发布时间 :2001-06-02 00:00:00
修订时间 :2017-12-18 21:29:19

[原文]The ICMP path MTU (PMTU) discovery feature in various UNIX systems allows remote attackers to cause a denial of service by spoofing "ICMP Fragmentation needed but Don't Fragment (DF) set" packets between two target hosts, which could cause one host to lower its MTU when transmitting to the other host.

[CNNVD]UNIX ICMP路径MTU (PMTU)目录特征服务拒绝漏洞(CNNVD-200106-019)

        多个UNIX系统中的ICMP路径MTU (PMTU)目录特征存在漏洞。远程攻击者通过欺骗两个目标主机的 "ICMP Fragmentation needed but Don't Fragment (DF) set"数据包打的字服务拒绝,该漏洞可导致一台主机在传输至另一台主机时降低它的MTU。

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:19650CRITICAL PATCH UPDATE JULY 2012

- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20010115 ICMP fragmentation required but DF set problems.
(UNKNOWN)  XF  icmp-pmtu-dos(5975)

- 漏洞信息

UNIX ICMP路径MTU (PMTU)目录特征服务拒绝漏洞
中危 未知
2001-06-02 00:00:00 2005-10-20 00:00:00
        多个UNIX系统中的ICMP路径MTU (PMTU)目录特征存在漏洞。远程攻击者通过欺骗两个目标主机的 "ICMP Fragmentation needed but Don't Fragment (DF) set"数据包打的字服务拒绝,该漏洞可导致一台主机在传输至另一台主机时降低它的MTU。

- 公告与补丁


- 漏洞信息

Multiple Vendor ICMP Path MTU Discovery Spoofing DoS
Remote / Network Access Denial of Service, Infrastructure, Input Manipulation
Loss of Availability
Exploit Public

- 漏洞描述

Linux, some variants of BSD, and possibly other operating systems contain a flaw in their TCP/IP stacks that may allow a remote denial of service. The issue is triggered when spoofed "fragmentation required but DF set" ICMP packets (ICMP type 3, code 4) are sent to the machine. This will cause the machine to lower the MTU for connections to the spoofed address, significantly slowing throughput and efficiency, and will result in loss of availability for the platform.

- 时间线

2001-01-15 Unknow
2001-01-15 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者