Linux kernel IPC对象实现竞争条件漏洞

admin

0
文章

0
评论

2023-12-05 22:58:01 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

中危 Linux kernel IPC对象实现竞争条件漏洞

CVE编号

CVE-2015-7613

利用情况

暂无

补丁情况

官方补丁

披露时间

2015-10-19

漏洞描述

Linux kernel是美国Linux基金会发布的操作系统Linux所使用的内核。 Linux kernel 4.2.3及之前版本的IPC对象实现过程中存在竞争条件漏洞。由于‘ipc_addid’函数将初始化不完全的对象（uid/gid未初始化）添加到共享对象列表中。本地攻击者可利用该漏洞获取权限。

解决建议

目前厂商已经发布了升级补丁以修复此安全问题，详情请关注厂商主页：https://www.kernel.org/

参考链接
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a...
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00030.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00032.html
http://rhn.redhat.com/errata/RHSA-2015-2636.html
http://www.debian.org/security/2015/dsa-3372
http://www.openwall.com/lists/oss-security/2015/10/01/8
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/76977
http://www.securitytracker.com/id/1034094
http://www.securitytracker.com/id/1034592
http://www.ubuntu.com/usn/USN-2761-1
http://www.ubuntu.com/usn/USN-2762-1
http://www.ubuntu.com/usn/USN-2763-1
http://www.ubuntu.com/usn/USN-2764-1
http://www.ubuntu.com/usn/USN-2765-1
http://www.ubuntu.com/usn/USN-2792-1
https://bugzilla.redhat.com/show_bug.cgi?id=1268270
https://github.com/torvalds/linux/commit/b9a532277938798b53178d5a66af6e2915cb27cf
https://kc.mcafee.com/corporate/index?page=content&id=SB10146

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	系统	debian	DPKG	*		Up to (excluding) 4.2.3-1
	运行在以下环境
	系统	linux	linux_kernel	*		Up to (including) 4.2.3
	运行在以下环境
	系统	redhat_6	kernel	*		Up to (excluding) 0:2.6.32-573.12.1.el6
	运行在以下环境
	系统	redhat_7	kernel-rt	*		Up to (excluding) 0:3.10.0-327.rt56.204.el7
	运行在以下环境
	系统	suse_12	kernel-default-extra	*		Up to (excluding) 3.12.49-11
	运行在以下环境
	系统	ubuntu_12.04.5_lts	linux	*		Up to (excluding) 3.2.0-93.133
	运行在以下环境
	系统	ubuntu_14.04.6_lts	linux	*		Up to (excluding) 3.13.0-65.106
	运行在以下环境
	系统	ubuntu_16.04.7_lts	linux	*		Up to (excluding) 4.2.0-16.19