高危 Linux kernel本地提权漏洞CVE-2019-13272

CVE编号

CVE-2019-13272

利用情况

EXP 已公开

补丁情况

官方补丁

披露时间

2019-07-18

漏洞描述

Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。Linux kernel 5.1.17之前版本中存在安全漏洞，该漏洞源于kernel/ptrace.c文件的ptrace_link没有正确处理对凭证的记录，攻击者利用该漏洞可以将普通用户权限提权为root权限。 该漏洞利用难度较低，受影响的详细系统版本如下： Ubuntu 16.04.5 kernel 4.15.0-29-generic Ubuntu 18.04.1 kernel 4.15.0-20-generic Ubuntu 19.04 kernel 5.0.0-15-generic Ubuntu Mate 18.04.2 kernel 4.18.0-15-generic Linux Mint 19 kernel 4.15.0-20-generic Xubuntu 16.04.4 kernel 4.13.0-36-generic ElementaryOS 0.4.1 4.8.0-52-generic Backbox 6 kernel 4.18.0-21-generic Parrot OS 4.5.1 kernel 4.19.0-parrot1-13t-amd64 Kali kernel 4.19.0-kali5-amd64 Redcore 1806 (LXQT) kernel 4.16.16-redcore MX 18.3 kernel 4.19.37-2~mx17+1 RHEL 8.0 kernel 4.18.0-80.el8.x86_64 Debian 9.4.0 kernel 4.9.0-6-amd64 Debian 10.0.0 kernel 4.19.0-5-amd64 Devuan 2.0.0 kernel 4.9.0-6-amd64 SparkyLinux 5.8 kernel 4.19.0-5-amd64 Fedora Workstation 30 kernel 5.0.9-301.fc30.x86_64 Manjaro 18.0.3 kernel 4.19.23-1-MANJARO Mageia 6 kernel 4.9.35-desktop-1.mga6 Antergos 18.7 kernel 4.17.6-1-ARCH

解决建议

目前官方已经发布了漏洞修复补丁，请为受影响的系统打上漏洞补丁： https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee

参考链接
http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permi...
http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slack...
http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice...
http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE...
http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html
http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME...
https://access.redhat.com/errata/RHSA-2019:2405
https://access.redhat.com/errata/RHSA-2019:2411
https://access.redhat.com/errata/RHSA-2019:2809
https://bugs.chromium.org/p/project-zero/issues/detail?id=1903
https://bugzilla.redhat.com/show_bug.cgi?id=1730895
https://bugzilla.suse.com/show_bug.cgi?id=1140671
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=69...
https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee
https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html
https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://seclists.org/bugtraq/2019/Jul/30
https://seclists.org/bugtraq/2019/Jul/33
https://security.netapp.com/advisory/ntap-20190806-0001/
https://support.f5.com/csp/article/K91025336
https://support.f5.com/csp/article/K91025336?utm_source=f5support&amp%3Butm_m...
https://support.f5.com/csp/article/K91025336?utm_source=f5support&utm_medium=RSS
https://usn.ubuntu.com/4093-1/
https://usn.ubuntu.com/4094-1/
https://usn.ubuntu.com/4095-1/
https://usn.ubuntu.com/4117-1/
https://usn.ubuntu.com/4118-1/
https://www.debian.org/security/2019/dsa-4484

受影响软件情况

#	类型	厂商	产品	版本	影响面
1
	运行在以下环境
	系统	alibaba_cloud_linux_2.1903	kernel	*		Up to (excluding) 4.19.57-15.al7
	运行在以下环境
	系统	amazon_2	kernel	*		Up to (excluding) 4.14.133-113.105.amzn2
	运行在以下环境
	系统	amazon_AMI	kernel	*		Up to (excluding) 4.14.133-88.105.amzn1
	运行在以下环境
	系统	centos_8	kernel	*		Up to (excluding) 4.18.0-80.7.2.el8_0
	运行在以下环境
	系统	debian	debian_linux	10.0	-
	运行在以下环境
	系统	debian	debian_linux	8.0	-
	运行在以下环境
	系统	debian	debian_linux	9.0	-
	运行在以下环境
	系统	debian_10	linux	*		Up to (excluding) 4.19.37-5+deb10u1
	运行在以下环境
	系统	debian_11	linux	*		Up to (excluding) 4.19.37-6
	运行在以下环境
	系统	debian_12	linux	*		Up to (excluding) 4.19.37-6
	运行在以下环境
	系统	debian_8	linux	*		Up to (excluding) 3.16.57-1
	运行在以下环境
	系统	debian_9	linux	*		Up to (excluding) 4.9.168-1+deb9u4
	运行在以下环境
	系统	debian_sid	linux	*		Up to (excluding) 4.19.37-6
	运行在以下环境
	系统	fedoraproject	fedora	29	-
	运行在以下环境
	系统	fedora_29	kernel	*		Up to (excluding) 5.1.18-200.fc29
	运行在以下环境
	系统	linux	linux_kernel	*		Up to (excluding) 5.1.17
	运行在以下环境
	系统	oracle_7	kernel	*		Up to (excluding) 4.14.35-1902.4.8.el7uek
	运行在以下环境
	系统	oracle_8	kernel	*		Up to (excluding) 4.18.0-80.7.2.el8_0
	运行在以下环境
	系统	redhat_8	kernel	*		Up to (excluding) 4.18.0-80.7.2.el8_0
	运行在以下环境
	系统	suse_12	kernel-default	*		Up to (excluding) 4.4.180-94.107
	运行在以下环境
	系统	ubuntu_16.04	linux	*		Up to (excluding) 4.15.0-1040.42~16.04.1
	运行在以下环境
	系统	ubuntu_16.04.7_lts	linux	*		Up to (excluding) 4.4.0-159.187
	运行在以下环境
	系统	ubuntu_18.04	linux	*		Up to (excluding) 4.15.0-1040.42
	运行在以下环境
	系统	ubuntu_18.04.5_lts	linux	*		Up to (excluding) 4.15.0-58.64

阿里云评分 8.1

• 攻击路径 本地
• 攻击复杂度 容易
• 权限要求 普通权限
• 影响范围 全局影响
• EXP成熟度 EXP 已公开
• 补丁情况 官方补丁
• 数据保密性 无影响
• 数据完整性 无影响
• 服务器危害 服务器失陷
• 全网数量 100000+

CWE-ID	漏洞类型
CWE-269	特权管理不恰当

Exp相关链接

• https://github.com/bigbigliang-malwarebenchmark/cve-2019-13272
• https://github.com/Cyc1eC/CVE-2019-13272
• https://github.com/Huandtx/CVE-2019-13272
• https://github.com/jas502n/CVE-2019-13272
• https://github.com/oneoy/CVE-2019-13272
• https://github.com/polosec/CVE-2019-13272
• https://github.com/RashmikaEkanayake/Privilege-Escalation-CVE-2019-13272-
• https://github.com/sumedhaDharmasena/-Kernel-ptrace-c-mishandles-vulnerability-CVE-2019-13272
• https://github.com/teddy47/CVE-2019-13272---Documentation
• https://github.com/Tharana/Exploiting-a-Linux-kernel-vulnerability
• https://github.com/Tharana/vulnerability-exploitation
• https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/local/ptrace_traceme_pkexec_helper.rb
• https://www.exploit-db.com/exploits/47133
• https://www.exploit-db.com/exploits/47163
• https://www.exploit-db.com/exploits/47543
• https://www.exploit-db.com/exploits/50541

- avd.aliyun.com