本篇文章谨做个人工作学习之用,便于及时查阅,切勿用于其他用途!
今天在扫描主机时,发现这个关于libtasn1的版本过旧的漏洞。整理如下:
libtasn1 基于栈的缓冲区溢出漏洞(CVE-2015-2806)-------威胁等级:中高危
0x01漏洞描述
Libtasn1是GNU项目的一个用于开发ASN.1(Abstract Syntax Notation One,用于描述数据的表示、编码、传输、解码的标准)结构管理的C库。
libtasn1 4.4之前版本的asn1_der_decoding功能中存在基于栈的缓冲区溢出漏洞。远程攻击者可利用该漏洞造成拒绝服务,或执行任意代码。
0x02 漏洞验证
[root@shannon home]# find / -iname libtasn1*
find: ‘/proc/20589’: No such file or directory
find: ‘/proc/20676’: No such file or directory
find: ‘/proc/20817’: No such file or directory
find: ‘/proc/20818’: No such file or directory
/opt/repo/Packages/libtasn1-3.8-2.el7.x86_64.rpm
/usr/lib64/libtasn1.so.6.2.3
/usr/lib64/libtasn1.so.6
/usr/share/doc/libtasn1-3.8
/usr/share/doc/libtasn1-3.8/libtasn1.pdf
[root@shannon home]#
这个主机版本是3.8<4.4. 漏洞存在。予以修复!
0x03漏洞修复
了解我的这个主机系统是CentOS7.2,参照如下链接修复:
https://lists.centos.org/pipermail/centos-cr-announce/2017-August/004322.html
附:其他OS修复路径链接
以下是各Linux/Unix发行版系统针对此漏洞发布的安全公告,可以参考对应系统的安全公告修复该漏洞:
Ubuntu
----------------
USN-2559-1: [USN-2559-1] Libtasn1 vulnerability
链接: https://www.ubuntu.com/usn/usn-2559-1
Red Hat Enterprise Linux
----------------
链接: https://access.redhat.com/security/cve/CVE-2015-2806
CentOS
----------------
CESA-2017:1860: CESA-2017:1860 Moderate CentOS 7 libtasn1 Security Update
链接: https://lists.centos.org/pipermail/centos-cr-announce/2017-August/004322.html
Gentoo
----------------
GLSA-201509-04: libtasn1: Multiple vulnerabilities
链接: https://security.gentoo.org/glsa/201509-04
FreeBSD
----------------
82595123-e8b8-11e4-a008-047d7b492d07: libtasn1 -- stack-based buffer overflow in asn1_der_decoding
链接: http://vuxml.freebsd.org/freebsd/82595123-e8b8-11e4-a008-047d7b492d07.html
openSUSE
----------------
openSUSE-SU-2015:0854-1: openSUSE Security Update: Security update for libtasn1
链接: https://lists.opensuse.org/opensuse-updates/2015-05/msg00010.html
SUSE
----------------
链接: https://www.suse.com/security/cve/CVE-2015-2806/
Fedora
----------------
FEDORA-2015-5182: Fedora 20 Update: libtasn1-3.8-3.fc20
链接: https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154741.html
FEDORA-2015-5114: Fedora 21 Update: libtasn1-4.4-1.fc21
链接: https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154805.html
FEDORA-2015-5308: Fedora 22 Update: mingw-libtasn1-4.4-1.fc22
链接: https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155117.html
FEDORA-2015-5308: Fedora 22 Update: mingw-gnutls-3.3.14-1.fc22
链接: https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155118.html
FEDORA-2015-5199: Fedora 22 Update: libtasn1-4.4-1.fc22
链接: https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155270.html
FEDORA-2015-5390: Fedora 20 Update: mingw-libtasn1-3.8-2.fc20
链接: https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155435.html
FEDORA-2015-5245: Fedora 21 Update: mingw-libtasn1-4.4-1.fc21
链接: https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155484.html
FEDORA-2015-5245: Fedora 21 Update: mingw-gnutls-3.3.14-1.fc21
链接: https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155483.html
Arch Linux
----------------
ASA-201504-3: [arch-security] [ASA-201504-3] libtasn1: stack overflow
链接: https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html
Oracle Linux
----------------
链接: https://linux.oracle.com/cve/CVE-2015-2806.html
Debian
----------------
DSA-3220: DSA-3220-1 libtasn1-3 -- security update
链接: https://www.debian.org/security/2015/dsa-3220
EulerOS
----------------
链接: http://developer.huawei.com/ict/cn/site-euleros/euleros/cve/CVE-2015-2806
可参阅官方文献https://secuniaresearch.flexerasoftware.com/advisories/63482/
-----------------------------------------
作者:香农Shannon
简介:一位初入安全圈的IE
微信公众号: 网络铅笔头(ethtool)
--------------------------------------------