LinuxSir.cn,穿越时空的Linuxsir!

 找回密码
 注册
搜索
热搜: shell linux mysql
查看: 2189|回复: 2

Linux Kernel Route Cache条目远程拒绝服务攻击漏洞[转]

[复制链接]
发表于 2003-6-2 00:15:10 | 显示全部楼层 |阅读模式
发布时间:2003-05-18
更新时间:2003-05-25
严重程度:中
威胁程度:远程拒绝服务
错误类型:设计错误
利用方式:服务器模式

BUGTRAQ ID:7601
CVE(CAN) ID:CAN-2003-0244

受影响系统
Linux kernel 2.4
Linux kernel 2.4.1
Linux kernel 2.4.2
    + Caldera OpenLinux Server 3.1
    + Caldera OpenLinux Workstation 3.1
    + RedHat Linux 7.1 alpha
    + RedHat Linux 7.1 i386
Linux kernel 2.4.3
    + MandrakeSoft Linux Mandrake 8.0
    + MandrakeSoft Linux Mandrake 8.0 ppc
Linux kernel 2.4.4
    + S.u.S.E. Linux 7.2
Linux kernel 2.4.5
    + Slackware Linux 8.0
Linux kernel 2.4.6
Linux kernel 2.4.7
    + RedHat Linux 7.2
    + S.u.S.E. Linux 7.1
    + S.u.S.E. Linux 7.2
Linux kernel 2.4.8
    + MandrakeSoft Linux Mandrake 8.0
    + MandrakeSoft Linux Mandrake 8.1
    + MandrakeSoft Linux Mandrake 8.2
Linux kernel 2.4.9
    + RedHat Enterprise Linux AS 2.1
    + RedHat Enterprise Linux ES 2.1
    + RedHat Enterprise Linux WS 2.1
    + RedHat Linux 7.1 alpha
    + RedHat Linux 7.1 i386
    + RedHat Linux 7.1 ia64
    + RedHat Linux 7.2 alpha
    + RedHat Linux 7.2 i386
    + RedHat Linux 7.2 ia64
    + Sun Linux 5.0
    + Sun Linux 5.0.3
Linux kernel 2.4.10
    + S.u.S.E. Linux 7.3
Linux kernel 2.4.11
Linux kernel 2.4.12
    + Conectiva Linux 7.0
Linux kernel 2.4.13
    + Caldera OpenLinux Server 3.1.1
    + Caldera OpenLinux Workstation 3.1.1
Linux kernel 2.4.14
Linux kernel 2.4.15
Linux kernel 2.4.16
    + Sun Cobalt RaQ 550
Linux kernel 2.4.17
Linux kernel 2.4.18
    + Astaro Security Linux 2.0 16
    + Astaro Security Linux 2.0 23
    + MandrakeSoft Linux Mandrake 8.0
    + MandrakeSoft Linux Mandrake 8.1
    + MandrakeSoft Linux Mandrake 8.2
    + RedHat Linux 7.3
    + RedHat Linux 8.0
    + S.u.S.E. Linux 7.1
    + S.u.S.E. Linux 7.2
    + S.u.S.E. Linux 7.3
    + S.u.S.E. Linux 8.0
Linux kernel 2.4.19
    + Conectiva Linux 8.0
    + MandrakeSoft Linux Mandrake 9.0
    + S.u.S.E. Linux 8.1
Linux kernel 2.4.20
    + CRUX CRUX Linux 1.0
    + RedHat Linux 9.0 i386
RedHat Enterprise Linux AS 2.1 IA64
RedHat Linux Advanced Work Station 2.1
详细描述
Linux kernel不正确处理部分通信,攻击者可以利用小的资源使Linux停止对正常请求的响应。

问题存在于路由通信中,Linux内核的网络代码在处理具有相同IPv4源和目的地址,及相同TOS值的包时存在问题,攻击者发送此类包给Linux,可导致每个包的路由条目连接到相同的HASH链中,当系统查询路由列表时消耗资源非常大,连续发送此包可导致系统崩溃。

测试代码
尚无

解决方案
降低路由缓冲大小:

# echo 4096 > /proc/sys/net/ipv4/route/max_size
# echo 2048 > /proc/sys/net/ipv4/route/gc_thresh

补丁下载:

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/ ... 2.4.20-13.7.src.rpm

athlon:
ftp://updates.redhat.com/7.1/en/ ... .20-13.7.athlon.rpm
ftp://updates.redhat.com/7.1/en/ ... .20-13.7.athlon.rpm

i386:
ftp://updates.redhat.com/7.1/en/ ... .4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.1/en/ ... .4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.1/en/ ... .4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.1/en/ ... .4.20-13.7.i386.rpm

i586:
ftp://updates.redhat.com/7.1/en/ ... .4.20-13.7.i586.rpm
ftp://updates.redhat.com/7.1/en/ ... .4.20-13.7.i586.rpm

i686:
ftp://updates.redhat.com/7.1/en/ ... .4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.1/en/ ... .4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.1/en/ ... .4.20-13.7.i686.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/ ... 2.4.20-13.7.src.rpm

athlon:
ftp://updates.redhat.com/7.2/en/ ... .20-13.7.athlon.rpm
ftp://updates.redhat.com/7.2/en/ ... .20-13.7.athlon.rpm

i386:
ftp://updates.redhat.com/7.2/en/ ... .4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.2/en/ ... .4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.2/en/ ... .4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.2/en/ ... .4.20-13.7.i386.rpm

i586:
ftp://updates.redhat.com/7.2/en/ ... .4.20-13.7.i586.rpm
ftp://updates.redhat.com/7.2/en/ ... .4.20-13.7.i586.rpm

i686:
ftp://updates.redhat.com/7.2/en/ ... .4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.2/en/ ... .4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.2/en/ ... .4.20-13.7.i686.rpm

Red Hat Linux 7.3:

SRPMS:
ftp://updates.redhat.com/7.3/en/ ... 2.4.20-13.7.src.rpm

athlon:
ftp://updates.redhat.com/7.3/en/ ... .20-13.7.athlon.rpm
ftp://updates.redhat.com/7.3/en/ ... .20-13.7.athlon.rpm

i386:
ftp://updates.redhat.com/7.3/en/ ... .4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.3/en/ ... .4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.3/en/ ... .4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.3/en/ ... .4.20-13.7.i386.rpm

i586:
ftp://updates.redhat.com/7.3/en/ ... .4.20-13.7.i586.rpm
ftp://updates.redhat.com/7.3/en/ ... .4.20-13.7.i586.rpm

i686:
ftp://updates.redhat.com/7.3/en/ ... .4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.3/en/ ... .4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.3/en/ ... .4.20-13.7.i686.rpm

Red Hat Linux 8.0:

SRPMS:
ftp://updates.redhat.com/8.0/en/ ... 2.4.20-13.8.src.rpm
ftp://updates.redhat.com/8.0/en/ ... -0.4-44.8.1.src.rpm

athlon:
ftp://updates.redhat.com/8.0/en/ ... .20-13.8.athlon.rpm
ftp://updates.redhat.com/8.0/en/ ... .20-13.8.athlon.rpm

i386:
ftp://updates.redhat.com/8.0/en/ ... .4.20-13.8.i386.rpm
ftp://updates.redhat.com/8.0/en/ ... .4.20-13.8.i386.rpm
ftp://updates.redhat.com/8.0/en/ ... .4.20-13.8.i386.rpm
ftp://updates.redhat.com/8.0/en/ ... .4.20-13.8.i386.rpm
ftp://updates.redhat.com/8.0/en/ ... 0.4-44.8.1.i386.rpm

i586:
ftp://updates.redhat.com/8.0/en/ ... .4.20-13.8.i586.rpm
ftp://updates.redhat.com/8.0/en/ ... .4.20-13.8.i586.rpm

i686:
ftp://updates.redhat.com/8.0/en/ ... .4.20-13.8.i686.rpm
ftp://updates.redhat.com/8.0/en/ ... .4.20-13.8.i686.rpm
ftp://updates.redhat.com/8.0/en/ ... .4.20-13.8.i686.rpm

Red Hat Linux 9:

SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/kernel-2.4.20-13.9.src.rpm

athlon:
ftp://updates.redhat.com/9/en/os ... .20-13.9.athlon.rpm
ftp://updates.redhat.com/9/en/os ... .20-13.9.athlon.rpm

i386:
ftp://updates.redhat.com/9/en/os/i386/kernel-2.4.20-13.9.i386.rpm
ftp://updates.redhat.com/9/en/os ... .4.20-13.9.i386.rpm
ftp://updates.redhat.com/9/en/os ... .4.20-13.9.i386.rpm
ftp://updates.redhat.com/9/en/os ... .4.20-13.9.i386.rpm

i586:
ftp://updates.redhat.com/9/en/os/i586/kernel-2.4.20-13.9.i586.rpm
ftp://updates.redhat.com/9/en/os ... .4.20-13.9.i586.rpm

i686:
ftp://updates.redhat.com/9/en/os/i686/kernel-2.4.20-13.9.i686.rpm
ftp://updates.redhat.com/9/en/os ... .4.20-13.9.i686.rpm
ftp://updates.redhat.com/9/en/os ... .4.20-13.9.i686.rpm

相关信息
参考:http://www.securityfocus.com/advisories/5384
http://www.securityfocus.com/advisories/5419
http://www.securityfocus.com/advisories/5377
http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html
http://www.cs.rice.edu/~scrosby/hash/
http://www.kernel.org/pub/linux/ ... ng/patch-2.4.21.log
http://marc.theaimsgroup.com/?l= ... p;m=104956079213417
发表于 2003-6-2 13:59:25 | 显示全部楼层
有谁实现过吗?
发表于 2003-6-4 09:09:50 | 显示全部楼层
实现过?晕了。不该在这里问的吧。
这有不是黑客论坛。。
只有那些傻呼呼的自以为是黑客的家伙们
看着别人写的教程,用着别人写的工具,入侵
自己人的网站。
您需要登录后才可以回帖 登录 | 注册

本版积分规则

快速回复 返回顶部 返回列表