CVE-2002-0510
CVSS5.0
发布时间 :2002-08-12 00:00:00
修订时间 :2008-09-05 16:28:13
NMCOS    

[原文]The UDP implementation in Linux 2.4.x kernels keeps the IP Identification field at 0 for all non-fragmented packets, which could allow remote attackers to determine that a target system is running Linux.


[CNNVD]Linux 2.4 UDP报文的IP ID域固定为0漏洞(CNNVD-200208-024)

        
        Linux Kernel 2.4.x在UDP实现上存在问题,使得攻击者可以远程识别内核版本。
        在Kernel 2.4.10上用nslookup做一次简单的DNS查询
        UDP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:63 DF Len: 43
        BC 0D 01 00 00 01 00 00 00 00 00 00 03 77 77 77 .............www
        03 63 6E 6E 03 63 6F 6D 05 6C 6F 63 61 6C 00 00 .cnn.com.local..
        01 00 01 ...
        发送出去的UDP报文的IP ID域固定是0。
        对一台Linux 2.4.18机器的ECHO服务端口发关UDP报文
        -> y.y.y.y:7 UDP TTL:64 TOS:0x0 ID:28256 IpLen:20 DgmLen:28 Len: 8
        y.y.y.y:7 -> UDP TTL:50 TOS:0x0 ID:0 IpLen:20 DgmLen:28 DF Len: 8
        响应报文的IP ID域固定是0。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:linux:linux_kernel:2.4.16Linux Kernel 2.4.16
cpe:/o:linux:linux_kernel:2.4.1Linux Kernel 2.4.1
cpe:/o:linux:linux_kernel:2.4.6Linux Kernel 2.4.6
cpe:/o:linux:linux_kernel:2.4.5Linux Kernel 2.4.5
cpe:/o:linux:linux_kernel:2.4.17Linux Kernel 2.4.17
cpe:/o:linux:linux_kernel:2.4.14Linux Kernel 2.4.14
cpe:/o:linux:linux_kernel:2.4.7Linux Kernel 2.4.7
cpe:/o:linux:linux_kernel:2.4.10Linux Kernel 2.4.10
cpe:/o:linux:linux_kernel:2.4.11Linux Kernel 2.4.11
cpe:/o:linux:linux_kernel:2.4.12Linux Kernel 2.4.12
cpe:/o:linux:linux_kernel:2.4.4Linux Kernel 2.4.4
cpe:/o:linux:linux_kernel:2.4.13Linux Kernel 2.4.13
cpe:/o:linux:linux_kernel:2.4.9Linux Kernel 2.4.9
cpe:/o:linux:linux_kernel:2.4.0Linux Kernel 2.4.0
cpe:/o:linux:linux_kernel:2.4.15Linux Kernel 2.4.15
cpe:/o:linux:linux_kernel:2.4.2Linux Kernel 2.4.2
cpe:/o:linux:linux_kernel:2.4.8Linux Kernel 2.4.8
cpe:/o:linux:linux_kernel:2.4.18Linux Kernel 2.4.18
cpe:/o:linux:linux_kernel:2.4.3Linux Kernel 2.4.3

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0510
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0510
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200208-024
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/4314
(VENDOR_ADVISORY)  BID  4314
http://www.securityfocus.com/archive/1/262840
(VENDOR_ADVISORY)  BUGTRAQ  20020319 Identifying Kernel 2.4.x based Linux machines using UDP
http://www.iss.net/security_center/static/8588.php
(VENDOR_ADVISORY)  XF  linux-udp-fingerprint(8588)

- 漏洞信息

Linux 2.4 UDP报文的IP ID域固定为0漏洞
中危 设计错误
2002-08-12 00:00:00 2005-10-20 00:00:00
远程  
        
        Linux Kernel 2.4.x在UDP实现上存在问题,使得攻击者可以远程识别内核版本。
        在Kernel 2.4.10上用nslookup做一次简单的DNS查询
        UDP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:63 DF Len: 43
        BC 0D 01 00 00 01 00 00 00 00 00 00 03 77 77 77 .............www
        03 63 6E 6E 03 63 6F 6D 05 6C 6F 63 61 6C 00 00 .cnn.com.local..
        01 00 01 ...
        发送出去的UDP报文的IP ID域固定是0。
        对一台Linux 2.4.18机器的ECHO服务端口发关UDP报文
        -> y.y.y.y:7 UDP TTL:64 TOS:0x0 ID:28256 IpLen:20 DgmLen:28 Len: 8
        y.y.y.y:7 -> UDP TTL:50 TOS:0x0 ID:0 IpLen:20 DgmLen:28 DF Len: 8
        响应报文的IP ID域固定是0。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        暂时没有合适的临时解决方法。
        厂商补丁:
        Linux
        -----
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.kernel.org/

- 漏洞信息

9587
Linux Kernel UDP Implementation IP Identification Field Remote OS Disclosure
Remote / Network Access

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-03-19 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux 2.4 UDP Constant IP Identification Field Fingerprinting Vulnerability
Design Error 4314
Yes No
2002-03-19 12:00:00 2009-07-11 11:56:00
Discovered by Ofir Arkin <ofir@stake.com>.

- 受影响的程序版本

Linux kernel 2.4.18
+ Astaro Security Linux 2.0 23
+ Astaro Security Linux 2.0 16
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
+ Red Hat Enterprise Linux AS 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Linux 8.0
+ RedHat Linux 7.3
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. Linux Office Server
+ S.u.S.E. Linux Openexchange Server
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. SuSE eMail Server 3.1
+ S.u.S.E. SuSE eMail Server III
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
Linux kernel 2.4.17
Linux kernel 2.4.16
+ Sun Cobalt RaQ 550
Linux kernel 2.4.15
Linux kernel 2.4.14
Linux kernel 2.4.13
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
Linux kernel 2.4.12
+ Conectiva Linux 7.0
Linux kernel 2.4.11
Linux kernel 2.4.10
+ S.u.S.E. Linux 7.3
Linux kernel 2.4.9
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0
Linux kernel 2.4.8
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.7
+ RedHat Linux 7.2
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
Linux kernel 2.4.6
Linux kernel 2.4.5
+ Slackware Linux 8.0
Linux kernel 2.4.4
+ S.u.S.E. Linux 7.2
Linux kernel 2.4.3
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.2
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
Linux kernel 2.4.1
Linux kernel 2.4

- 漏洞讨论

A fingerprinting threat has been reported in some versions of the 2.4 Linux kernel IP stack implementation. UDP packets are transmitted with a constant IP Identification field of 0.

An attacker may be able to exploit this weakness to discover the operating system and approximate kernel version of the vulnerable system. The ability to fingerprint operating systems based on minor differences in network implementations is well known, and not limited to Linux based systems.

- 漏洞利用

No exploit is required.

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站