首页 -> 安全研究

安全研究

安全漏洞
Netfilter内存泄漏导致Linux Kernel本地拒绝服务漏洞

发布日期:2005-03-17
更新日期:2005-03-17

受影响系统:
Linux kernel 2.6.8 rc3
Linux kernel 2.6.8 rc2
Linux kernel 2.6.8 rc1
Linux kernel 2.6.8
Linux kernel 2.6.7 rc1
Linux kernel 2.6.7
Linux kernel 2.6.6 rc1
Linux kernel 2.6.6
Linux kernel 2.6.5
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 2.6.10
Linux kernel 2.6.1-rc2
Linux kernel 2.6.1-rc1
Linux kernel 2.6.1
Linux kernel 2.6-test9-CVS
Linux kernel 2.6-test9
Linux kernel 2.6-test8
Linux kernel 2.6-test7
Linux kernel 2.6-test6
Linux kernel 2.6-test5
Linux kernel 2.6-test4
Linux kernel 2.6-test3
Linux kernel 2.6-test2
Linux kernel 2.6-test11
Linux kernel 2.6-test10
Linux kernel 2.6-test1
Linux kernel 2.6
描述:
BUGTRAQ  ID: 12816
CVE(CAN) ID: CVE-2005-0210

Linux Kernel是开放源代码操作系统Linux的内核。

Linux Kernel的Netfilter组件代码中存在的内存泄漏,本地攻击攻击者可能利用此漏洞对致Linux Kernel执行拒绝服务攻击。

某些本地生成的报文碎片会重组两次,导致双重分配数据结构,由于kernel内存耗尽会导致机器崩溃。这个漏洞可能允许攻击者导致合法用户的拒绝服务。目前还不知道是否可以远程利用这个漏洞。

<*来源:Herbert Xu
  
  链接:http://www.securityfocus.com/advisories/8229
*>

建议:
厂商补丁:

Linux
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

Linux kernel 2.6.8 rc1:
      Ubuntu Upgrade linux-doc-2.6.8.1_2.6.8.1-16.12_all.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-doc-2.6.8.1_2.6.8.1-16.12_all.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-patch-debian-2.6.8.1_2.6.8.1-16.12_all.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-patch-debian-2.6.8.1_2.6.8.1-16.12_all.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-source-2.6.8.1_2.6.8.1-16.12_all.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-source-2.6.8.1_2.6.8.1-16.12_all.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-tree-2.6.8.1_2.6.8.1-16.12_all.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-tree-2.6.8.1_2.6.8.1-16.12_all.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-headers-2.6.8.1-5-amd64-generic_2.6.8.1-
      16.12_amd64.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-headers-2.6.8.1-5-amd64-generic_2.6.8.1-16.12_amd64.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-headers-2.6.8.1-5-amd64-k8-smp_2.6.8.1-
      16.12_amd64.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-headers-2.6.8.1-5-amd64-k8-smp_2.6.8.1-16.12_amd64.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-headers-2.6.8.1-5-amd64-k8_2.6.8.1-
      16.12_amd64.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-headers-2.6.8.1-5-amd64-k8_2.6.8.1-16.12_amd64.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-headers-2.6.8.1-5-amd64-xeon_2.6.8.1-
      16.12_amd64.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-headers-2.6.8.1-5-amd64-xeon_2.6.8.1-16.12_amd64.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-headers-2.6.8.1-5_2.6.8.1-16.12_amd64.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-headers-2.6.8.1-5_2.6.8.1-16.12_amd64.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-image-2.6.8.1-5-amd64-generic_2.6.8.1-
      16.12_amd64.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-image-2.6.8.1-5-amd64-generic_2.6.8.1-16.12_amd64.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-image-2.6.8.1-5-amd64-k8-smp_2.6.8.1-
      16.12_amd64.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-image-2.6.8.1-5-amd64-k8-smp_2.6.8.1-16.12_amd64.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-image-2.6.8.1-5-amd64-k8_2.6.8.1-16.12_amd64.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-image-2.6.8.1-5-amd64-k8_2.6.8.1-16.12_amd64.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-image-2.6.8.1-5-amd64-xeon_2.6.8.1-
      16.12_amd64.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-image-2.6.8.1-5-amd64-xeon_2.6.8.1-16.12_amd64.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-headers-2.6.8.1-5-386_2.6.8.1-16.12_i386.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-headers-2.6.8.1-5-386_2.6.8.1-16.12_i386.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-headers-2.6.8.1-5-686-smp_2.6.8.1-16.12_i386.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-headers-2.6.8.1-5-686-smp_2.6.8.1-16.12_i386.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-headers-2.6.8.1-5-686_2.6.8.1-16.12_i386.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-headers-2.6.8.1-5-686_2.6.8.1-16.12_i386.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-headers-2.6.8.1-5-k7-smp_2.6.8.1-16.12_i386.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-headers-2.6.8.1-5-k7-smp_2.6.8.1-16.12_i386.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-headers-2.6.8.1-5-k7_2.6.8.1-16.12_i386.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-headers-2.6.8.1-5-k7_2.6.8.1-16.12_i386.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-headers-2.6.8.1-5_2.6.8.1-16.12_i386.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-headers-2.6.8.1-5_2.6.8.1-16.12_i386.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-image-2.6.8.1-5-386_2.6.8.1-16.12_i386.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-image-2.6.8.1-5-386_2.6.8.1-16.12_i386.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-image-2.6.8.1-5-686-smp_2.6.8.1-16.12_i386.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-image-2.6.8.1-5-686-smp_2.6.8.1-16.12_i386.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-image-2.6.8.1-5-686_2.6.8.1-16.12_i386.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-image-2.6.8.1-5-686_2.6.8.1-16.12_i386.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-image-2.6.8.1-5-k7-smp_2.6.8.1-16.12_i386.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-image-2.6.8.1-5-k7-smp_2.6.8.1-16.12_i386.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-image-2.6.8.1-5-k7_2.6.8.1-16.12_i386.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-image-2.6.8.1-5-k7_2.6.8.1-16.12_i386.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-headers-2.6.8.1-5-power3-smp_2.6.8.1-
      16.12_powerpc.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-headers-2.6.8.1-5-power3-smp_2.6.8.1-16.12_powerpc.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-headers-2.6.8.1-5-power3_2.6.8.1-
      16.12_powerpc.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-headers-2.6.8.1-5-power3_2.6.8.1-16.12_powerpc.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-headers-2.6.8.1-5-power4-smp_2.6.8.1-
      16.12_powerpc.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-headers-2.6.8.1-5-power4-smp_2.6.8.1-16.12_powerpc.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-headers-2.6.8.1-5-power4_2.6.8.1-
      16.12_powerpc.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-headers-2.6.8.1-5-power4_2.6.8.1-16.12_powerpc.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-headers-2.6.8.1-5-powerpc-smp_2.6.8.1-
      16.12_powerpc.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-headers-2.6.8.1-5-powerpc-smp_2.6.8.1-16.12_powerpc.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-headers-2.6.8.1-5-powerpc_2.6.8.1-
      16.12_powerpc.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-headers-2.6.8.1-5-powerpc_2.6.8.1-16.12_powerpc.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-headers-2.6.8.1-5_2.6.8.1-16.12_powerpc.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-headers-2.6.8.1-5_2.6.8.1-16.12_powerpc.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-image-2.6.8.1-5-power3-smp_2.6.8.1-
      16.12_powerpc.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-image-2.6.8.1-5-power3-smp_2.6.8.1-16.12_powerpc.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-image-2.6.8.1-5-power3_2.6.8.1-16.12_powerpc.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-image-2.6.8.1-5-power3_2.6.8.1-16.12_powerpc.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-image-2.6.8.1-5-power4-smp_2.6.8.1-
      16.12_powerpc.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-image-2.6.8.1-5-power4-smp_2.6.8.1-16.12_powerpc.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-image-2.6.8.1-5-power4_2.6.8.1-16.12_powerpc.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-image-2.6.8.1-5-power4_2.6.8.1-16.12_powerpc.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-image-2.6.8.1-5-powerpc-smp_2.6.8.1-
      16.12_powerpc.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-image-2.6.8.1-5-powerpc-smp_2.6.8.1-16.12_powerpc.deb
      Ubuntu 4.10 (Warty Warthog)
      Ubuntu Upgrade linux-image-2.6.8.1-5-powerpc_2.6.8.1-
      16.12_powerpc.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/
      linux-image-2.6.8.1-5-powerpc_2.6.8.1-16.12_powerpc.deb
      Ubuntu 4.10 (Warty Warthog)

浏览次数:3224
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客