漏洞信息详情
Netfilter NAT远程拒绝服务攻击漏洞
- CNNVD编号:CNNVD-200308-183
- 危害等级: 中危
![图片[1]-Netfilter NAT远程拒绝服务攻击漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-16/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2003-0467
- 漏洞类型:
未知
- 发布时间:
2003-08-27
- 威胁类型:
远程
- 更新时间:
2005-10-20
- 厂 商:
linux - 漏洞来源:
Netfilter Core Tea… -
漏洞简介
Netfilter是一款Linux Kernel下的防火墙构架实现。
Netfilter在部分条件下在处理NAT时存在漏洞,远程攻击者可以利用这个问题对使用NAT的系统进行拒绝服务攻击。
目前没有详细漏洞细节提供。
漏洞公告
厂商补丁:
Linux
—–
2.4.21pre7有如下补丁:
diff -urpN –exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff –minimal linux-2.4.21-pre7/net/ipv4/netfilter/ip_nat_helper.c working-2.4.21-pre7-sackadjust/net/ipv4/netfilter/ip_nat_helper.c
— linux-2.4.21-pre7/net/ipv4/netfilter/ip_nat_helper.c 2003-04-06 15:26:48.000000000 +1000
+++ working-2.4.21-pre7-sackadjust/net/ipv4/netfilter/ip_nat_helper.c 2003-04-14 23:18:38.000000000 +1000
-366,54 +365,49 sack_adjust(struct tcphdr *tcph,
}
-/* TCP SACK sequence number adjustment, return 0 if sack found and adjusted */
-static inline int
+/* TCP SACK sequence number adjustment. */
+static inline void
ip_nat_sack_adjust(struct sk_buff *skb,
– struct ip_conntrack *ct,
– enum ip_conntrack_info ctinfo)
+ struct ip_conntrack *ct,
+ enum ip_conntrack_info ctinfo)
{
– struct iphdr *iph;
struct tcphdr *tcph;
– unsigned char *ptr;
– int length, dir, sack_adjusted = 0;
+ unsigned char *ptr, *optend;
+ unsigned int dir;
– iph = skb->nh.iph;
– tcph = (void *)iph + iph->ihl*4;
– length = (tcph->doff*4)-sizeof(struct tcphdr);
+ tcph = (void *)skb->nh.iph + skb->nh.iph->ihl*4;
+ optend = (unsigned char *)tcph + tcph->doff*4;
ptr = (unsigned char *)(tcph+1);
dir = CTINFO2DIR(ctinfo);
– while (length > 0) {
– int opcode = *ptr++;
+ while (ptr < optend) {
+ int opcode = ptr[0];
int opsize;
switch (opcode) {
case TCPOPT_EOL:
– return !sack_adjusted;
+ return;
case TCPOPT_NOP:
– length–;
+ ptr++;
continue;
default:
– opsize = *ptr++;
– if (opsize > length) /* no partial opts */
– return !sack_adjusted;
+ opsize = ptr[1];
+ /* no partial opts */
+ if (ptr + opsize > optend || opsize < 2)
+ return;
if (opcode == TCPOPT_SACK) {
/* found SACK */
if((opsize >= (TCPOLEN_SACK_BASE
+TCPOLEN_SACK_PERBLOCK)) &&
!((opsize – TCPOLEN_SACK_BASE)
% TCPOLEN_SACK_PERBLOCK))
– sack_adjust(tcph, ptr-2,
+ sack_adjust(tcph, ptr,
&ct->nat.info.seq[!dir]);
–
– sack_adjusted = 1;
}
– ptr += opsize-2;
– length -= opsize;
+ ptr += opsize;
}
}
– return !sack_adjusted;
}
/* TCP sequence number adjustment */
参考网址
来源: BUGTRAQ
名称: 20030802 [SECURITY] Netfilter Security Advisory: NAT Remote DOS (SACK mangle)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105985703724758&w=2
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
