Shulou(Shulou.com)06/01 Report--

This article shows you how to carry out Linux PIE/stack memory damage vulnerability CVE-2017-1000253 analysis, the content is concise and easy to understand, can definitely brighten your eyes, through the detailed introduction of this article, I hope you can get something.

0x00 event description

On April 14, 2015, Michael Davidson found that the PIE (Position Independent Executable) mechanism allows data segments of some applications to be placed beyond the reserved memory area, which may cause memory to go out of bounds and lead to entitlement, and patch a87938b2e246b81b4fb713edb371a9fa3c5c3c86 has been submitted on Linux Source Tree.

In May of the same year, Linux 3.10.77 updated the patch, but did not accurately assess the importance of the issue, so many distributions did not update the patch for a long time, resulting in persistent vulnerabilities.

Information related to this vulnerability was posted in the OSS-SEC mail group on September 26th, 2017, indicating that the vulnerability number was CVE-2017-1000253. At the same time, the relevant affected Linux distributions have also released update patches related to this vulnerability.

After 360CERT assessment, the vulnerability can be exploited with a high risk level and can be used for malicious local rights enhancement root of Linux operating system. It is recommended that the affected users complete the corresponding update as soon as possible.

0x01 event influence surface

Level of influence

The risk level of vulnerabilities is high and the scope of influence is wide.

Affect the version

-full version of CentOS 7 released before September 13, 2017 (before version 1708)

-full version of Red Hat Enterprise Linux 7 released before August 01, 2017 (before version 7.4)

-all versions of CentOS 6 and Red Hat Enterprise Linux 6

Repair version

Kernel 3.10.0-693and later versions

Specific release:

-Debian wheezy 3.2.71-1

-Debian jessie 3.16.7-ckt11-1

-Debian (unstable) 4.0.2-1

-SUSE Linux Enterprise Desktop 12 SP2

-SUSE Linux Enterprise Desktop 12 SP3

-SUSE Linux Enterprise Server 12 GA

-SUSE Linux Enterprise Server 12 SP1

-SUSE Linux Enterprise Server 12 SP2

-SUSE Linux Enterprise Server 12 SP3

-Red Hat Enterprise MRG 2 3.10.0-693.2.1.rt56.585.el6rt

-Red Hat Enteprise Linux for Realtime 3.10.0-693.rt56.617

0x02 vulnerability information

In the Linux environment, if the application compiles with the "- pie" compilation option, load_elf_binary () will allocate a piece of memory space to it, but load_elf_binary () does not consider allocating enough space for the entire application, causing the PT_LOAD segment to exceed mm- > mmap_base. Under x86 / 64, if you cross the boundary and exceed the 128MB, it will overwrite the stack of the program, which may lead to privilege escalation.

Officially provided result chart of memory out of bounds:

The method provided by the official patch is to calculate and provide the amount of space required by the application to prevent memory from crossing the boundary.

0x03 repair scheme

It is strongly recommended that all affected users make security updates in a timely manner. The options are as follows:

1. Security updates have been provided in the relevant Linux distributions. Please update them in the form of yum or apt-get.

two。 For users who customize the kernel, please download the corresponding source code patch for security update.

Patch address:

Https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a87938b2e246b81b4fb713edb371a9fa3c5c3c86

The above content is how to analyze Linux PIE/stack memory damage vulnerabilities CVE-2017-1000253. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.