Linux内核2.4.20及更早版本和2.5.x在x86系统上运行时,允许本地用户通过仿真模式导致拒绝服务(挂起),这模式不能正确清除TF和NT EFLAG。
Linux-----Linus Torvalds 已经发布了升级补丁以修复这个安全问题:# The following is the BitKeeper ChangeSet Log# --------------------------------------------# 02/11/14 torvalds@home.transmeta.com 1.848# Fix impressive call gate misuse DoS reported on bugtraq.# --------------------------------------------# 02/11/14 torvalds@home.transmeta.com 1.849# Duh. Fix the other lcall entry point too.# --------------------------------------------#diff -Nru a/arch/i386/kernel/entry.S b/arch/i386/kernel/entry.S--- a/arch/i386/kernel/entry.S Thu Nov 14 09:59:08 2002+++ b/arch/i386/kernel/entry.S Thu Nov 14 09:59:08 2002@@ -66,7 +66,9 @@OLDSS = 0x38CF_MASK = 0x00000001+TF_MASK = 0x00000100IF_MASK = 0x00000200+DF_MASK = 0x00000400NT_MASK = 0x00004000VM_MASK = 0x00020000@@ -134,6 +136,17 @@movl %eax,EFLAGS(%esp) #movl %edx,EIP(%esp) # Now we move them to their "normal" placesmovl %ecx,CS(%esp) #++ #+ # Call gates don't clear TF and NT in eflags like+ # traps do, so we need to do it ourselves.+ # %eax already contains eflags (but it may have+ # DF set, clear that also+ #+ andl $~(DF_MASK | TF_MASK | NT_MASK),%eax+ pushl %eax+ popfl+movl %esp, %ebxpushl %ebxandl $-8192, %ebx # GET_THREAD_INFO@@ -156,6 +169,17 @@movl %eax,EFLAGS(%esp) #movl %edx,EIP(%esp) # Now we move them to their "normal" placesmovl %ecx,CS(%esp) #++ #+ # Call gates don't clear TF and NT in eflags like+ # traps do, so we need to do it ourselves.+ # %eax already contains eflags (but it may have+ # DF set, clear that also+ #+ andl $~(DF_MASK | TF_MASK | NT_MASK),%eax+ pushl %eax+ popfl+movl %esp, %ebxpushl %ebxandl $-8192, %ebx # GET_THREAD_INFOTrustix-------Trustix已经为此发布了一个安全公告(TSLSA-2002-0077)以及相应补丁:TSLSA-2002-0077:kernel链接:http://www.trustix.net/errata/misc/2002/TSL-2002-0077-kernel.asc.txt补丁下载:http://www.trustix.net/pub/Trustix/updates/RedHat------RedHat已经为此发布了一个安全公告(RHSA-2002:264-05)以及相应补丁:RHSA-2002:264-05:New kernel 2.2 packages fix local denial of service issue链接:https://www.redhat.com/support/errata/RHSA-2002-264.html补丁下载:Red Hat Linux 6.2:SRPMS:ftp://updates.redhat.com/6.2/en/os/SRPMS/kernel-2.2.22-6.2.3.src.rpmi386:ftp://updates.redhat.com/6.2/en/os/i386/kernel-smp-2.2.22-6.2.3.i386.rpmftp://updates.redhat.com/6.2/en/os/i386/kernel-2.2.22-6.2.3.i386.rpmftp://updates.redhat.com/6.2/en/os/i386/kernel-BOOT-2.2.22-6.2.3.i386.rpmftp://updates.redhat.com/6.2/en/os/i386/kernel-ibcs-2.2.22-6.2.3.i386.rpmftp://updates.redhat.com/6.2/en/os/i386/kernel-utils-2.2.22-6.2.3.i386.rpmftp://updates.redhat.com/6.2/en/os/i386/kernel-pcmcia-cs-2.2.22-6.2.3.i386.rpmftp://updates.redhat.com/6.2/en/os/i386/kernel-doc-2.2.22-6.2.3.i386.rpmftp://updates.redhat.com/6.2/en/os/i386/kernel-headers-2.2.22-6.2.3.i386.rpmftp://updates.redhat.com/6.2/en/os/i386/kernel-source-2.2.22-6.2.3.i386.rpmi586:ftp://updates.redhat.com/6.2/en/os/i586/kernel-smp-2.2.22-6.2.3.i586.rpmftp://updates.redhat.com/6.2/en/os/i586/kernel-2.2.22-6.2.3.i586.rpmi686:ftp://updates.redhat.com/6.2/en/os/i686/kernel-enterprise-2.2.22-6.2.3.i686.rpmftp://updates.redhat.com/6.2/en/os/i686/kernel-smp-2.2.22-6.2.3.i686.rpmftp://updates.redhat.com/6.2/en/os/i686/kernel-2.2.22-6.2.3.i686.rpmRed Hat Linux 7.0:SRPMS:ftp://updates.redhat.com/7.0/en/os/SRPMS/kernel-2.2.22-7.0.3.src.rpmi386:ftp://updates.redhat.com/7.0/en/os/i386/kernel-smp-2.2.22-7.0.3.i386.rpmftp://updates.redhat.com/7.0/en/os/i386/kernel-2.2.22-7.0.3.i386.rpmftp://updates.redhat.com/7.0/en/os/i386/kernel-BOOT-2.2.22-7.0.3.i386.rpmftp://updates.redhat.com/7.0/en/os/i386/kernel-ibcs-2.2.22-7.0.3.i386.rpmftp://updates.redhat.com/7.0/en/os/i386/kernel-utils-2.2.22-7.0.3.i386.rpmftp://updates.redhat.com/7.0/en/os/i386/kernel-pcmcia-cs-2.2.22-7.0.3.i386.rpmftp://updates.redhat.com/7.0/en/os/i386/kernel-doc-2.2.22-7.0.3.i386.rpmftp://updates.redhat.com/7.0/en/os/i386/kernel-source-2.2.22-7.0.3.i386.rpmi586:ftp://updates.redhat.com/7.0/en/os/i586/kernel-smp-2.2.22-7.0.3.i586.rpmftp://updates.redhat.com/7.0/en/os/i586/kernel-2.2.22-7.0.3.i586.rpmi686:ftp://updates.redhat.com/7.0/en/os/i686/kernel-enterprise-2.2.22-7.0.3.i686.rpmftp://updates.redhat.com/7.0/en/os/i686/kernel-smp-2.2.22-7.0.3.i686.rpmftp://updates.redhat.com/7.0/en/os/i686/kernel-2.2.22-7.0.3.i686.rpmRedHat已经为此发布了一个安全公告(RHSA-2002:262-07)以及相应补丁:RHSA-2002:262-07:New kernel fixes local denial of service issue链接:https://www.redhat.com/support/errata/RHSA-2002-262.html补丁下载:Red Hat Linux 7.1:SRPMS:ftp://updates.redhat.com/7.1/en/os/SRPMS/kernel-2.4.18-18.7.x.src.rpmathlon:ftp://updates.redhat.com/7.1/en/os/athlon/kernel-2.4.18-18.7.x.athlon.rpmftp://updates.redhat.com/7.1/en/os/athlon/kernel-smp-2.4.18-18.7.x.athlon.rpmi386:ftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.18-18.7.x.i386.rpmftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.18-18.7.x.i386.rpmftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.18-18.7.x.i386.rpmftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.18-18.7.x.i386.rpmi586:ftp://updates.redhat.com/7.1/en/os/i586/kernel-2.4.18-18.7.x.i586.rpmftp://updates.redhat.com/7.1/en/os/i586/kernel-smp-2.4.18-18.7.x.i586.rpmi686:ftp://updates.redhat.com/7.1/en/os/i686/kernel-2.4.18-18.7.x.i686.rpmftp://updates.redhat.com/7.1/en/os/i686/kernel-smp-2.4.18-18.7.x.i686.rpmftp://updates.redhat.com/7.1/en/os/i686/kernel-bigmem-2.4.18-18.7.x.i686.rpmftp://updates.redhat.com/7.1/en/os/i686/kernel-debug-2.4.18-18.7.x.i686.rpmRed Hat Linux 7.2:SRPMS:ftp://updates.redhat.com/7.2/en/os/SRPMS/kernel-2.4.18-18.7.x.src.rpmathlon:ftp://updates.redhat.com/7.2/en/os/athlon/kernel-2.4.18-18.7.x.athlon.rpmftp://updates.redhat.com/7.2/en/os/athlon/kernel-smp-2.4.18-18.7.x.athlon.rpmi386:ftp://updates.redhat.com/7.2/en/os/i386/kernel-2.4.18-18.7.x.i386.rpmftp://updates.redhat.com/7.2/en/os/i386/kernel-source-2.4.18-18.7.x.i386.rpmftp://updates.redhat.com/7.2/en/os/i386/kernel-doc-2.4.18-18.7.x.i386.rpmftp://updates.redhat.com/7.2/en/os/i386/kernel-BOOT-2.4.18-18.7.x.i386.rpmi586:ftp://updates.redhat.com/7.2/en/os/i586/kernel-2.4.18-18.7.x.i586.rpmftp://updates.redhat.com/7.2/en/os/i586/kernel-smp-2.4.18-18.7.x.i586.rpmi686:ftp://updates.redhat.com/7.2/en/os/i686/kernel-2.4.18-18.7.x.i686.rpmftp://updates.redhat.com/7.2/en/os/i686/kernel-smp-2.4.18-18.7.x.i686.rpmftp://updates.redhat.com/7.2/en/os/i686/kernel-bigmem-2.4.18-18.7.x.i686.rpmftp://updates.redhat.com/7.2/en/os/i686/kernel-debug-2.4.18-18.7.x.i686.rpmRed Hat Linux 7.3:SRPMS:ftp://updates.redhat.com/7.3/en/os/SRPMS/kernel-2.4.18-18.7.x.src.rpmathlon:ftp://updates.redhat.com/7.3/en/os/athlon/kernel-2.4.18-18.7.x.athlon.rpmftp://updates.redhat.com/7.3/en/os/athlon/kernel-smp-2.4.18-18.7.x.athlon.rpmi386:ftp://updates.redhat.com/7.3/en/os/i386/kernel-2.4.18-18.7.x.i386.rpmftp://updates.redhat.com/7.3/en/os/i386/kernel-source-2.4.18-18.7.x.i386.rpmftp://updates.redhat.com/7.3/en/os/i386/kernel-doc-2.4.18-18.7.x.i386.rpmftp://updates.redhat.com/7.3/en/os/i386/kernel-BOOT-2.4.18-18.7.x.i386.rpmi586:ftp://updates.redhat.com/7.3/en/os/i586/kernel-2.4.18-18.7.x.i586.rpmftp://updates.redhat.com/7.3/en/os/i586/kernel-smp-2.4.18-18.7.x.i586.rpmi686:ftp://updates.redhat.com/7.3/en/os/i686/kernel-2.4.18-18.7.x.i686.rpmftp://updates.redhat.com/7.3/en/os/i686/kernel-smp-2.4.18-18.7.x.i686.rpmftp://updates.redhat.com/7.3/en/os/i686/kernel-bigmem-2.4.18-18.7.x.i686.rpmftp://updates.redhat.com/7.3/en/os/i686/kernel-debug-2.4.18-18.7.x.i686.rpmRed Hat Linux 8.0:SRPMS:ftp://updates.redhat.com/8.0/en/os/SRPMS/kernel-2.4.18-18.8.0.src.rpmathlon:ftp://updates.redhat.com/8.0/en/os/athlon/kernel-2.4.18-18.8.0.athlon.rpmftp://updates.redhat.com/8.0/en/os/athlon/kernel-smp-2.4.18-18.8.0.athlon.rpmi386:ftp://updates.redhat.com/8.0/en/os/i386/kernel-2.4.18-18.8.0.i386.rpmftp://updates.redhat.com/8.0/en/os/i386/kernel-source-2.4.18-18.8.0.i386.rpmftp://updates.redhat.com/8.0/en/os/i386/kernel-doc-2.4.18-18.8.0.i386.rpmftp://updates.redhat.com/8.0/en/os/i386/kernel-BOOT-2.4.18-18.8.0.i386.rpmi586:ftp://updates.redhat.com/8.0/en/os/i586/kernel-2.4.18-18.8.0.i586.rpmftp://updates.redhat.com/8.0/en/os/i586/kernel-smp-2.4.18-18.8.0.i586.rpmi686:ftp://updates.redhat.com/8.0/en/os/i686/kernel-2.4.18-18.8.0.i686.rpmftp://updates.redhat.com/8.0/en/os/i686/kernel-smp-2.4.18-18.8.0.i686.rpmftp://updates.redhat.com/8.0/en/os/i686/kernel-bigmem-2.4.18-18.8.0.i686.rpmftp://updates.redhat.com/8.0/en/os/i686/kernel-debug-2.4.18-18.8.0.i686.rpmftp://updates.redhat.com/8.0/en/os/i686/kernel-uml-2.4.18-18.8.0.i686.rpm可使用下列命令安装补丁:rpm -Fvh [文件名]