Linux kernel integer overflow vulnerability LinuxKernel2.4NFSv3XDR processor routine remote denial of service vulnerability in 2003, published on 29 July, affecting all LinuxKernel2.4.21 Linux kernel version.
The vulnerability exists in the XDR processor routines, related kernel source file as nfs3xdr.c. the vulnerability is caused due to a plastic vulnerability (positive/negative number mismatch). An attacker could construct a special XDR header (by setting the variable intsize as a negative number) is sent to a Linux system to trigger this vulnerability. When Linux system NFSv3XDR handler receives the special structure of the package, the program detects statement incorrectly determine the size of the package, which copies in the kernel, resulting in huge memory kernel data was damaged, causing the collapse of a Linux system. Vulnerable code: staticinlineu32 * decode_fh (u32 * p, structsvc_fh * hp) {intsize; fh_init(fhp,NFS3_FHSIZE); size=ntohl(*p++); if(size>NFS3_FSIZE) returnNULL; memcpy(&fhp->fh_handle.fh_base,p,size);fhp->fh_handle.fh_size=size; returnp+XDR_QUADLEN(size); } Because this memory copies in kernel memory regions, will destroy the data in the kernel kernel crash, this vulnerability has not confirmed that can be used to remotely access permissions, and exploit this vulnerability, an attacker must be able to mount the directory on the system, exploiting this vulnerability increases the difficulty. Our aim with this vulnerability characteristics to look for this type of vulnerability and patch it. We can see that the flaw is a very typical integer overflow vulnerability in the kernel, if there is such a flaw is very dangerous. So the Linux kernel developers on the Linux kernel on the data size of variables for processing (using the unsignedint) so that you avoid the recurrence of such typical integer overflow. Through this special typical vulnerability analysis principles, developers can later develop avoid this vulnerability. IP address spoofing vulnerability due to tcp/ip class itself, resulting in many operating system TCP/IP stack vulnerability exists, so that the attacker ip address spoofing is very easy to implement. Linux is no exception. Although the IP address spoofing on Linux server itself is very serious, but for many uses Linux as the operating system's firewall and IDS product, this vulnerability is fatal. IP address spoofing is the foundation of many attacks, use this method, because of the shortcomings of IP itself. IP protocol based on the IP header of the destination address to send IP packets. If the destination address is the address of the local network, the IP packet is sent directly to the destination. If the destination address is not on the local network, the IP packet is sent to the gateway, the gateway to decide where to send it. This is the IP route IP packets. IP route IP packets on the IP header with the IP source address without any checks that the IP header of the IP source address for sending the package to the IP address of the machine. When it receives a package of purpose hosts to communicate with the source host, it to the received IP packets in IP header IP source address for sending IP packets to the destination address, and the source host data communication. IP of the data communication method although very simple and efficient, but it also is the IP of a security risk, many network security incidents are the shortcomings of IP. Hacker or intruder sent using spoofed IP addresses resulting false data grouping, posing as from internal station group filter, this type of attack is extremely dangerous. On the Group really is internal or external to the Group wrapped up looks like internal grouping of various signs are demoralized. As long as the system send the address found in their scope, the group treated by internal communication and let it pass.
No comments:
Post a Comment