微慑信息网

CVE-2008-1367-漏洞详情

CVE-2008-1367
CVSS 7.5
发布时间 :2008-03-17 19:44:00
修订时间 :2011-03-07 22:06:59
NMCOPS

[原文]gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.


[CNNVD]Linux Kernel Direction Flag本地内存崩溃漏洞(CNNVD-200803-258)

gcc 在编辑用于如memcpy 和 memmove on x86 以及 i386那样的字符串处理函数时,不会产生一个cld指令,这会阻止direction flag (DF)违背ABI惯例时重新启动并造成在Linux内核程序处理信号的时候把数据拷贝在错误的方向从而允许依靠内容的攻击者处罚内存破坏。注意:该漏洞原本被报道成会引起SBCL中的CPU损耗。


CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]


CWE (弱点类目)

CWE-399 [资源管理错误]


CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用


OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11108 gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i…
oval:org.mitre.oval:def:21800 ELSA-2008:0233: kernel security and bug fix update (Important)
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。


官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1367
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1367
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200803-258
(官方数据源) CNNVD


其它链接及资源

https://bugzilla.redhat.com/show_bug.cgi?id=437312

(UNKNOWN)  CONFIRM  https://bugzilla.redhat.com/show_bug.cgi?id=437312

http://www.vupen.com/english/advisories/2008/2222/references

(UNKNOWN)  VUPEN  ADV-2008-2222

http://www.securityfocus.com/bid/29084

(UNKNOWN)  BID  29084

http://secunia.com/advisories/31246

(UNKNOWN)  SECUNIA  31246

http://secunia.com/advisories/30962

(UNKNOWN)  SECUNIA  30962

http://secunia.com/advisories/30890

(UNKNOWN)  SECUNIA  30890

http://secunia.com/advisories/30850

(UNKNOWN)  SECUNIA  30850

http://secunia.com/advisories/30818

(UNKNOWN)  SECUNIA  30818

http://secunia.com/advisories/30116

(UNKNOWN)  SECUNIA  30116

http://secunia.com/advisories/30110

(UNKNOWN)  SECUNIA  30110

http://rhn.redhat.com/errata/RHSA-2008-0508.html

(UNKNOWN)  REDHAT  RHSA-2008:0508

http://marc.info/?l=git-commits-head&m=120492000901739&w=2

(UNKNOWN)  MLIST  [git-commits-head] 20080307 x86: clear DF before calling signal handler

http://lwn.net/Articles/272048/#Comments

(UNKNOWN)  MISC  http://lwn.net/Articles/272048/#Comments

http://lkml.org/lkml/2008/3/5/207

(UNKNOWN)  MLIST  [linux-kernel] 20080305 Linux doesn’t follow x86/x86-64 ABI wrt direction flag

http://lists.vmware.com/pipermail/security-announce/2008/000023.html

(UNKNOWN)  MLIST  [Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html

(UNKNOWN)  SUSE  SUSE-SA:2008:032

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html

(UNKNOWN)  SUSE  SUSE-SA:2008:031

http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html

(UNKNOWN)  SUSE  SUSE-SA:2008:030

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e40cd10ccff3d9fbffd57b93780bee4b7b9bff51

(UNKNOWN)  CONFIRM  http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e40cd10ccff3d9fbffd57b93780bee4b7b9bff51

http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00499.html

(UNKNOWN)  MLIST  [gcc-patches] 20080307 Re: [PATCH, i386]: Emit cld instruction when stringops are used

http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00432.html

(UNKNOWN)  MLIST  [gcc-patches] 20080306 Re: [PATCH, i386]: Emit cld instruction when stringops are used

http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00428.html

(UNKNOWN)  MLIST  [gcc-patches] 20080306 Re: [PATCH, i386]: Emit cld instruction when stringops are used

http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00417.html

(UNKNOWN)  MLIST  [gcc-patches] 20080306 [PATCH, i386]: Emit cld instruction when stringops are used

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058

(UNKNOWN)  CONFIRM  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058

http://xforce.iss.net/xforce/xfdb/41340

(UNKNOWN)  XF  gcc-cld-dos(41340)

http://www.redhat.com/support/errata/RHSA-2008-0233.html

(UNKNOWN)  REDHAT  RHSA-2008:0233

http://www.redhat.com/support/errata/RHSA-2008-0211.html

(UNKNOWN)  REDHAT  RHSA-2008:0211


漏洞信息

Linux Kernel Direction Flag本地内存崩溃漏洞
高危 资源管理错误
2008-03-17 00:00:00 2008-11-15 00:00:00
本地
        gcc 在编辑用于如memcpy 和 memmove on x86 以及 i386那样的字符串处理函数时,不会产生一个cld指令,这会阻止direction flag (DF)违背ABI惯例时重新启动并造成在Linux内核程序处理信号的时候把数据拷贝在错误的方向从而允许依靠内容的攻击者处罚内存破坏。注意:该漏洞原本被报道成会引起SBCL中的CPU损耗。


公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

http://rhn.redhat.com/errata/RHSA-2008-0233.html

http://rhn.redhat.com/errata/RHSA-2008-0508.html

http://rhn.redhat.com/errata/RHSA-2008-0211.html


漏洞信息 (F68588)

VMware Security Advisory 2008-00011 (PacketStormID:F68588)

2008-07-29 00:00:00
VMware  vmware.com

advisory

CVE-2007-5001,CVE-2007-6151,CVE-2007-6206,CVE-2008-0007,CVE-2008-1367,CVE-2008-1375,CVE-2008-1669,CVE-2006-4814,CVE-2008-1105

[点击下载]

VMware Security Advisory – Updated ESX service console packages for Samba and vmnix have been released to address several security issues.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2008-00011
Synopsis:          Updated ESX service console packages for Samba
                   and vmnix
Issue date:        2008-07-28
Updated on:        2008-07-28 (initial release of advisory)
CVE numbers:       CVE-2007-5001 CVE-2007-6151 CVE-2007-6206
                   CVE-2008-0007 CVE-2008-1367 CVE-2008-1375
                   CVE-2008-1669 CVE-2006-4814 CVE-2008-1105
- -------------------------------------------------------------------

1. Summary:

   Updated ESX packages address several security issues.

2. Relevant releases:

   VMware ESX 3.5 without patches ESX350-200806201-UG (vmnix) and
   ESX350-200806218-UG (samba)

3. Problem description:

I   Service Console rpm updates

 a.  Security Update to Service Console Kernel

   This fix upgrades service console kernel version to 2.4.21-57.EL.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)
   has assigned the names CVE-2007-5001, CVE-2007-6151, CVE-2007-6206,
   CVE-2008-0007, CVE-2008-1367, CVE-2008-1375, CVE-2006-4814, and
   CVE-2008-1669 to the security issues fixed in kernel-2.4.21-57.EL.

   VMware         Product   Running  Replace with/
   Product        Version   on       Apply Patch
   =============  ========  =======  =================
   VirtualCenter  any       Windows  not applicable

   hosted         any       any      not applicable

   ESXi           3.5       ESXi     not applicable

   ESX            3.5       ESX      patch ESX350-200806201-UG
   ESX            3.0.2     ESX      affected, no update planned
   ESX            3.0.1     ESX      affected, no update planned
   ESX            2.5.5     ESX      not applicable
   ESX            2.5.4     ESX      not applicable

 b.  Samba Security Update

   This fix upgrades the service console rpm samba to version
   3.0.9-1.3E.15vmw

   The Common Vulnerabilities and Exposures project (cve.mitre.org)
   has assigned the name CVE-2008-1105 to this issue.

   VMware         Product   Running  Replace with/
   Product        Version   on       Apply Patch
   =============  ========  =======  =================
   VirtualCenter  any       Windows  not applicable

   hosted         any       any      not applicable

   ESXi           3.5       ESXi     not applicable

   ESX            3.5       ESX      patch ESX350-200806218-UG
   ESX            3.0.2     ESX      affected, patch pending
   ESX            3.0.1     ESX      affected, patch pending
   ESX            2.5.5     ESX      affected, patch pending
   ESX            2.5.4     ESX      affected, patch pending

4. Solution:

Please review the Patch notes for your product and version and verify the
md5sum of your downloaded file.

   ESX 3.5 (Samba)
   http://download3.vmware.com/software/esx/ESX350-200806218-UG
   md5sum: dfad21860ba24a6322b36041c0bc2a07
   http://kb.vmware.com/kb/1005931

   ESX 3.5 (vmnix)
   http://download3.vmware.com/software/esx/ESX350-200806201-UG
   md5sum: 2888192905a6763a069914fcd258d329
   http://kb.vmware.com/kb/1005894

5. References:

  CVE numbers
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5001
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6151
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6206
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0007
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1367
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1669
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4814
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105

- -------------------------------------------------------------------
6. Change log:

2008-07-28  VMSA-2008-0011    Initial release

- ---------------------------------------------------------------------
7. Contact:

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  * security-announce at lists.vmware.com
  * bugtraq at securityfocus.com
  * full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc.  All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD4DBQFIjnDeS2KysvBH1xkRCHW/AJdSYUVcCbNcmzKhta11Rr93caV1AJ47JuH6
Q6w8+D+ugeFo6fzlDc+pzQ==
=gr21
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


漏洞信息


43548
Gnu GCC String Manipulation Compiling Functions Data Copying Memory Corruption

Context Dependent

Input Manipulation
Loss of Integrity Patch / RCS
Vendor Verified


漏洞描述


时间线


2008-03-06

Unknow
Unknow Unknow


解决方案

本文标题:CVE-2008-1367-漏洞详情
本文链接:
(转载请附上本文链接)
http://vulsee.com/archives/vulsee_2020/0905_3362.html
转载请附本站链接,未经允许不得转载,,谢谢:微慑信息网-VulSee.com » CVE-2008-1367-漏洞详情
分享到: 更多 (0)

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

微慑信息网 专注工匠精神

访问我们联系我们