Linux Kernel ‘ebtables’安全绕过漏洞

2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Linux kernel 2.6.20
Linux kernel 2.6.19 1
Linux kernel 2.6.19 .2
Linux kernel 2.6.19 .1
Linux kernel 2.6.19 -rc4
Linux kernel 2.6.19 -rc3
Linux kernel 2.6.19 -rc2
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Linux kernel 2.6.19 -rc1
Linux kernel 2.6.19
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Linux kernel 2.6.18 .4
Linux kernel 2.6.18 .3
Linux kernel 2.6.18 .1
Linux kernel 2.6.18
Linux kernel 2.6.17 .8
Linux kernel 2.6.17 .7
Linux kernel 2.6.17 .6
Linux kernel 2.6.17 .5
Linux kernel 2.6.17 .3
Linux kernel 2.6.17 .2
Linux kernel 2.6.17 .14
Linux kernel 2.6.17 .13
Linux kernel 2.6.17 .12
Linux kernel 2.6.17 .11
Linux kernel 2.6.17 .10
Linux kernel 2.6.17 .1
Linux kernel 2.6.17 -rc5
Linux kernel 2.6.17
Linux kernel 2.6.17
Linux kernel 2.6.17
Linux kernel 2.6.17
Linux kernel 2.6.17
Linux kernel 2.6.17
Linux kernel 2.6.16 27
Linux kernel 2.6.16 13
Linux kernel 2.6.16 .9
Linux kernel 2.6.16 .7
Linux kernel 2.6.16 .23
Linux kernel 2.6.16 .19
Linux kernel 2.6.16 .12
Linux kernel 2.6.16 .11
Linux kernel 2.6.16 .1
Linux kernel 2.6.16 -rc1
Linux kernel 2.6.16
Linux kernel 2.6.16
Linux kernel 2.6.16
Linux kernel 2.6.16
Linux kernel 2.6.16
Linux kernel 2.6.16
Linux kernel 2.6.16
Linux kernel 2.6.16
Linux kernel 2.6.16
Linux kernel 2.6.16
Linux kernel 2.6.16
Linux kernel 2.6.15 .4
Linux kernel 2.6.15 .3
Linux kernel 2.6.15 .2
Linux kernel 2.6.15 .1
Linux kernel 2.6.15 -rc3
Linux kernel 2.6.15 -rc2
Linux kernel 2.6.15 -rc1
Linux kernel 2.6.15
Linux kernel 2.6.15
Linux kernel 2.6.15
Linux kernel 2.6.15
Linux kernel 2.6.15
Linux kernel 2.6.15
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Linux kernel 2.6.14 .5
Linux kernel 2.6.14 .4
Linux kernel 2.6.14 .3
Linux kernel 2.6.14 .2
Linux kernel 2.6.14 .1
Linux kernel 2.6.14 -rc4
Linux kernel 2.6.14 -rc3
Linux kernel 2.6.14 -rc2
Linux kernel 2.6.14 -rc1
Linux kernel 2.6.14
Linux kernel 2.6.14
Linux kernel 2.6.13 .4
Linux kernel 2.6.13 .3
Linux kernel 2.6.13 .2
Linux kernel 2.6.13 .1
Linux kernel 2.6.13 -rc7
Linux kernel 2.6.13 -rc6
Linux kernel 2.6.13 -rc4
Linux kernel 2.6.13 -rc1
Linux kernel 2.6.13
Linux kernel 2.6.13
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Linux kernel 2.6.12 .6
Linux kernel 2.6.12 .5
Linux kernel 2.6.12 .4
Linux kernel 2.6.12 .3
Linux kernel 2.6.12 .22
Linux kernel 2.6.12 .2
Linux kernel 2.6.12 .12
Linux kernel 2.6.12 .1
Linux kernel 2.6.12 -rc5
Linux kernel 2.6.12 -rc4
Linux kernel 2.6.12 -rc1
Linux kernel 2.6.12
Linux kernel 2.6.12
Linux kernel 2.6.11 .8
Linux kernel 2.6.11 .7
Linux kernel 2.6.11 .6
Linux kernel 2.6.11 .5
Linux kernel 2.6.11 .4
Linux kernel 2.6.11 .12
Linux kernel 2.6.11 .11
Linux kernel 2.6.11 -rc4
Linux kernel 2.6.11 -rc3
Linux kernel 2.6.11 -rc2
Linux kernel 2.6.11
Linux kernel 2.6.11
Linux kernel 2.6.10 rc2
Linux kernel 2.6.10
Linux kernel 2.6.10
Linux kernel 2.6.9
Linux kernel 2.6.8 rc3
Linux kernel 2.6.8 rc2
Linux kernel 2.6.8 rc1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.8
Linux kernel 2.6.7 rc1
Linux kernel 2.6.7
Linux kernel 2.6.6 rc1
Linux kernel 2.6.6
Linux kernel 2.6.5
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 2.6.1 -rc2
Linux kernel 2.6.1 -rc1
Linux kernel 2.6.1
Linux kernel 2.6 .10
Linux kernel 2.6 -test9-CVS
Linux kernel 2.6 -test9
Linux kernel 2.6 -test8
Linux kernel 2.6 -test7
Linux kernel 2.6 -test6
Linux kernel 2.6 -test5
Linux kernel 2.6 -test4
Linux kernel 2.6 -test3
Linux kernel 2.6 -test2
Linux kernel 2.6 -test11
Linux kernel 2.6 -test10
Linux kernel 2.6 -test1
Linux kernel 2.6
Linux kernel 2.6.8.1
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.32-rc8
Linux kernel 2.6.32-rc7
Linux kernel 2.6.32-rc5
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Linux kernel 2.6.32-rc4
Linux kernel 2.6.32-rc3
Linux kernel 2.6.32-rc2
Linux kernel 2.6.32-rc1
Linux kernel 2.6.31.6
Linux kernel 2.6.31.4
Linux kernel 2.6.31.2
Linux kernel 2.6.31.1
Linux kernel 2.6.31-rc9
Linux kernel 2.6.31-rc8
Linux kernel 2.6.31-rc7
Linux kernel 2.6.31-rc5-git3
Linux kernel 2.6.31-rc4
Linux kernel 2.6.31-rc2
Linux kernel 2.6.31-git11
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Linux kernel 2.6.30.5
Linux kernel 2.6.30.4
Linux kernel 2.6.30.3
Linux kernel 2.6.29-rc2-git1
Linux kernel 2.6.29-rc2
Linux kernel 2.6.29-rc1
Linux kernel 2.6.28.4
Linux kernel 2.6.28.10
Linux kernel 2.6.26.1
Linux kernel 2.6.26-rc5-git1
Linux kernel 2.6.25.4
Linux kernel 2.6.25.3
Linux kernel 2.6.25.2
Linux kernel 2.6.25.1
Linux kernel 2.6.25-rc1
Linux kernel 2.6.24.6
Linux kernel 2.6.24-rc2
Linux kernel 2.6.24-rc1
Linux kernel 2.6.23.14
Linux kernel 2.6.23.10
Linux kernel 2.6.23.1
Linux kernel 2.6.23.09
Linux kernel 2.6.22-rc7
Linux kernel 2.6.22-rc1
Linux kernel 2.6.21-RC6
Linux kernel 2.6.21-RC5
Linux kernel 2.6.21-RC4
Linux kernel 2.6.21-RC3
Linux kernel 2.6.21-RC3
Linux kernel 2.6.20.3
Linux kernel 2.6.20.2
Linux kernel 2.6.20.13
Linux kernel 2.6.20.11
Linux kernel 2.6.20.1
Linux kernel 2.6.20-rc2
Linux kernel 2.6.20-2
Linux kernel 2.6.19 -rc6
Linux kernel 2.6.18-8.1.8.el5
Linux kernel 2.6.18-53
Linux kernel 2.6.18
Linux kernel 2.6.15.5
Linux kernel 2.6.15.11
Linux kernel 2.6.15-27.48
Linux kernel 2.6.11.4
 
不受影响系统
Linux kernel 2.6.33-rc4
 
危害
本地攻击者可以利用漏洞绕过限制修改ebtables规则。
 
攻击所需条件
攻击者必须访问Linux。
 
漏洞信息
Linux是一款开放源代码的操作系统。
net/bridge/netfilter/ebtables.c包含的"do_ebt_set_ctl()"和"do_ebt_get_ctl()"函数不正确限制用户使用"CAP_NET_ADMIN" capability进行访问,本地攻击者可以利用漏洞无需正确的Capability设置和修改ebtables规则。
 
测试方法
 
厂商解决方案
用户可参考如下GIT库获得补丁程序:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dce766af541f6605fa9889892c0280bab31c66ab
 
漏洞提供者
Florian Westphal