首页 -> 安全研究
安全研究
安全漏洞
BSD TCP/IP广播地址连接检查漏洞
发布日期:2002-03-18
更新日期:2002-03-21
受影响系统:
FreeBSD FreeBSD 5.0描述:
FreeBSD FreeBSD 4.5
FreeBSD FreeBSD 4.4
FreeBSD FreeBSD 4.3
FreeBSD FreeBSD 4.2
FreeBSD FreeBSD 4.1.1
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 4.0
FreeBSD FreeBSD 3.5.1
FreeBSD FreeBSD 3.5
FreeBSD FreeBSD 3.4
FreeBSD FreeBSD 3.3
FreeBSD FreeBSD 3.2
FreeBSD FreeBSD 3.1
FreeBSD FreeBSD 3.0
FreeBSD FreeBSD 2.2.8
FreeBSD FreeBSD 2.2.6
FreeBSD FreeBSD 2.2.5
FreeBSD FreeBSD 2.2.4
FreeBSD FreeBSD 2.2.3
FreeBSD FreeBSD 2.2.2
FreeBSD FreeBSD 2.2
FreeBSD FreeBSD 2.1.7.1
FreeBSD FreeBSD 2.1.6.1
FreeBSD FreeBSD 2.1.6
FreeBSD FreeBSD 2.1.5
FreeBSD FreeBSD 2.1
FreeBSD FreeBSD 2.0.5
FreeBSD FreeBSD 2.0
NetBSD NetBSD 1.5.2
NetBSD NetBSD 1.5.1
NetBSD NetBSD 1.5 x86
NetBSD NetBSD 1.5 sh3
NetBSD NetBSD 1.5
NetBSD NetBSD 1.4.3
NetBSD NetBSD 1.4.2 x86
NetBSD NetBSD 1.4.2 SPARC
NetBSD NetBSD 1.4.2 arm32
NetBSD NetBSD 1.4.2 Alpha
NetBSD NetBSD 1.4.2
NetBSD NetBSD 1.4.1 x86
NetBSD NetBSD 1.4.1 SPARC
NetBSD NetBSD 1.4.1 sh3
NetBSD NetBSD 1.4.1 arm32
NetBSD NetBSD 1.4.1 Alpha
NetBSD NetBSD 1.4.1
NetBSD NetBSD 1.4
NetBSD NetBSD 1.3.3
NetBSD NetBSD 1.3.2
NetBSD NetBSD 1.3.1
NetBSD NetBSD 1.3
NetBSD NetBSD 1.2.1
NetBSD NetBSD 1.2
NetBSD NetBSD 1.1
NetBSD NetBSD 1.0
OpenBSD OpenBSD 3.0
OpenBSD OpenBSD 2.9
OpenBSD OpenBSD 2.8
OpenBSD OpenBSD 2.7
OpenBSD OpenBSD 2.6
OpenBSD OpenBSD 2.5
OpenBSD OpenBSD 2.4
OpenBSD OpenBSD 2.3
OpenBSD OpenBSD 2.2
OpenBSD OpenBSD 2.1
OpenBSD OpenBSD 2.0
BUGTRAQ ID: 4309
CVE(CAN) ID: CVE-2002-0381
多个BSD操作系统的TCP/IP实现存在错误,包括FreeBSD和NetBSD,OpenBSD可能也有此问题。
RFC 1122定义的TCP实现对于进入的SYN分段的地址是去向多播或广播地址的必需丢弃不作任何反应。受影响的BSD在实现上是基于链路层地址丢弃包而不是检查目标IP地址。
<*来源:Crist J. Clark (cjclark@alum.mit.edu)
Igor M Podlesny (poige@morning.ru)
Ruslan Ermilov (ru@FreeBSD.org)
链接:http://archives.neohapsis.com/archives/bugtraq/2002-03/0220.html
http://www.freebsd.org/cgi/query-pr.cgi?pr=35022
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 不打补丁实在没有好的临时解决方法。
厂商补丁:
FreeBSD
-------
2002-2-25 (CVS revision 1.148) FreeBSD 5-CURRENT和2002-2-28 (revision 1.107.2.21) FreeBSD 4-STABLE修复了这个安全问题,请到厂商的主页下载:
http://www.freebsd.org/
NetBSD
------
NetBSD补丁 (已经测试):
Index: src/sys/netinet/tcp_input.c
===================================================================
RCS file: /export/netbsd/ncvs/syssrc/sys/netinet/tcp_input.c,v
retrieving revision 1.108.4.10
diff -u -r1.108.4.10 tcp_input.c
--- src/sys/netinet/tcp_input.c 24 Jan 2002 22:44:21 -0000 1.108.4.10
+++ src/sys/netinet/tcp_input.c 16 Mar 2002 23:14:14 -0000
@@ -677,7 +677,8 @@
* Make sure destination address is not multicast.
* Source address checked in ip_input().
*/
- if (IN_MULTICAST(ip->ip_dst.s_addr)) {
+ if (IN_MULTICAST(ip->ip_dst.s_addr) ||
+ in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif)) {
/* XXX stat */
goto drop;
}
@@ -2183,6 +2184,11 @@
*/
if (tiflags & TH_RST)
goto drop;
+
+ if (IN_MULTICAST(ip->ip_dst.s_addr) ||
+ in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif))
+ goto drop;
+
{
/*
* need to recover version # field, which was overwritten on
OpenBSD
-------
OpenBSD补丁 (没有测试):
Index: src/sys/netinet/tcp_input.c
===================================================================
RCS file: /export/openbsd/ncvs/src/sys/netinet/tcp_input.c,v
retrieving revision 1.109
diff -u -r1.109 tcp_input.c
--- src/sys/netinet/tcp_input.c 15 Mar 2002 18:19:52 -0000 1.109
+++ src/sys/netinet/tcp_input.c 17 Mar 2002 01:08:35 -0000
@@ -1080,8 +1080,6 @@
/*
* RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN
- * in_broadcast() should never return true on a received
- * packet with M_BCAST not set.
*/
if (m->m_flags & (M_BCAST|M_MCAST))
goto drop;
@@ -1094,7 +1092,8 @@
break;
#endif /* INET6 */
case AF_INET:
- if (IN_MULTICAST(ip->ip_dst.s_addr))
+ if (IN_MULTICAST(ip->ip_dst.s_addr) ||
+ in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif)) {
goto drop;
break;
}
@@ -2139,7 +2138,8 @@
break;
#endif /* INET6 */
case AF_INET:
- if (IN_MULTICAST(ip->ip_dst.s_addr))
+ if (IN_MULTICAST(ip->ip_dst.s_addr) ||
+ in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif))
goto drop;
}
if (tiflags & TH_ACK) {
浏览次数:3635
严重程度:0(网友投票)
绿盟科技给您安全的保障