Linux Kernel控制台键盘映射本地命令注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109141 漏洞类型 权限许可和访问控制
发布时间 2005-10-17 更新时间 2007-01-09
CVE编号 CVE-2005-3257 CNNVD-ID CNNVD-200510-134
漏洞平台 Linux CVSS评分 4.6
|漏洞来源
https://www.exploit-db.com/exploits/26353
https://www.securityfocus.com/bid/15122
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200510-134
|漏洞详情
LinuxKernel是开发源码操作系统Linux所使用的内核。LinuxKernel在处理键盘时存在漏洞,本地攻击者可能利用此漏洞诱使使用同一计算机的用户执行恶意命令。本地非特权用户可以通过loadkeys命令更改系统范围内的控制台键盘映射,这样就可以通过修改控制台键盘映射导致向LinuxKernel中注入命令。本地攻击者可以修改控制台键盘映射以包含进脚本宏命令,导致以之后使用控制台用户的权限执行任意命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/15122/info

The Linux kernel is susceptible to a local command-injection vulnerability via console keymap modifications. This issue occurs because unprivileged users can alter the system-wide console keymap.

Local users may modify the console keymap to include scripted macro commands. This allows attackers to execute arbitrary commands with the privileges of the user that uses the console after them, potentially facilitating privilege escalation. 

loadkeys <<EOF
keycode 15 = F23
string F23 = "^V^C^V^Mecho hello world^V^M"
EOF
|受影响的产品
Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu
|参考资料

来源:UBUNTU
名称:USN-231-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-231-1
来源:BID
名称:15122
链接:http://www.securityfocus.com/bid/15122
来源:DEBIAN
名称:DSA-1018
链接:http://www.debian.org/security/2006/dsa-1018
来源:DEBIAN
名称:DSA-1017
链接:http://www.debian.org/security/2006/dsa-1017
来源:SECUNIA
名称:19374
链接:http://secunia.com/advisories/19374
来源:SECUNIA
名称:19369
链接:http://secunia.com/advisories/19369
来源:SECUNIA
名称:19185
链接:http://secunia.com/advisories/19185
来源:SECUNIA
名称:18203
链接:http://secunia.com/advisories/18203
来源:SECUNIA
名称:17995
链接:http://secunia.com/advisories/17995
来源:SECUNIA
名称:17826
链接:http://secunia.com/advisories/17826
来源:SECUNIA
名称:17226
链接:http://secunia.com/advisories/17226
来源:MANDRIVA
名称:MDKSA-2005:235
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:235
来源:MANDRAKE
名称:MDKSA-2005:220
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:220
来源:MANDRIVA
名称:MDKSA-2005:219
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-20