如何确定Ubuntu下是否对某个CVE打了补丁
2015-12-29 17:32
411 查看
前些日子在月赛中,拿到了一台Ubuntu14.04的服务器,但并不是root权限,需要提权。我Google了一下,找到了CVE-2015-1318,CVE-2015-1328,CVE-2015-1338这些可以用来提权的CVE和POC。当我用CVE-2015-1328来提权时,并没有成功,我当时就想知道我这台服务器到底打没打上这个CVE的补丁呢?
后来,我在网上查了下,稍微琢磨了下,就有了这个方法,可能不一定是最方便最好用的。我在Google直接搜索CVE-2015-1328,找到了如下这个链接:
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1328.html 我在里面看到了受影响的package以及修复信息。截了一部分的图:
我们可以看到是受影响的是Linux的内核。所以执行dpkg –l |grep linux 就可以找到Linux内核的package的名字。在我的Ubuntu 12.02上,截下部分图:
紧接着,使用apt-get changelog linux-image-3.2.0-97-generic就可以看到当前内核版本的changelog,然后直接在里面搜索CVE-2015-1328就可以知道是否打上了补丁。如果打上了补丁,那么这个提权的POC就不能起作用了。其他的CVE也可以利用这种方法来确定是否打上了补丁。
最后来解释几个Linux下的名词:
Upstream kernel:
来自www.kernel.org的kernel, 我们称为upstream kernel,这个Linux kernel由Linus Torvalds领导下的Linux Kernel Organization来维护。我们用的Ubuntu,CentOS等都是Linux的发行版(distribution),这些Linux distribution对由Linux Kernel Organization维护的内核做了些修改,这些内核并不是直接从www.kernel.org得到的内核,称从www.kernel.org 得到的内核为这些发行版内核的Upstream kernel。
我在StackOverflow上也找到了一个比较通俗的介绍。
Using Ubuntu as an example.
Ubuntu is a distribution which packs a lot of software together, small and large. There are graphic drivers, the X server, and Gnome, among others. Ubuntu itself is not developing those software. Ubuntu is "just" packing the software together, making sure that the individual components work together. All that software which Ubuntu is packing together are called upstream from Ubuntu's point of view.
In the process of combining all that software together bugs might pop up. The bug might be in one of the software components, for example gnome, or it might be in the very special way Ubuntu is doing things. After all, a distribution is a distribution because it does some things in it's own very special way.
If the bug is caused by the way Ubuntu is doing things, then Ubuntu will have to fix that bug for itself. If the bug is in fact in one of the software components, for example Gnome, then Ubuntu will have to patch Gnome. When Ubuntu sends the patch back to Gnome, so others can also benefit from the patch, then Ubuntu is sending that patch upstream.
If Ubuntu decides to not send that patch upstream, or the upstream project rejects the patch (but Ubuntu decides to still keep the patch), then Ubuntu has technically forked the project.
The opposite of upstream would be downstream, Ubuntu is downstream from Gnome. I do not hear/read that term used often.
Ubuntu Changelog:
Ubuntu的Changelog记录了软件包随版本的变化。Changelog也有一定的格式,可以从下面的这个链接了解到。
http://packaging.ubuntu.com/html/debian-dir-overview.html
后来,我在网上查了下,稍微琢磨了下,就有了这个方法,可能不一定是最方便最好用的。我在Google直接搜索CVE-2015-1328,找到了如下这个链接:
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1328.html 我在里面看到了受影响的package以及修复信息。截了一部分的图:
我们可以看到是受影响的是Linux的内核。所以执行dpkg –l |grep linux 就可以找到Linux内核的package的名字。在我的Ubuntu 12.02上,截下部分图:
紧接着,使用apt-get changelog linux-image-3.2.0-97-generic就可以看到当前内核版本的changelog,然后直接在里面搜索CVE-2015-1328就可以知道是否打上了补丁。如果打上了补丁,那么这个提权的POC就不能起作用了。其他的CVE也可以利用这种方法来确定是否打上了补丁。
最后来解释几个Linux下的名词:
Upstream kernel:
来自www.kernel.org的kernel, 我们称为upstream kernel,这个Linux kernel由Linus Torvalds领导下的Linux Kernel Organization来维护。我们用的Ubuntu,CentOS等都是Linux的发行版(distribution),这些Linux distribution对由Linux Kernel Organization维护的内核做了些修改,这些内核并不是直接从www.kernel.org得到的内核,称从www.kernel.org 得到的内核为这些发行版内核的Upstream kernel。
我在StackOverflow上也找到了一个比较通俗的介绍。
Using Ubuntu as an example.
Ubuntu is a distribution which packs a lot of software together, small and large. There are graphic drivers, the X server, and Gnome, among others. Ubuntu itself is not developing those software. Ubuntu is "just" packing the software together, making sure that the individual components work together. All that software which Ubuntu is packing together are called upstream from Ubuntu's point of view.
In the process of combining all that software together bugs might pop up. The bug might be in one of the software components, for example gnome, or it might be in the very special way Ubuntu is doing things. After all, a distribution is a distribution because it does some things in it's own very special way.
If the bug is caused by the way Ubuntu is doing things, then Ubuntu will have to fix that bug for itself. If the bug is in fact in one of the software components, for example Gnome, then Ubuntu will have to patch Gnome. When Ubuntu sends the patch back to Gnome, so others can also benefit from the patch, then Ubuntu is sending that patch upstream.
If Ubuntu decides to not send that patch upstream, or the upstream project rejects the patch (but Ubuntu decides to still keep the patch), then Ubuntu has technically forked the project.
The opposite of upstream would be downstream, Ubuntu is downstream from Gnome. I do not hear/read that term used often.
Ubuntu Changelog:
Ubuntu的Changelog记录了软件包随版本的变化。Changelog也有一定的格式,可以从下面的这个链接了解到。
http://packaging.ubuntu.com/html/debian-dir-overview.html
相关文章推荐
- 思杰成为ADC领域在Container容器中提供其产品的第一家主要厂商
- 正则表达式:匹配任意字符
- 关于struts页面数字的格式化
- 获取WebView加载HTML时网页中的内容
- 【莫比乌斯反演】关于Mobius反演与gcd的一些关系与问题简化(bzoj 2301 Problem b&&bzoj 2820 YY的GCD&&BZOJ 3529 数表)
- 文件夹树
- Git使用教程
- Python实现抓取糗事百科的段子
- linux2--ssh secure shell client
- iOS消息推送机制的实现
- iOS 第三方库汇总(超全!!!!)
- apache的url_rewrite地址重写中得到问号后面的参数
- __attribute__ ((__packed__)) 编译通不过
- 黑马程序员---第四讲 多线程的应用(2)
- 芒果iOS开发之ERROR: Error installing rails: Failed to build gem native extension. /nokogiri/gem_make.out
- input输入框与图片不在同一行的解决办法
- 浅谈RAID写惩罚(Write Penalty)与IOPS计算
- 关于Only the original thread that created a view hierarchy can touch its views的解决方案
- Cornerstone Svn简单使用指南
- input输入框与图片不在同一行的解决办法