复验： libtasn1 基于栈的缓冲区溢出漏洞(CVE-2015-2806)

本篇文章谨做个人工作学习之用，便于及时查阅，切勿用于其他用途！

今天在扫描主机时，发现这个关于libtasn1的版本过旧的漏洞。整理如下：

libtasn1 基于栈的缓冲区溢出漏洞(CVE-2015-2806)-------威胁等级：中高危

0x01漏洞描述

Libtasn1是GNU项目的一个用于开发ASN.1（Abstract Syntax Notation One，用于描述数据的表示、编码、传输、解码的标准）结构管理的C库。

libtasn1 4.4之前版本的asn1_der_decoding功能中存在基于栈的缓冲区溢出漏洞。远程攻击者可利用该漏洞造成拒绝服务，或执行任意代码。

0x02 漏洞验证

[root@shannon home]# find / -iname libtasn1*
find: ‘/proc/20589’: No such file or directory
find: ‘/proc/20676’: No such file or directory
find: ‘/proc/20817’: No such file or directory
find: ‘/proc/20818’: No such file or directory
/opt/repo/Packages/libtasn1-3.8-2.el7.x86_64.rpm
/usr/lib64/libtasn1.so.6.2.3
/usr/lib64/libtasn1.so.6
/usr/share/doc/libtasn1-3.8
/usr/share/doc/libtasn1-3.8/libtasn1.pdf
[root@shannon home]# 

这个主机版本是3.8<4.4. 漏洞存在。予以修复！

0x03漏洞修复

了解我的这个主机系统是CentOS7.2,参照如下链接修复：

https://lists.centos.org/pipermail/centos-cr-announce/2017-August/004322.html

附：其他OS修复路径链接

以下是各Linux/Unix发行版系统针对此漏洞发布的安全公告，可以参考对应系统的安全公告修复该漏洞:

Ubuntu
----------------
USN-2559-1: [USN-2559-1] Libtasn1 vulnerability
链接: https://www.ubuntu.com/usn/usn-2559-1
 
Red Hat Enterprise Linux
----------------
链接: https://access.redhat.com/security/cve/CVE-2015-2806
 
CentOS
----------------
CESA-2017:1860: CESA-2017:1860 Moderate CentOS 7 libtasn1 Security Update
链接: https://lists.centos.org/pipermail/centos-cr-announce/2017-August/004322.html
 
Gentoo
----------------
GLSA-201509-04: libtasn1: Multiple vulnerabilities
链接: https://security.gentoo.org/glsa/201509-04
 
FreeBSD
----------------
82595123-e8b8-11e4-a008-047d7b492d07: libtasn1 -- stack-based buffer overflow in asn1_der_decoding
链接: http://vuxml.freebsd.org/freebsd/82595123-e8b8-11e4-a008-047d7b492d07.html
 
openSUSE
----------------
openSUSE-SU-2015:0854-1: openSUSE Security Update: Security update for libtasn1
链接: https://lists.opensuse.org/opensuse-updates/2015-05/msg00010.html
 
SUSE
----------------
链接: https://www.suse.com/security/cve/CVE-2015-2806/
 
Fedora
----------------
FEDORA-2015-5182: Fedora 20 Update: libtasn1-3.8-3.fc20
链接: https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154741.html
FEDORA-2015-5114: Fedora 21 Update: libtasn1-4.4-1.fc21
链接: https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154805.html
FEDORA-2015-5308: Fedora 22 Update: mingw-libtasn1-4.4-1.fc22
链接: https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155117.html
FEDORA-2015-5308: Fedora 22 Update: mingw-gnutls-3.3.14-1.fc22
链接: https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155118.html
FEDORA-2015-5199: Fedora 22 Update: libtasn1-4.4-1.fc22
链接: https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155270.html
FEDORA-2015-5390: Fedora 20 Update: mingw-libtasn1-3.8-2.fc20
链接: https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155435.html
FEDORA-2015-5245: Fedora 21 Update: mingw-libtasn1-4.4-1.fc21
链接: https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155484.html
FEDORA-2015-5245: Fedora 21 Update: mingw-gnutls-3.3.14-1.fc21
链接: https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155483.html
 
Arch Linux
----------------
ASA-201504-3: [arch-security] [ASA-201504-3] libtasn1: stack overflow
链接: https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html
 
Oracle Linux
----------------
链接: https://linux.oracle.com/cve/CVE-2015-2806.html
 
Debian
----------------
DSA-3220: DSA-3220-1 libtasn1-3 -- security update
链接: https://www.debian.org/security/2015/dsa-3220
 
EulerOS
----------------
链接: http://developer.huawei.com/ict/cn/site-euleros/euleros/cve/CVE-2015-2806

可参阅官方文献https://secuniaresearch.flexerasoftware.com/advisories/63482/

-----------------------------------------

作者：香农Shannon

简介：一位初入安全圈的IE

微信公众号: 网络铅笔头（ethtool）

--------------------------------------------