首页 -> 安全研究
安全研究
安全漏洞
TCPDump畸形ISAKMP包远程拒绝服务攻击漏洞
发布日期:2003-02-27
更新日期:2003-03-11
受影响系统:
LBL tcpdump 3.7.1不受影响系统:
LBL tcpdump 3.6.2
LBL tcpdump 3.5.2
LBL tcpdump 3.7
- Caldera OpenLinux Server 3.1.1
- Caldera OpenLinux Server 3.1
- Caldera OpenLinux Workstation 3.1.1
- Caldera OpenLinux Workstation 3.1
- Conectiva Linux 8.0
- Conectiva Linux 7.0
- Conectiva Linux 6.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Debian Linux 3.0 IA-32
- Debian Linux 3.0 arm
- Debian Linux 3.0 powerpc
- Debian Linux 3.0 68k
- Debian Linux 3.0 i386
- Debian Linux 3.0 sparc
- Debian Linux 3.0 alpha
- FreeBSD 4.3
- FreeBSD 4.2
- FreeBSD 4.1.1
- FreeBSD 4.1
- FreeBSD 4.0
- Mandrake Linux 8.2
- Mandrake Linux 8.1
- Mandrake Linux 8.0
- Mandrake Linux 7.2
- Mandrake Linux 7.1
- RedHat Linux 7.3 ia64
- RedHat Linux 7.3 x86
- RedHat Linux 7.2
- RedHat Linux 7.1
- RedHat Linux 7.0
- RedHat Linux 6.2
- Trustix Secure Linux 1.5
- Trustix Secure Linux 1.2
- Trustix Secure Linux 1.1
LBL tcpdump 3.7.2描述:
LBL tcpdump 3.4a6
BUGTRAQ ID: 6974
CVE(CAN) ID: CVE-2003-0108
TCPDUMP是广泛用于网络分析的工具,可对匹配的表达式打印出相对网络接口的包信息,具体可参看 http://www.tcpdump.org 。
TCPDUMP在解析畸形ISAKMP包时存在漏洞,远程攻击者可以利用这个漏洞使TCPDUMP进入无限循环而导致拒绝服务。
远程用户可以生成特殊的ISAKMP包让TCPDUMP解析,可使TCPDUMP进入无限循环而不能再检测网络通信。攻击者要匿名触发此漏洞,需要伪造恶意包的源地址。下面是TCPDUMP解析畸形ISAKMP包所产生的信息:
# tcpdump -vvvr tcpdump_isakmp_inf_loop | head 05:14:57.954719
192.168.2.243.isakmp > 192.168.2.243.isakmp: isakmp 8.9 msgid 7d380dee
cookie 773b4e8a1618caa8->51efacc0a65e0334: phase 2/others ? #69[C]:
(#83)
(#237)
(#237)
(#237)
(#237)
(#237)
(#237)
(#237)
(#237)
...
字符串"(#237)"会持续无限打印,这时候TCPDUMP将不会再处理其他包。漏洞代码在print_isakmp.c:isakmp_sub_print()中的while()循环中,由于变量'no'不等于零而循环永远不能打破造成:
while (np) {
safememcpy(&e, ext, sizeof(e));
if (ep < (u_char *)ext + ntohs(e.len)) {
printf(" [|%s]", NPSTR(np));
cp = ep + 1;
break;
}
depth++;
printf("\n");
for (i = 0; i < depth; i++)
printf(" ");
printf("(");
cp = isakmp_sub0_print(np, ext, ep, phase, doi, proto);
printf(")");
depth--;
np = e.np;
ext = (struct isakmp_gen *)cp;
}
<*来源:Andrew Griffiths (andrewg@tasmail.com)
链接:http://www.debian.org/security/2003/dsa-255
http://www.idefense.com/advisory/02.27.03.txt
http://www.linux-mandrake.com/en/security/2003/2003-027.php
*>
建议:
厂商补丁:
Debian
------
http://www.debian.org/security/2003/dsa-255
LBL
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
LBL Upgrade tcpdump-3.7.2.tar.gz
http://www.tcpdump.org/release/tcpdump-3.7.2.tar.gz
MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2003:027)以及相应补丁:
MDKSA-2003:027:Updated tcpdump packages fix denial of service vulnerabilities
链接:http://www.linux-mandrake.com/en/security/2003/2003-027.php
补丁下载:
Updated Packages:
Corporate Server 2.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/libpcap0-0.7.2-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/libpcap0-devel-0.7.2-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/tcpdump-3.7.2-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/SRPMS/libpcap-0.7.2-1.1mdk.src.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/SRPMS/tcpdump-3.7.2-1.1mdk.src.rpm
Mandrake Linux 8.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/libpcap0-0.7.2-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/libpcap0-devel-0.7.2-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/tcpdump-3.7.2-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/SRPMS/libpcap-0.7.2-1.1mdk.src.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/SRPMS/tcpdump-3.7.2-1.1mdk.src.rpm
Mandrake Linux 8.1/IA64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/libpcap0-0.7.2-1.1mdk.ia64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/libpcap0-devel-0.7.2-1.1mdk.ia64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/tcpdump-3.7.2-1.1mdk.ia64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/SRPMS/libpcap-0.7.2-1.1mdk.src.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/SRPMS/tcpdump-3.7.2-1.1mdk.src.rpm
Mandrake Linux 8.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/libpcap0-0.7.2-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/libpcap0-devel-0.7.2-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/tcpdump-3.7.2-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/SRPMS/libpcap-0.7.2-1.1mdk.src.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/SRPMS/tcpdump-3.7.2-1.1mdk.src.rpm
Mandrake Linux 8.2/PPC:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/libpcap0-0.7.2-1.1mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/libpcap0-devel-0.7.2-1.1mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/tcpdump-3.7.2-1.1mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/SRPMS/libpcap-0.7.2-1.1mdk.src.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/SRPMS/tcpdump-3.7.2-1.1mdk.src.rpm
Mandrake Linux 9.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/libpcap0-0.7.2-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/libpcap0-devel-0.7.2-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/tcpdump-3.7.2-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/SRPMS/libpcap-0.7.2-1.1mdk.src.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/SRPMS/tcpdump-3.7.2-1.1mdk.src.rpm
Multi Network Firewall 8.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/mnf8.2/RPMS/libpcap0-0.7.2-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/mnf8.2/RPMS/libpcap0-devel-0.7.2-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/mnf8.2/RPMS/tcpdump-3.7.2-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/mnf8.2/SRPMS/libpcap-0.7.2-1.1mdk.src.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/mnf8.2/SRPMS/tcpdump-3.7.2-1.1mdk.src.rpm
Single Network Firewall 7.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/snf7.2/RPMS/libpcap-0.7.2-0.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/snf7.2/RPMS/libpcap-devel-0.7.2-0.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/snf7.2/RPMS/tcpdump-3.7.2-0.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/snf7.2/SRPMS/libpcap-0.7.2-0.1mdk.src.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/snf7.2/SRPMS/tcpdump-3.7.2-0.1mdk.src.rpm
上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:
http://www.mandrakesecure.net/en/ftp.php
浏览次数:3643
严重程度:0(网友投票)
绿盟科技给您安全的保障