| CVE-2008-1367 |
|
发布时间 :2008-03-17 19:44:00 | ||
| 修订时间 :2011-03-07 22:06:59 | ||||
| NMCOPS |
[原文]gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.
[CNNVD]Linux Kernel Direction Flag本地内存崩溃漏洞(CNNVD-200803-258)
gcc 在编辑用于如memcpy 和 memmove on x86 以及 i386那样的字符串处理函数时,不会产生一个cld指令,这会阻止direction flag (DF)违背ABI惯例时重新启动并造成在Linux内核程序处理信号的时候把数据拷贝在错误的方向从而允许依靠内容的攻击者处罚内存破坏。注意:该漏洞原本被报道成会引起SBCL中的CPU损耗。
–
CVSS (基础分值)
| CVSS分值: | 7.5 | [严重(HIGH)] |
| 机密性影响: | PARTIAL | [很可能造成信息泄露] |
| 完整性影响: | PARTIAL | [可能会导致系统文件被修改] |
| 可用性影响: | PARTIAL | [可能会导致性能下降或中断资源访问] |
| 攻击复杂度: | LOW | [漏洞利用没有访问限制 ] |
| 攻击向量: | NETWORK | [攻击者不需要获取内网访问权或本地访问权] |
| 身份认证: | NONE | [漏洞利用无需身份认证] |
–
CWE (弱点类目)
| CWE-399 | [资源管理错误] |
–
CPE (受影响的平台与产品)
| 产品及版本信息(CPE)暂不可用 |
–
OVAL (用于检测的技术细节)
| oval:org.mitre.oval:def:11108 | gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i… |
| oval:org.mitre.oval:def:21800 | ELSA-2008:0233: kernel security and bug fix update (Important) |
| *OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。 | |
–
官方数据库链接
–
其它链接及资源
| https://bugzilla.redhat.com/show_bug.cgi?id=437312
(UNKNOWN) CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=437312 |
| http://www.vupen.com/english/advisories/2008/2222/references
(UNKNOWN) VUPEN ADV-2008-2222 |
| http://www.securityfocus.com/bid/29084
(UNKNOWN) BID 29084 |
| http://secunia.com/advisories/31246
(UNKNOWN) SECUNIA 31246 |
| http://secunia.com/advisories/30962
(UNKNOWN) SECUNIA 30962 |
| http://secunia.com/advisories/30890
(UNKNOWN) SECUNIA 30890 |
| http://secunia.com/advisories/30850
(UNKNOWN) SECUNIA 30850 |
| http://secunia.com/advisories/30818
(UNKNOWN) SECUNIA 30818 |
| http://secunia.com/advisories/30116
(UNKNOWN) SECUNIA 30116 |
| http://secunia.com/advisories/30110
(UNKNOWN) SECUNIA 30110 |
| http://rhn.redhat.com/errata/RHSA-2008-0508.html
(UNKNOWN) REDHAT RHSA-2008:0508 |
| http://marc.info/?l=git-commits-head&m=120492000901739&w=2
(UNKNOWN) MLIST [git-commits-head] 20080307 x86: clear DF before calling signal handler |
| http://lwn.net/Articles/272048/#Comments
(UNKNOWN) MISC http://lwn.net/Articles/272048/#Comments |
| http://lkml.org/lkml/2008/3/5/207
(UNKNOWN) MLIST [linux-kernel] 20080305 Linux doesn’t follow x86/x86-64 ABI wrt direction flag |
| http://lists.vmware.com/pipermail/security-announce/2008/000023.html
(UNKNOWN) MLIST [Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix |
| http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html
(UNKNOWN) SUSE SUSE-SA:2008:032 |
| http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html
(UNKNOWN) SUSE SUSE-SA:2008:031 |
| http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
(UNKNOWN) SUSE SUSE-SA:2008:030 |
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e40cd10ccff3d9fbffd57b93780bee4b7b9bff51
(UNKNOWN) CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e40cd10ccff3d9fbffd57b93780bee4b7b9bff51 |
| http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00499.html
(UNKNOWN) MLIST [gcc-patches] 20080307 Re: [PATCH, i386]: Emit cld instruction when stringops are used |
| http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00432.html
(UNKNOWN) MLIST [gcc-patches] 20080306 Re: [PATCH, i386]: Emit cld instruction when stringops are used |
| http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00428.html
(UNKNOWN) MLIST [gcc-patches] 20080306 Re: [PATCH, i386]: Emit cld instruction when stringops are used |
| http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00417.html
(UNKNOWN) MLIST [gcc-patches] 20080306 [PATCH, i386]: Emit cld instruction when stringops are used |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058
(UNKNOWN) CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058 |
| http://xforce.iss.net/xforce/xfdb/41340
(UNKNOWN) XF gcc-cld-dos(41340) |
| http://www.redhat.com/support/errata/RHSA-2008-0233.html
(UNKNOWN) REDHAT RHSA-2008:0233 |
| http://www.redhat.com/support/errata/RHSA-2008-0211.html
(UNKNOWN) REDHAT RHSA-2008:0211 |
–
漏洞信息
| Linux Kernel Direction Flag本地内存崩溃漏洞 | |
| 高危 | 资源管理错误 |
| 2008-03-17 00:00:00 | 2008-11-15 00:00:00 |
| 本地 | |
| gcc 在编辑用于如memcpy 和 memmove on x86 以及 i386那样的字符串处理函数时,不会产生一个cld指令,这会阻止direction flag (DF)违背ABI惯例时重新启动并造成在Linux内核程序处理信号的时候把数据拷贝在错误的方向从而允许依靠内容的攻击者处罚内存破坏。注意:该漏洞原本被报道成会引起SBCL中的CPU损耗。 | |
–
公告与补丁
| 目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
http://rhn.redhat.com/errata/RHSA-2008-0233.html |
–
漏洞信息 (F68588)
| VMware Security Advisory 2008-00011 (PacketStormID:F68588) |
2008-07-29 00:00:00 |
| VMware vmware.com |
advisory |
CVE-2007-5001,CVE-2007-6151,CVE-2007-6206,CVE-2008-0007,CVE-2008-1367,CVE-2008-1375,CVE-2008-1669,CVE-2006-4814,CVE-2008-1105 |
[点击下载] |
|
VMware Security Advisory – Updated ESX service console packages for Samba and vmnix have been released to address several security issues. |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2008-00011
Synopsis: Updated ESX service console packages for Samba
and vmnix
Issue date: 2008-07-28
Updated on: 2008-07-28 (initial release of advisory)
CVE numbers: CVE-2007-5001 CVE-2007-6151 CVE-2007-6206
CVE-2008-0007 CVE-2008-1367 CVE-2008-1375
CVE-2008-1669 CVE-2006-4814 CVE-2008-1105
- -------------------------------------------------------------------
1. Summary:
Updated ESX packages address several security issues.
2. Relevant releases:
VMware ESX 3.5 without patches ESX350-200806201-UG (vmnix) and
ESX350-200806218-UG (samba)
3. Problem description:
I Service Console rpm updates
a. Security Update to Service Console Kernel
This fix upgrades service console kernel version to 2.4.21-57.EL.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-5001, CVE-2007-6151, CVE-2007-6206,
CVE-2008-0007, CVE-2008-1367, CVE-2008-1375, CVE-2006-4814, and
CVE-2008-1669 to the security issues fixed in kernel-2.4.21-57.EL.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not applicable
hosted any any not applicable
ESXi 3.5 ESXi not applicable
ESX 3.5 ESX patch ESX350-200806201-UG
ESX 3.0.2 ESX affected, no update planned
ESX 3.0.1 ESX affected, no update planned
ESX 2.5.5 ESX not applicable
ESX 2.5.4 ESX not applicable
b. Samba Security Update
This fix upgrades the service console rpm samba to version
3.0.9-1.3E.15vmw
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-1105 to this issue.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not applicable
hosted any any not applicable
ESXi 3.5 ESXi not applicable
ESX 3.5 ESX patch ESX350-200806218-UG
ESX 3.0.2 ESX affected, patch pending
ESX 3.0.1 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
ESX 2.5.4 ESX affected, patch pending
4. Solution:
Please review the Patch notes for your product and version and verify the
md5sum of your downloaded file.
ESX 3.5 (Samba)
http://download3.vmware.com/software/esx/ESX350-200806218-UG
md5sum: dfad21860ba24a6322b36041c0bc2a07
http://kb.vmware.com/kb/1005931
ESX 3.5 (vmnix)
http://download3.vmware.com/software/esx/ESX350-200806201-UG
md5sum: 2888192905a6763a069914fcd258d329
http://kb.vmware.com/kb/1005894
5. References:
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105
- -------------------------------------------------------------------
6. Change log:
2008-07-28 VMSA-2008-0011 Initial release
- ---------------------------------------------------------------------
7. Contact:
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD4DBQFIjnDeS2KysvBH1xkRCHW/AJdSYUVcCbNcmzKhta11Rr93caV1AJ47JuH6
Q6w8+D+ugeFo6fzlDc+pzQ==
=gr21
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
–
漏洞信息
43548 |
|
| Gnu GCC String Manipulation Compiling Functions Data Copying Memory Corruption | |
Context Dependent |
Input Manipulation |
| Loss of Integrity | Patch / RCS |
| Vendor Verified | |
–
漏洞描述
–
时间线
2008-03-06 |
Unknow |
| Unknow | Unknow |
![[八卦] 王婷婷—揭秘一个大三女生的性爱录像-微慑信息网-VulSee.com](http://free.86hy.com/crack/pic/1.jpg)
![[随笔]今天国际警察节-微慑信息网-VulSee.com](http://photo.sohu.com/20041017/Img222528326.jpg)
青云网
