安全研究

安全漏洞
Linux Kernel md驱动本地拒绝服务漏洞

发布日期:2009-08-18
更新日期:2009-08-19

受影响系统:
Linux kernel 2.6.x
不受影响系统:
Linux kernel 2.6.30.2
描述:
CVE(CAN) ID: CVE-2009-2849

Linux Kernel是开放源码操作系统Linux所使用的内核。

Linux Kernel的md驱动(drivers/md/md.c)中存在拒绝服务漏洞,本地用户可以通过suspend_* sysfs属性和suspend_lo_store或suspend_hi_store函数触发空指针引用。只有在sysfs可写的情况下才可以利用这个漏洞。以下是有漏洞的代码段:

static ssize_t
suspend_lo_store(mddev_t *mddev, const char *buf, size_t len)
{
        char *e;
        unsigned long long new = simple_strtoull(buf, &e, 10);

        if (mddev->pers->quiesce == NULL)
                return -EINVAL;
        if (buf == e || (*e && *e != '\n'))
                return -EINVAL;
        if (new >= mddev->suspend_hi ||
            (new > mddev->suspend_lo && new < mddev->suspend_hi)) {
                mddev->suspend_lo = new;
                mddev->pers->quiesce(mddev, 2);
                return len;
        } else
                return -EINVAL;
}
static struct md_sysfs_entry md_suspend_lo =
__ATTR(suspend_lo, S_IRUGO|S_IWUSR, suspend_lo_show, suspend_lo_store);

<*来源:Marcus Meissner (meissner@suse.de
  
  链接:http://www.openwall.com/lists/oss-security/2009/07/24/1
        http://xorl.wordpress.com/2009/07/21/linux-kernel-md-driver-null-pointer-dereference/
        https://www.redhat.com/support/errata/RHSA-2009-1540.html
        http://www.debian.org/security/2009/dsa-1928
*>

建议:
厂商补丁:

Debian
------
Debian已经为此发布了一个安全公告(DSA-1928-1)以及相应补丁:
DSA-1928-1:New Linux 2.6.24 packages fix several vulnerabilities
链接:http://www.debian.org/security/2009/dsa-1928

补丁下载:
Source archives:

http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.9etch1.dsc
Size/MD5 checksum:     5118 11c39e0f0505c5a71453ba177ec2f780
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.9etch1.diff.gz
Size/MD5 checksum:  4062851 38835b393eaf53915dbee39ef0ef0bce
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz
Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af

Architecture independent packages:

http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.9etch1_all.deb
Size/MD5 checksum:  4262022 bb1c503dcb847b700814d433cdddb1f9
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.9etch1_all.deb
Size/MD5 checksum:    83302 2a8576eb3003b7ba1ead19ad7ef6ce0c
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.9etch1_all.deb
Size/MD5 checksum:  1548296 3e044fb0d0bb8614f787f78fee86ce04
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.9etch1_all.deb
Size/MD5 checksum: 46864328 20c0417498421842a7175074aea06a0f
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.9etch1_all.deb
Size/MD5 checksum:    97672 b1aa55ab4464293f5dac5b38e05948bb
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.9etch1_all.deb
Size/MD5 checksum:   964124 a40463a66e93920bdd639d2c70d870cb

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-alpha_2.6.24-6~etchnhalf.9etch1_alpha.deb
Size/MD5 checksum:    82894 819512914da24a2d82d471a17a6126ea
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.9etch1_alpha.deb
Size/MD5 checksum:   332670 c249c0b58448936c450c26b1340994d0
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.9etch1_alpha.deb
Size/MD5 checksum: 26758158 1a5497e6cd4f62b36f4cfdae9a606e24
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.9etch1_alpha.deb
Size/MD5 checksum: 26737882 fc949e1dbc0d0c6c7688148babdfd5d1
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch1_alpha.deb
Size/MD5 checksum:  3454880 83a5e26b99def049eec7571242778961
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.9etch1_alpha.deb
Size/MD5 checksum:   332158 8f3a3adf61a6e150763a383d4b566db2
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.9etch1_alpha.deb
Size/MD5 checksum:   330952 0ec11881ba63842e135d3752a765177d
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch1_alpha.deb
Size/MD5 checksum:    82868 b5396790365bab5a2d032d1b3bece1ed
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.9etch1_alpha.deb
Size/MD5 checksum: 27341634 d11f40ed34af0197de7f61ef07d30abb

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.9etch1_amd64.deb
Size/MD5 checksum:   354620 0decd6646f19383f6958e5d90b92e87b
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch1_amd64.deb
Size/MD5 checksum:    82864 2869e673de24c9741042e2bb37f84d58
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch1_amd64.deb
Size/MD5 checksum:  3650612 1b0f205b955558d402611693f783c495
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.9etch1_amd64.deb
Size/MD5 checksum: 19598112 ed3b7a91d93a116a4b175d173ad0f078
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-amd64_2.6.24-6~etchnhalf.9etch1_amd64.deb
Size/MD5 checksum:    82872 c560fbca727844a090f88f9d6569ed0b

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch1_hppa.deb
Size/MD5 checksum:    82992 1604c10382bd677723af0a811fdb466f
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.9etch1_hppa.deb
Size/MD5 checksum:   258316 90502abd75a09ceed13a5efd22e996c5
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch1_hppa.deb
Size/MD5 checksum:  3445284 32e69244553a870750d771254d1c95bd
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.9etch1_hppa.deb
Size/MD5 checksum:   258996 fc63f1ef7e55c899b9ef2d736bc5e648
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.9etch1_hppa.deb
Size/MD5 checksum:   260542 97df4eda2fbd582dd6951bb1b7f31e85
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.9etch1_hppa.deb
Size/MD5 checksum: 14830274 fb45fe9d1b77d908d5adbb353b211994
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.9etch1_hppa.deb
Size/MD5 checksum:   261064 f5d2cbb6216c1ffebbd73153a75e75a5
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-hppa_2.6.24-6~etchnhalf.9etch1_hppa.deb
Size/MD5 checksum:    83020 103285de6aad099908a2fedbbca24069
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.9etch1_hppa.deb
Size/MD5 checksum: 13847626 3c429ea0e61a446b3e7b13b943eafcb5
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.9etch1_hppa.deb
Size/MD5 checksum: 14374844 760d7850faff110d14494c86095aa45c
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.9etch1_hppa.deb
Size/MD5 checksum: 13335298 2b476692a155f3f735f3af76f7170cd8

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.9etch1_i386.deb
Size/MD5 checksum:   358770 0778828f3b2061e293f3aabc0aa78315
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.9etch1_i386.deb
Size/MD5 checksum:   358342 3c8b34971bd6f2b69854328888aa4349
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.9etch1_i386.deb
Size/MD5 checksum: 19146708 1818f00a12bc38f393e6d84f71afae73
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-i386_2.6.24-6~etchnhalf.9etch


补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

Linux
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.30.y.git;a=commit;h=3c92900d9a4afb176d3de335dc0da0198660a244

RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2009:1540-01)以及相应补丁:
RHSA-2009:1540-01:Important: kernel-rt security, bug fix, and enhancement update
链接:https://www.redhat.com/support/errata/RHSA-2009-1540.html

浏览次数:2882
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客