首页 -> 安全研究
安全研究
安全漏洞
Linux内核路由缓冲条目远程拒绝服务攻击漏洞
发布日期:2003-05-14
更新日期:2003-05-23
受影响系统:
Linux kernel 2.4.9描述:
Linux kernel 2.4.8
Linux kernel 2.4.7
Linux kernel 2.4.6
Linux kernel 2.4.5
Linux kernel 2.4.4
Linux kernel 2.4.3
Linux kernel 2.4.20
Linux kernel 2.4.2
Linux kernel 2.4.19
Linux kernel 2.4.17
Linux kernel 2.4.16
Linux kernel 2.4.15
Linux kernel 2.4.14
Linux kernel 2.4.13
Linux kernel 2.4.12
Linux kernel 2.4.11
Linux kernel 2.4.10
Linux kernel 2.4.1
Linux kernel 2.4
Linux kernel 2.4.18
- Conectiva Linux 8.0
- Debian Linux 3.0
- Mandrake Linux 9.1
- Mandrake Linux 9.0
- RedHat Linux 9.0
- RedHat Linux 8.0
- RedHat Linux 7.3
- SuSE Linux 8.1
- SuSE Linux 8.0
- SuSE Linux 7.3
BUGTRAQ ID: 7601
CVE(CAN) ID: CVE-2003-0244
Linux Kernel是开放源代码的Linux内核系统。
Linux内核网络代码的HASH表实现存在缺陷,远程攻击者可以利用这个漏洞消耗目标机器大量资源,不能对新的包进行路由,导致拒绝服务攻击。
路由缓冲用于缓冲路由通信,以对后续的转发进行判断,当包达到的时候,IP路由代码就会检查通信包并根据路由缓冲进行判断,如果存在缓冲信息,就会重用,否则将产生新路由。Linux内核的网络代码在处理IP头具有相同IPv4源和目的地址,及相同TOS值的包存在缺陷,攻击者精心构建上面描述的包发送给Linux,可导致每个包的路由条目连接到相同的HASH链中,这就使得当路由列表很长的时查找会变的非常消耗资源,因此大量发送此类包,可导致服务器消耗大量系统资源而产生拒绝服务。根据测试,一般每秒发400个此类包可使受攻击的系统消耗4G的RAM。
<*来源:Scott A. Crosby & Dan S. Wallach (Scott A. Crosby <scrosby@cs.rice.edu>)
链接:http://www.cs.rice.edu/~scrosby/hash/
http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html
https://www.redhat.com/support/errata/RHSA-2003-172.html
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* Florian Weimer提供非官方解决方案:
使用iptables设置rate限制或者降低路由缓冲大小。路由缓冲大小可以使用/proc接口来减少。不过选择设置rate限制比较复杂,因此建议采用缓冲大小减少的办法,不过此方法会减低部分路由性能:
# echo 4096 > /proc/sys/net/ipv4/route/max_size
# echo 2048 > /proc/sys/net/ipv4/route/gc_thresh
#
厂商补丁:
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2003:172-00)以及相应补丁:
RHSA-2003:172-00:Updated 2.4 kernel fixes security vulnerabilities and various bugs
链接:https://www.redhat.com/support/errata/RHSA-2003-172.html
补丁下载:
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm
athlon:
ftp://updates.redhat.com/7.1/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm
ftp://updates.redhat.com/7.1/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm
i586:
ftp://updates.redhat.com/7.1/en/os/i586/kernel-2.4.20-13.7.i586.rpm
ftp://updates.redhat.com/7.1/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm
i686:
ftp://updates.redhat.com/7.1/en/os/i686/kernel-2.4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm
athlon:
ftp://updates.redhat.com/7.2/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm
ftp://updates.redhat.com/7.2/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/kernel-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm
i586:
ftp://updates.redhat.com/7.2/en/os/i586/kernel-2.4.20-13.7.i586.rpm
ftp://updates.redhat.com/7.2/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm
i686:
ftp://updates.redhat.com/7.2/en/os/i686/kernel-2.4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.2/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.2/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm
athlon:
ftp://updates.redhat.com/7.3/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm
ftp://updates.redhat.com/7.3/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/kernel-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm
i586:
ftp://updates.redhat.com/7.3/en/os/i586/kernel-2.4.20-13.7.i586.rpm
ftp://updates.redhat.com/7.3/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm
i686:
ftp://updates.redhat.com/7.3/en/os/i686/kernel-2.4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm
Red Hat Linux 8.0:
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/kernel-2.4.20-13.8.src.rpm
ftp://updates.redhat.com/8.0/en/os/SRPMS/oprofile-0.4-44.8.1.src.rpm
athlon:
ftp://updates.redhat.com/8.0/en/os/athlon/kernel-2.4.20-13.8.athlon.rpm
ftp://updates.redhat.com/8.0/en/os/athlon/kernel-smp-2.4.20-13.8.athlon.rpm
i386:
ftp://updates.redhat.com/8.0/en/os/i386/kernel-2.4.20-13.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-source-2.4.20-13.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-doc-2.4.20-13.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-BOOT-2.4.20-13.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/oprofile-0.4-44.8.1.i386.rpm
i586:
ftp://updates.redhat.com/8.0/en/os/i586/kernel-2.4.20-13.8.i586.rpm
ftp://updates.redhat.com/8.0/en/os/i586/kernel-smp-2.4.20-13.8.i586.rpm
i686:
ftp://updates.redhat.com/8.0/en/os/i686/kernel-2.4.20-13.8.i686.rpm
ftp://updates.redhat.com/8.0/en/os/i686/kernel-smp-2.4.20-13.8.i686.rpm
ftp://updates.redhat.com/8.0/en/os/i686/kernel-bigmem-2.4.20-13.8.i686.rpm
Red Hat Linux 9:
SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/kernel-2.4.20-13.9.src.rpm
athlon:
ftp://updates.redhat.com/9/en/os/athlon/kernel-2.4.20-13.9.athlon.rpm
ftp://updates.redhat.com/9/en/os/athlon/kernel-smp-2.4.20-13.9.athlon.rpm
i386:
ftp://updates.redhat.com/9/en/os/i386/kernel-2.4.20-13.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-source-2.4.20-13.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-doc-2.4.20-13.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-BOOT-2.4.20-13.9.i386.rpm
i586:
ftp://updates.redhat.com/9/en/os/i586/kernel-2.4.20-13.9.i586.rpm
ftp://updates.redhat.com/9/en/os/i586/kernel-smp-2.4.20-13.9.i586.rpm
i686:
ftp://updates.redhat.com/9/en/os/i686/kernel-2.4.20-13.9.i686.rpm
ftp://updates.redhat.com/9/en/os/i686/kernel-smp-2.4.20-13.9.i686.rpm
ftp://updates.redhat.com/9/en/os/i686/kernel-bigmem-2.4.20-13.9.i686.rpm
可使用下列命令安装补丁:
rpm -Fvh [文件名]
浏览次数:3272
严重程度:0(网友投票)
绿盟科技给您安全的保障