Linux IPChains碎片重叠漏洞

漏洞信息详情

Linux IPChains碎片重叠漏洞

• CNNVD编号：CNNVD-199907-030
• 危害等级： 高危
  
  
• CVE编号：
  CVE-1999-1018
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  1999-07-27
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  linux
• 漏洞来源：
  First released in …

Linux kernels 2.2.10及之前版本中的IPChains存在漏洞。IPChains不能在检验头信息之前重新装配IP碎片，远程攻击者借助该漏洞绕过使用几个带有0位移碎片的过滤规则。

This patch was provided with the DataProtect advisory posted to BugTraq on July 27, 1999. The solution was incorporated into the 2.2.11 kernel, released in August 1999.
*** linux.old/net/ipv4/ip_fw.c Wed Jun 9 05:33:07 1999
— linux/net/ipv4/ip_fw.c Fri Jul 23 19:20:45 1999
***************
*** 37,42 ****
— 37,45 —-
* 19-May-1999: Star Wars: The Phantom Menace opened. Rule num
* printed in log (modified from Michael Hasenstein’s patch).
* Added SYN in log message. –RR
+ * 23-Jul-1999: Fixed small fragment security exposure opened on 15-May-1998.
+ * John McDonald
+ * Thomas Lopatic
*/
/*
***************
*** 644,650 ****
default:
size_req = 0;
}
! offset = (ntohs(ip->tot_len) < (ip->ihl<<2)+size_req);
}
src = ip->saddr;
— 647,666 —-
default:
size_req = 0;
}
!
! /* If it is a truncated first fragment then it can be
! * used to rewrite port information, and thus should
! * be blocked.
! */
!
! if (ntohs(ip->tot_len) < (ip->ihl<<2)+size_req)
! {
! if (!testing && net_ratelimit()) {
! printk(“Suspect short first fragment.\n”);
! dump_packet(ip,rif,NULL,NULL,0,0,0,0);
! }
! return FW_BLOCK;
! }
}
src = ip->saddr;
@dataprotect.com>@dataprotect.com>

来源: BID
名称: 543
链接:http://www.securityfocus.com/bid/543

来源: BUGTRAQ
名称: 19990727 Linux 2.2.10 ipchains Advisory
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=93312523904591&w=2