translated

This commit is contained in:
geekpi 2017-07-10 15:04:16 +08:00
parent 0489ec8dd8
commit 6a17ac6d29

View File

@ -1,24 +1,22 @@
translating----geekpi 如何修补和保护 Linux 内核堆栈冲突漏洞 CVE-2017-1000364 [ 2017.6.19 ]
How To Patch and Protect Linux Kernel Stack Clash Vulnerability CVE-2017-1000364 [ 19/June/2017 ]
============================================================ ============================================================
[![](https://www.cyberciti.biz/media/new/category/old/linux-logo.png)][12] Avery serious security problem has been found in the Linux kernel called “The Stack Clash.” It can be exploited by attackers to corrupt memory and execute arbitrary code. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative/root account privileges. How do I fix this problem on Linux? [![](https://www.cyberciti.biz/media/new/category/old/linux-logo.png)][12] 在 Linux 内核中发现了一个名为 “Stack Clash” 的严重安全问题,攻击者可能会利用它来破坏内存并执行任意代码。攻击者可以利用另一个漏洞来执行任意代码并获得管理/root 帐户权限。在 Linux 中该如何解决这个问题?
[![the-stack-clash-on-linux-openbsd-netbsd-freebsd-solaris](https://www.cyberciti.biz/media/new/faq/2017/06/the-stack-clash-on-linux-openbsd-netbsd-freebsd-solaris.jpeg)][22] [![the-stack-clash-on-linux-openbsd-netbsd-freebsd-solaris](https://www.cyberciti.biz/media/new/faq/2017/06/the-stack-clash-on-linux-openbsd-netbsd-freebsd-solaris.jpeg)][22]
The Qualys Research Labs discovered various problems in the dynamic linker of the GNU C Library (CVE-2017-1000366) which allow local privilege escalation by clashing the stack including Linux kernel. This bug affects Linux, OpenBSD, NetBSD, FreeBSD and Solaris, on i386 and amd64\. It can be exploited by attackers to corrupt memory and execute arbitrary code. Qualys 研究实验室在 GNU C LibraryCVE-2017-1000366的动态链接器中发现了许多问题它们通过与 Linux 内核的堆栈冲突来允许本地特权升级。这个 bug 在 i386 和 amd64 上影响 Linux、OpenBSD、NetBSD、FreeBSD 和 Solaris。攻击者可以利用它来破坏内存并执行任意代码。
### What is CVE-2017-1000364 bug? ### 什么是 CVE-2017-1000364 bug
[From RHN][13]: [来自 RHN][13]:
> A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. > 在用户空间二进制文件的堆栈中分配内存的方式发现了一个缺陷。如果堆(或不同的内存区域)和堆栈内存区域彼此相邻,则攻击者可以使用此缺陷跳过堆栈保护区域,从而导致进程堆栈或相邻内存区域受到控制的内存损坏,从而增加其系统权限。有一个在内核中减轻这个漏洞的方法,将堆栈保护区域大小从一页增加到 1 MiB从而使成功利用这个功能变得困难。
[As per the original research post][14]: [As per the original research post][14]:
> Each program running on a computer uses a special memory region called the stack. This memory region is special because it grows automatically when the program needs more stack memory. But if it grows too much and gets too close to another memory region, the program may confuse the stack with the other memory region. An attacker can exploit this confusion to overwrite the stack with the other memory region, or the other way around. > 计算机上运行的每个程序都使用一个称为堆栈的特殊内存区域。这个内存区域是特别的,因为当程序需要更多的堆栈内存时,它会自动增长。但是,如果它增长太多,并且与另一个内存区域太接近,程序可能会将堆栈与其他内存区域混淆。攻击者可以利用这种混乱来覆盖其他内存区域的堆栈,或者反过来。
### A list of affected Linux distros ### 收到影响的 Linux 发行版
1. Red Hat Enterprise Linux Server 5.x 1. Red Hat Enterprise Linux Server 5.x
@ -78,26 +76,26 @@ The Qualys Research Labs discovered various problems in the dynamic linker of th
29. SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 29. SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
### Do I need to reboot my box? ### 我需要重启我的电脑么?
Yes, as most services depends upon the dynamic linker of the GNU C Library and kernel itself needs to be reloaded in memory. 是的,由于大多数服务依赖于 GNU C Library 的动态连接器,并且内核自身需要在内存中重新加载。
### How do I fix CVE-2017-1000364 on Linux? ### 我该如何在 Linux 中修复 CVE-2017-1000364
Type the commands as per your Linux distro. You need to reboot the box. Before you apply patch, note down your current kernel version: 根据你的 Linux 发行版输入命令。你需要重启电脑。在应用补丁之前,记下你当前内核的版本:
`$ uname -a `$ uname -a
$ uname -mrs` $ uname -mrs`
Sample outputs: 示例输出:
``` ```
Linux 4.4.0-78-generic x86_64 Linux 4.4.0-78-generic x86_64
``` ```
### Debian or Ubuntu Linux ### Debian 或者 Ubuntu Linux
Type the following [apt command][15]/[apt-get command][16] to apply updates: 输入下面的[ apt 命令][15]/[apt-get 命令][16]来应用更新:
`$ sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade` `$ sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade`
Sample outputs: 示例输出:
``` ```
Reading package lists... Done Reading package lists... Done
@ -184,24 +182,24 @@ Setting up linux-headers-4.9.0-3-amd64 (4.9.30-2+deb9u1) ...
Processing triggers for libc-bin (2.24-11+deb9u1) ... Processing triggers for libc-bin (2.24-11+deb9u1) ...
``` ```
Reboot your server/desktop using [reboot command][17]: 使用[ reboot 命令][17]重启桌面/服务器:
`$ sudo reboot` `$ sudo reboot`
### Oracle/RHEL/CentOS/Scientific Linux ### Oracle/RHEL/CentOS/Scientific Linux
Type the following [yum command][18]: 输入下面的[ yum 命令][18]
`$ sudo yum update `$ sudo yum update
$ sudo reboot` $ sudo reboot`
### Fedora Linux ### Fedora Linux
Type the following dnf command: 输入下面的 dnf 命令:
`$ sudo dnf update `$ sudo dnf update
$ sudo reboot` $ sudo reboot`
### Suse Enterprise Linux or Opensuse Linux ### Suse Enterprise Linux 或者 Opensuse Linux
Type the following zypper command: 输入下面的 zypper 命令:
`$ sudo zypper patch `$ sudo zypper patch
$ sudo reboot` $ sudo reboot`
@ -225,43 +223,43 @@ $ sudo reboot`
`$ sudo zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-996=1 `$ sudo zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-996=1
$ sudo reboot` $ sudo reboot`
### Verification ### 验证
You need to make sure your version number changed after issuing [reboot command][19] 你需要确认你的版本号在 [reboot 命令][19]之后改变了。
`$ uname -a `$ uname -a
$ uname -r $ uname -r
$ uname -mrs` $ uname -mrs`
Sample outputs: 示例输出:
``` ```
Linux 4.4.0-81-generic x86_64 Linux 4.4.0-81-generic x86_64
``` ```
### A note about OpenBSD users ### 给 OpenBSD 用户的注意事项
See [this page][20] for more info. 见[此页][20]获取更多信息。
### A note about Oracle Solaris ### 给 Oracle Solaris 的注意事项
[See this page][21] for more info. [见此页][20]获取更多信息。
### References: ### 参考
* [The Stack Clash][4] * [堆栈冲突][4]
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
作者简介: 作者简介:
Vivek Gite Vivek Gite
The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on [Twitter][1], [Facebook][2], [Google+][3]. 作者是 nixCraft 的创始人,对于 Linux 操作系统/Unix shell脚本有经验丰富的系统管理员和培训师。他曾与全球客户及各行各业包括IT、教育、国防和空间研究以及非营利部门合作。在 [Twitter][1]、[Facebook] [2]、[Google +] [3] 上关注他。
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
via: https://www.cyberciti.biz/faq/howto-patch-linux-kernel-stack-clash-vulnerability-cve-2017-1000364/ via: https://www.cyberciti.biz/faq/howto-patch-linux-kernel-stack-clash-vulnerability-cve-2017-1000364/
作者:[Vivek Gite ][a] 作者:[Vivek Gite ][a]
译者:[译者ID](https://github.com/译者ID) 译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID) 校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出