6.22 1
    Linux kernel 2.6.22 .8
    Linux kernel 2.6.22 .6
    Linux kernel 2.6.22 .5
    Linux kernel 2.6.22 .4
    Linux kernel 2.6.22 .3
    Linux kernel 2.6.22 .17
    Linux kernel 2.6.22 .16
    Linux kernel 2.6.22 .15
    Linux kernel 2.6.22 .14
    Linux kernel 2.6.22 .13
    Linux kernel 2.6.22 .12
    Linux kernel 2.6.22 .11
    Linux kernel 2.6.22
    Linux kernel 2.6.22
    Linux kernel 2.6.21 4
    Linux kernel 2.6.21 .7
    Linux kernel 2.6.21 .6
    Linux kernel 2.6.21 .2
    Linux kernel 2.6.21 .1
    Linux kernel 2.6.21
    Linux kernel 2.6.21
    Linux kernel 2.6.21
    Linux kernel 2.6.20 .9
    Linux kernel 2.6.20 .8
    Linux kernel 2.6.20 .5
    Linux kernel 2.6.20 .4
    Linux kernel 2.6.20 .15
    Linux kernel 2.6.20 -git5
    Linux kernel 2.6.20
  • Trustix Secure Enterprise Linux 2.0
  • Trustix Secure Linux 2.2
  • Trustix Secure Linux 2.1
  • Trustix Secure Linux 2.0
    Linux kernel 2.6.20
    Linux kernel 2.6.19 1
    Linux kernel 2.6.19 .2
    Linux kernel 2.6.19 .1
    Linux kernel 2.6.19 -rc4
    Linux kernel 2.6.19 -rc3
  • Trustix Secure Enterprise Linux 2.0
  • Trustix Secure Linux 2.2
  • Trustix Secure Linux 2.1
  • Trustix Secure Linux 2.0
    Linux kernel 2.6.19 -rc2
  • Trustix Secure Enterprise Linux 2.0
  • Trustix Secure Linux 2.2
  • Trustix Secure Linux 2.1
  • Trustix Secure Linux 2.0
    Linux kernel 2.6.19 -rc1
    Linux kernel 2.6.19
  • Trustix Secure Enterprise Linux 2.0
  • Trustix Secure Linux 2.2
  • Trustix Secure Linux 2.1
  • Trustix Secure Linux 2.0
    Linux kernel 2.6.18 .4
    Linux kernel 2.6.18 .3
    Linux kernel 2.6.18 .1
    Linux kernel 2.6.18
    Linux kernel 2.6.17 .8
    Linux kernel 2.6.17 .7
    Linux kernel 2.6.17 .6
    Linux kernel 2.6.17 .5
    Linux kernel 2.6.17 .3
    Linux kernel 2.6.17 .2
    Linux kernel 2.6.17 .14
    Linux kernel 2.6.17 .13
    Linux kernel 2.6.17 .12
    Linux kernel 2.6.17 .11
    Linux kernel 2.6.17 .10
    Linux kernel 2.6.17 .1
    Linux kernel 2.6.17 -rc5
    Linux kernel 2.6.17
    Linux kernel 2.6.17
    Linux kernel 2.6.17
    Linux kernel 2.6.17
    Linux kernel 2.6.17
    Linux kernel 2.6.17
    Linux kernel 2.6.16 27
    Linux kernel 2.6.16 13
    Linux kernel 2.6.16 .9
    Linux kernel 2.6.16 .7
    Linux kernel 2.6.16 .23
    Linux kernel 2.6.16 .19
    Linux kernel 2.6.16 .12
    Linux kernel 2.6.16 .11
    Linux kernel 2.6.16 .1
    Linux kernel 2.6.16 -rc1
    Linux kernel 2.6.16
    Linux kernel 2.6.16
    Linux kernel 2.6.16
    Linux kernel 2.6.16
    Linux kernel 2.6.16
    Linux kernel 2.6.16
    Linux kernel 2.6.16
    Linux kernel 2.6.16
    Linux kernel 2.6.16
    Linux kernel 2.6.16
    Linux kernel 2.6.16
    Linux kernel 2.6.15 .4
    Linux kernel 2.6.15 .3
    Linux kernel 2.6.15 .2
    Linux kernel 2.6.15 .1
    Linux kernel 2.6.15 -rc3
    Linux kernel 2.6.15 -rc2
    Linux kernel 2.6.15 -rc1
    Linux kernel 2.6.15
    Linux kernel 2.6.15
    Linux kernel 2.6.15
    Linux kernel 2.6.15
    Linux kernel 2.6.15
    Linux kernel 2.6.15
  • Trustix Secure Enterprise Linux 2.0
  • Trustix Secure Linux 2.2
  • Trustix Secure Linux 2.1
  • Trustix Secure Linux 2.0
    Linux kernel 2.6.14 .5
    Linux kernel 2.6.14 .4
    Linux kernel 2.6.14 .3
    Linux kernel 2.6.14 .2
    Linux kernel 2.6.14 .1
    Linux kernel 2.6.14 -rc4
    Linux kernel 2.6.14 -rc3
    Linux kernel 2.6.14 -rc2
    Linux kernel 2.6.14 -rc1
    Linux kernel 2.6.14
    Linux kernel 2.6.14
    Linux kernel 2.6.13 .4
    Linux kernel 2.6.13 .3
    Linux kernel 2.6.13 .2
    Linux kernel 2.6.13 .1
    Linux kernel 2.6.13 -rc7
    Linux kernel 2.6.13 -rc6
    Linux kernel 2.6.13 -rc4
    Linux kernel 2.6.13 -rc1
    Linux kernel 2.6.13
    Linux kernel 2.6.13
  • Trustix Secure Enterprise Linux 2.0
  • Trustix Secure Linux 2.2
  • Trustix Secure Linux 2.1
  • Trustix Secure Linux 2.0
    Linux kernel 2.6.12 .6
    Linux kernel 2.6.12 .5
    Linux kernel 2.6.12 .4
    Linux kernel 2.6.12 .3
    Linux kernel 2.6.12 .22
    Linux kernel 2.6.12 .2
    Linux kernel 2.6.12 .12
    Linux kernel 2.6.12 .1
    Linux kernel 2.6.12 -rc5
    Linux kernel 2.6.12 -rc4
    Linux kernel 2.6.12 -rc1
    Linux kernel 2.6.12
    Linux kernel 2.6.12
    Linux kernel 2.6.11 .8
    Linux kernel 2.6.11 .7
    Linux kernel 2.6.11 .6
    Linux kernel 2.6.11 .5
    Linux kernel 2.6.11 .4
    Linux kernel 2.6.11 .12
    Linux kernel 2.6.11 .11
    Linux kernel 2.6.11 -rc4
    Linux kernel 2.6.11 -rc3
    Linux kernel 2.6.11 -rc2
    Linux kernel 2.6.11
    Linux kernel 2.6.11
    Linux kernel 2.6.10 rc2
    Linux kernel 2.6.10
    Linux kernel 2.6.10
    Linux kernel 2.6.3
    Linux kernel 2.6.2
    Linux kernel 2.6.1 -rc2
    Linux kernel 2.6.1 -rc1
    Linux kernel 2.6.1
    Linux kernel 2.6 .10
    Linux kernel 2.6 -test9-CVS
    Linux kernel 2.6 -test9
    Linux kernel 2.6 -test8
    Linux kernel 2.6 -test7
    Linux kernel 2.6 -test6
    Linux kernel 2.6 -test5
    Linux kernel 2.6 -test4
    Linux kernel 2.6 -test3
    Linux kernel 2.6 -test2
    Linux kernel 2.6 -test11
    Linux kernel 2.6 -test10
    Linux kernel 2.6 -test1
    Linux kernel 2.6
    Linux kernel 2.6.31-rc2
    Linux kernel 2.6.31-git11
  • Trustix Secure Enterprise Linux 2.0
  • Trustix Secure Linux 2.2
  • Trustix Secure Linux 2.1
  • Trustix Secure Linux 2.0
    Linux kernel 2.6.30.5
    Linux kernel 2.6.30.4
    Linux kernel 2.6.30.3
    Linux kernel 2.6.29-rc2-git1
    Linux kernel 2.6.29-rc2
    Linux kernel 2.6.29-rc1
    Linux kernel 2.6.28.4
    Linux kernel 2.6.26.1
    Linux kernel 2.6.26-rc5-git1
    Linux kernel 2.6.25.4
    Linux kernel 2.6.25.3
    Linux kernel 2.6.25.2
    Linux kernel 2.6.25.1
    Linux kernel 2.6.25-rc1
    Linux kernel 2.6.24.6
    Linux kernel 2.6.24-rc2
    Linux kernel 2.6.24-rc1
    Linux kernel 2.6.23.14
    Linux kernel 2.6.23.10
    Linux kernel 2.6.23.1
    Linux kernel 2.6.23.09
    Linux kernel 2.6.22-rc7
    Linux kernel 2.6.22-rc1
    Linux kernel 2.6.21-RC6
    Linux kernel 2.6.21-RC5
    Linux kernel 2.6.21-RC4
    Linux kernel 2.6.21-RC3
    Linux kernel 2.6.21-RC3
    Linux kernel 2.6.20.3
    Linux kernel 2.6.20.2
    Linux kernel 2.6.20.13
    Linux kernel 2.6.20.11
    Linux kernel 2.6.20.1
    Linux kernel 2.6.20-rc2
    Linux kernel 2.6.20-2
    Linux kernel 2.6.19 -rc6
    Linux kernel 2.6.18-8.1.8.el5
    Linux kernel 2.6.18-53
    Linux kernel 2.6.18
    Linux kernel 2.6.15.5
    Linux kernel 2.6.15.11
    Linux kernel 2.6.15-27.48
    Linux kernel 2.6.11.4
    厂商解决方案
    用户可参考如下安全公告获得补丁信息:
    http://permalink.gmane.org/gmane.comp.security.oss.general/2283

                                                通过如下步骤可重现此漏洞:
-wget http://www.genoscope.cns.fr/externe/redhat/XMLMissingField
-保存在NFSv4挂接目录上
-执行之