OpenVZ Kernel Memory Leak 多个本地信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1167131 漏洞类型 权限许可和访问控制
发布时间 2013-07-04 更新时间 2013-09-30
CVE编号 CVE-2013-2239 CNNVD-ID CNNVD-201307-073
漏洞平台 N/A CVSS评分 4.7
|漏洞来源
https://www.securityfocus.com/bid/60977
https://cxsecurity.com/issue/WLB-2013070040
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201307-073
|漏洞详情
OpenVZ是OpenVZ项目的一套基于Linux内核的操作系统级虚拟化技术,也被称为虚拟专用服务器(VPS)或虚拟环境(VE),它具有允许物理服务器运行多个操作系统的特点。OpenVZmodificationfortheLinuxkernel2.6.32版本中的vzkernel042stab080.2之前的版本中drivers/block/ploop/dev.c文件中的‘ploop_getdevice_ioc’函数和fs/quota/quota.c文件中的‘compat_quotactl’函数中存在安全漏洞,该漏洞源于程序没有初始化长度变量。本地攻击者可借助ploopdriverioctl调用或quotactl系统调用利用该漏洞获取内核栈内存的敏感信息。
|漏洞EXP
CVE-2013-2239 - Multiple memory leaks in OpenVZ kernel 2.6.32 (042stab080.1)


Description
===========

Two memory leaks was discovered in the versions before vzkernel
patch 042stab080.2.

One memory leak in ploop:

    The ploop_getdevice_ioc function in drivers/block/ploop/dev.c in 
    the vzkernel patch before 042stab080.2 does not initialize a certain 
    length variable, which allows local users to obtain sensitive 
    information from kernel stack memory.

One memory leak in quota:

    The compat_quotactl function in fs/quota/quota.c in the vzkernel patch 
    before 042stab080.2 does not initialize a certain length variable, 
    which allows local users to obtain sensitive information from kernel 
    stack memory.

Fixed in the 042stab080.2

  - [security/ploop] memory info leak fixed (PSBM-20690)
  - [security/quota] memory info leak fixed (PSBM-20690)


Classification
==============

Location    : Local Access Required 
Attack Type : Information Disclosure, Input Manipulation 
Version     : vzkernel 2.6.32 (Patch 042stab080.1)
Impact      : Loss of Confidentiality 
Solution    : Patch / RCS 
Disclosure  : Vendor Verified


References
==========

CVE ID    : CVE-2013-2239
Changelog : http://wiki.openvz.org/Download/kernel/rhel6-testing/042stab080.2
Credit    : Jonathan Salwan (Sysdream Security Lab)


Timeline
========

2013-06-16 : Bugs found
2013-06-19 : Bugs reported
2013-06-28 : Bugs fixed
2013-06-29 : CVE request
2013-07-04 : CVE assigned



Thanks,

- -- Jonathan
|受影响的产品
Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux
|参考资料

来源:security-tracker.debian.org
链接:https://security-tracker.debian.org/tracker/CVE-2013-2239
来源:bugs.gentoo.org
链接:https://bugs.gentoo.org/show_bug.cgi?id=475762
来源:DEBIAN
名称:DSA-2766
链接:http://www.debian.org/security/2013/dsa-2766
来源:wiki.openvz.org
链接:http://wiki.openvz.org/Download/kernel/rhel6-testing/042stab080.2
来源:MLIST
名称:[oss-security]20130704OpenVZsecurityrepport-Multiplememoryleaks(CVE-2013-2239)
链接:http://openwall.com/lists/oss-security/2013/07/04/9
来源:BID
名称:60977
链接:http://www.securityfocus.com/bid/60977