GNU Bash ‘ls’控制字符命令注入漏洞

漏洞起因
输入验证错误
危险等级

 
影响系统
GNU GNU bash 2.3
GNU GNU bash 2.2
GNU GNU bash 2.1
GNU GNU bash 2.0
GNU GNU bash 1.14
GNU GNU bash 4.1
GNU GNU bash 4.0
GNU GNU bash 3.00.0(2)
 
不受影响系统
 
危害
本地攻击者可以利用漏洞在BASH终端执行任意命令。
 
攻击所需条件
攻击者必须访问GNU Bash。
 
漏洞信息
GNU Bash是一款操作系统使用的SHELL。
GNU Bash "ls"命令不正确过滤部分控制字符,攻击者可能可以利用漏洞在BASH终端执行任意命令。
如果本地语言环境设置为utf-8,/etc/profile.d/60alias.sh会使ls一直"–show-control-chars",构建特殊的utf-8形式的文件名,在显示控制字符的时候可能导致任意命令执行。
 
测试方法
1,1. mkdir $(echo -e ‘couc\x08\x08asd’)
2. ls
显示:
coasd/
执行:
couc??asd/
 
厂商解决方案
用户可参考如下供应商提供的安全补丁:
MandrakeSoft Linux Mandrake 2010.0 x86_64
Mandriva bash-4.0-7.1mdv2010.0.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva bash-doc-4.0-7.1mdv2010.0.x86_64.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Linux Mandrake 2009.1 x86_64
Mandriva bash-3.2.48-3.1mdv2009.1.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva bash-doc-3.2.48-3.1mdv2009.1.x86_64.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Linux Mandrake 2009.0
Mandriva bash-3.2-10.2mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/
Mandriva bash-doc-3.2-10.2mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Enterprise Server 5 x86_64
Mandriva bash-3.2-10.2mdvmes5.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva bash-doc-3.2-10.2mdvmes5.x86_64.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Corporate Server 4.0
Mandriva bash-3.0-6.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/
Mandriva bash-doc-3.0-6.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Linux Mandrake 2009.0 x86_64
Mandriva bash-3.2-10.2mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva bash-doc-3.2-10.2mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Linux Mandrake 2008.0 x86_64
Mandriva bash-3.2-5.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva bash-doc-3.2-5.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Enterprise Server 5
Mandriva bash-3.2-10.2mdvmes5.i586.rpm
http://www.mandriva.com/en/download/
Mandriva bash-doc-3.2-10.2mdvmes5.i586.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Linux Mandrake 2008.0
Mandriva bash-3.2-5.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/
Mandriva bash-doc-3.2-5.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Linux Mandrake 2009.1
Mandriva bash-3.2.48-3.1mdv2009.1.i586.rpm
http://www.mandriva.com/en/download/
Mandriva bash-doc-3.2.48-3.1mdv2009.1.i586.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Linux Mandrake 2010.0
Mandriva bash-4.0-7.1mdv2010.0.i586.rpm
http://www.mandriva.com/en/download/
Mandriva bash-doc-4.0-7.1mdv2010.0.i586.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Multi Network Firewall 2.0
Mandriva bash-2.05b-16.1.C30mdk.i586.rpm
http://www.mandriva.com/en/download/
Mandriva bash-doc-2.05b-16.1.C30mdk.i586.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Corporate Server 4.0 x86_64
Mandriva bash-3.0-6.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva bash-doc-3.0-6.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/
 
漏洞提供者
Eric Piel

发表评论?

0 条评论。

发表评论