CVE-2002-2185
CVSS4.9
发布时间 :2002-12-31 00:00:00
修订时间 :2010-08-21 00:13:59
NMCOS    

[原文]The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.


[CNNVD]多家厂商伪造IGMP报告拒绝服务攻击漏洞(CNNVD-200212-662)

        
        IGMP-Internet Group Management Protocol是多播技术的一部分,用于主机和支持多播功能的路由器之间的组管理,其中包含使用报告抑制机制防止冗余IGMP成员报告发送给查询路由器。
        IGMP在处理组成员报告抑制机制上存在问题,远程攻击者可以利用这个漏洞对连接在多播组上的主机进行拒绝服务攻击。
        在下面的环境中,主机H1和H2使用HUB连接路由器,主机H1是230.0.0.1多播组的成员并从指定路由器R上接收通信,R定期发送IGMP组成员查询信息到主机网络中,主机H1需要响应IGMP组成员查询信息其属于这一组,现在H2进行攻击,H2从R中嗅探到网络中的组成员查询信息,然后H2单播组成员报告给H1,H1接收到信息后推断网络中其他主机也要接收此通信就抑制了自己的报告,这样导致路由器R一直没有接收到230.0.0.1组中的任何组成员报告,阻塞相关流向此子网的所有多播通信,使网络中主机接收不到任何信息。
        

- CVSS (基础分值)

CVSS分值: 4.9 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:suse:suse_linux:7.1::spa
cpe:/o:microsoft:windows_98::goldMicrosoft windows 98_gold
cpe:/o:sgi:irix:6.5.16mSGI IRIX 6.5.16m
cpe:/o:suse:suse_linux:6.4::i386
cpe:/o:redhat:linux:7.1::ia64
cpe:/o:redhat:linux_advanced_workstation:2.1::itanium_processor
cpe:/o:microsoft:windows_xp::gold:professionalMicrosoft Windows XP Professional Gold
cpe:/o:suse:suse_linux:7.0::sparc
cpe:/o:redhat:enterprise_linux_desktop:4.0Red Hat Desktop 4.0
cpe:/o:redhat:enterprise_linux:3.0::enterprise_server
cpe:/o:redhat:linux:7.2::ia64
cpe:/o:sgi:irix:6.5.17mSGI IRIX 6.5.17m
cpe:/o:sgi:irix:6.5.3SGI IRIX 6.5.3
cpe:/o:suse:suse_linux:6.4::ppc
cpe:/o:mandrakesoft:mandrake_linux:8.1MandrakeSoft Mandrake Linux 8.1
cpe:/o:microsoft:windows_98seMicrosoft windows 98_se
cpe:/o:sgi:irix:6.5.8SGI IRIX 6.5.8
cpe:/o:redhat:linux_advanced_workstation:2.1::ia64
cpe:/o:debian:debian_linux:2.2::powerpc
cpe:/o:suse:suse_linux:7.1::sparc
cpe:/o:redhat:linux:6.2::alpha
cpe:/o:redhat:enterprise_linux:3.0::workstation
cpe:/o:redhat:linux:7.0::sparc
cpe:/o:microsoft:windows_xp:::home
cpe:/o:redhat:linux:7.0::i386
cpe:/o:suse:suse_linux:8.0::i386
cpe:/o:sgi:irix:6.5.5SGI IRIX 6.5.5
cpe:/o:debian:debian_linux:2.2::arm
cpe:/o:sgi:irix:6.5.4SGI IRIX 6.5.4
cpe:/o:sgi:irix:6.5.10SGI IRIX 6.5.10
cpe:/o:debian:debian_linux:2.2::ia-32
cpe:/o:redhat:enterprise_linux:4.0::enterprise_server
cpe:/o:suse:suse_linux:7.3::ppc
cpe:/o:suse:suse_linux:7.0::i386
cpe:/o:sgi:irix:6.5.17fSGI IRIX 6.5.17f
cpe:/o:sgi:irix:6.5.14fSGI IRIX 6.5.14f
cpe:/o:redhat:enterprise_linux:4.0::advanced_server
cpe:/o:redhat:linux:7.1::alpha
cpe:/o:redhat:linux:6.2::sparc
cpe:/o:sgi:irix:6.5.18fSGI IRIX 6.5.18f
cpe:/o:redhat:enterprise_linux:3.0::advanced_servers
cpe:/o:sgi:irix:6.5.6SGI IRIX 6.5.6
cpe:/o:sgi:irix:6.5.15fSGI IRIX 6.5.15f
cpe:/o:mandrakesoft:mandrake_linux:8.0MandrakeSoft Mandrake Linux 8.0
cpe:/o:suse:suse_linux:6.4:alphaSuSE SuSE Linux 6.4 alpha
cpe:/o:redhat:enterprise_linux:4.0::workstation
cpe:/o:sgi:irix:6.5.13SGI IRIX 6.5.13
cpe:/o:suse:suse_linux:7.0::ppc
cpe:/o:sgi:irix:6.5.18mSGI IRIX 6.5.18m
cpe:/o:suse:suse_linux:7.3::i386
cpe:/o:suse:suse_linux:7.0:alphaSuSE SuSE Linux 7.0 alpha
cpe:/o:suse:suse_linux:7.2::i386
cpe:/o:sgi:irix:6.5.11SGI IRIX 6.5.11
cpe:/o:redhat:linux:7.0::alpha
cpe:/o:sgi:irix:6.5.9SGI IRIX 6.5.9
cpe:/o:sgi:irix:6.5.14mSGI IRIX 6.5.14m
cpe:/o:sgi:irix:6.5.12SGI IRIX 6.5.12
cpe:/o:mandrakesoft:mandrake_linux:8.1::ia64
cpe:/o:redhat:linux:7.3::i386
cpe:/o:suse:suse_linux:7.1::x86
cpe:/o:debian:debian_linux:2.2::68k
cpe:/o:sgi:irix:6.5SGI IRIX 6.5
cpe:/o:debian:debian_linux:2.2::alpha
cpe:/o:redhat:linux:7.1::i386
cpe:/o:sgi:irix:6.5.7SGI IRIX 6.5.7
cpe:/o:mandrakesoft:mandrake_linux:8.2MandrakeSoft Mandrake Linux 8.2
cpe:/o:suse:suse_linux:7.3::sparc
cpe:/o:sgi:irix:6.5.15mSGI IRIX 6.5.15m
cpe:/o:sgi:irix:6.5.16fSGI IRIX 6.5.16f
cpe:/o:redhat:enterprise_linux_desktop:3.0Red Hat Desktop 3.0
cpe:/o:redhat:linux:7.2::i386
cpe:/o:suse:suse_linux:7.1:alphaSuSE SuSE Linux 7.1 alpha
cpe:/o:sgi:irix:6.5.1SGI IRIX 6.5.1
cpe:/o:redhat:linux:6.2::i386
cpe:/o:debian:debian_linux:2.2::sparc
cpe:/o:sgi:irix:6.5.2SGI IRIX 6.5.2
cpe:/o:mandrakesoft:mandrake_linux:8.0::ppc

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10736The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Et...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2185
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-2185
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-662
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/5020
(PATCH)  BID  5020
http://www.redhat.com/support/errata/RHSA-2006-0191.html
(PATCH)  REDHAT  RHSA-2006:0191
http://www.redhat.com/support/errata/RHSA-2006-0190.html
(PATCH)  REDHAT  RHSA-2006:0190
http://www.redhat.com/support/errata/RHSA-2006-0140.html
(PATCH)  REDHAT  RHSA-2006:0140
http://www.redhat.com/support/errata/RHSA-2006-0101.html
(PATCH)  REDHAT  RHSA-2006:0101
http://www.cs.ucsb.edu/~krishna/igmp_dos/
(PATCH)  MISC  http://www.cs.ucsb.edu/~krishna/igmp_dos/
http://secunia.com/advisories/18684
(VENDOR_ADVISORY)  SECUNIA  18684
http://secunia.com/advisories/18562
(VENDOR_ADVISORY)  SECUNIA  18562
http://secunia.com/advisories/18510
(VENDOR_ADVISORY)  SECUNIA  18510
http://xforce.iss.net/xforce/xfdb/9436
(UNKNOWN)  XF  igmp-spoofed-report-dos(9436)
http://www.securityfocus.com/archive/1/archive/1/428058/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:157459-2
http://www.securityfocus.com/archive/1/archive/1/428028/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:157459-1
http://www.securityfocus.com/archive/1/archive/1/427981/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:157459-4
http://www.securityfocus.com/archive/1/archive/1/427980/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:157459-3

- 漏洞信息

多家厂商伪造IGMP报告拒绝服务攻击漏洞
中危 设计错误
2002-12-31 00:00:00 2006-03-17 00:00:00
远程  
        
        IGMP-Internet Group Management Protocol是多播技术的一部分,用于主机和支持多播功能的路由器之间的组管理,其中包含使用报告抑制机制防止冗余IGMP成员报告发送给查询路由器。
        IGMP在处理组成员报告抑制机制上存在问题,远程攻击者可以利用这个漏洞对连接在多播组上的主机进行拒绝服务攻击。
        在下面的环境中,主机H1和H2使用HUB连接路由器,主机H1是230.0.0.1多播组的成员并从指定路由器R上接收通信,R定期发送IGMP组成员查询信息到主机网络中,主机H1需要响应IGMP组成员查询信息其属于这一组,现在H2进行攻击,H2从R中嗅探到网络中的组成员查询信息,然后H2单播组成员报告给H1,H1接收到信息后推断网络中其他主机也要接收此通信就抑制了自己的报告,这样导致路由器R一直没有接收到230.0.0.1组中的任何组成员报告,阻塞相关流向此子网的所有多播通信,使网络中主机接收不到任何信息。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 主机接收到IGMP包时需要检查MAC地址,如果不是多播以太地址如以01:00:5E为前缀的地址,主机需要丢弃此包。
        厂商补丁:
        RedHat
        ------
        RedHat已经为此发布了一个安全公告(RHSA-2006:0101-01)以及相应补丁:
        RHSA-2006:0101-01:Important: kernel security update
        链接:
        http://lwn.net/Alerts/168077/?format=printable

        SGI
        ---
        SGI已经为此发布了一个安全公告(20020901-01-A)以及相应补丁:
        20020901-01-A:IGMP multicast report Denial of Service vulnerability
        链接:ftp://patches.sgi.com/support/free/security/advisories/20020901-01-A

- 漏洞信息

22509
IGMP Spoofed Membership Report DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-06-14 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Multiple Vendor Spoofed IGMP Report Denial Of Service Vulnerability
Design Error 5020
Yes No
2002-06-14 12:00:00 2006-02-07 08:55:00
Vulnerability discovery credited to krishna@cs.ucsb.edu, arun@cs.ucsb.edu, and mohit@cs.ucsb.edu.

- 受影响的程序版本

SGI IRIX 6.5.18 m
SGI IRIX 6.5.18 f
SGI IRIX 6.5.17 m
SGI IRIX 6.5.17 f
SGI IRIX 6.5.16 m
SGI IRIX 6.5.16 f
SGI IRIX 6.5.15 m
SGI IRIX 6.5.15 f
SGI IRIX 6.5.14 m
SGI IRIX 6.5.14 f
SGI IRIX 6.5.13
SGI IRIX 6.5.12
SGI IRIX 6.5.11
SGI IRIX 6.5.10
SGI IRIX 6.5.9
SGI IRIX 6.5.8
SGI IRIX 6.5.7
SGI IRIX 6.5.6
SGI IRIX 6.5.5
SGI IRIX 6.5.4
SGI IRIX 6.5.3
SGI IRIX 6.5.2
SGI IRIX 6.5.1
SGI IRIX 6.5
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 7.3 sparc
S.u.S.E. Linux 7.3 ppc
S.u.S.E. Linux 7.3 i386
S.u.S.E. Linux 7.2 i386
S.u.S.E. Linux 7.1 x86
S.u.S.E. Linux 7.1 sparc
S.u.S.E. Linux 7.1 ppc
S.u.S.E. Linux 7.1 alpha
S.u.S.E. Linux 7.0 sparc
S.u.S.E. Linux 7.0 ppc
S.u.S.E. Linux 7.0 i386
S.u.S.E. Linux 7.0 alpha
S.u.S.E. Linux 6.4 ppc
S.u.S.E. Linux 6.4 i386
S.u.S.E. Linux 6.4 alpha
RedHat Linux 7.3 i386
RedHat Linux 7.2 ia64
RedHat Linux 7.2 i386
RedHat Linux 7.1 ia64
RedHat Linux 7.1 i386
RedHat Linux 7.1 alpha
RedHat Linux 7.0 sparc
RedHat Linux 7.0 i386
RedHat Linux 7.0 alpha
RedHat Linux 6.2 sparc
RedHat Linux 6.2 i386
RedHat Linux 6.2 alpha
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Microsoft Windows XP Professional
Microsoft Windows XP Home
Microsoft Windows 98SE
Microsoft Windows 98
Mandriva Linux Mandrake 8.2
Mandriva Linux Mandrake 8.1 ia64
Mandriva Linux Mandrake 8.1
Mandriva Linux Mandrake 8.0 ppc
Mandriva Linux Mandrake 8.0
Debian Linux 2.2 sparc
Debian Linux 2.2 powerpc
Debian Linux 2.2 IA-32
Debian Linux 2.2 arm
Debian Linux 2.2 alpha
Debian Linux 2.2 68k
SGI IRIX 6.5.19

- 不受影响的程序版本

SGI IRIX 6.5.19

- 漏洞讨论

Internet Group Management Protocol (IGMP) specifies guidelines for the management of Internet Multicast Routing management.

An arbitrary host may deny service to a system on the same segment of network. In a situation where a multicast router sends a membership report request, a host sending a unicast membership report response to the primary responder can prevent the responder from sending a message to the multicast router. In doing so, the router will not receive a response from any host, and thus the transmission will timeout and cease.

This vulnerability may additionally affect other operating systems, though it is currently unknown which implementations may be vulnerable.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案


Please see the referenced advisories for more information:

- SGI has released a new advisory. Users are advised to upgrade to IRIX 6.5.19 or to apply the following fixes.
- Red Hat has released advisory RHSA-2006:0101-9, along with fixes to address various Linux Kernel issues in Red Hat Enterprise Linux 4 operating systems.
- Red Hat has released advisory RHSA-2006:0140-9 to address various issues in Red Hat Enterprise Linux 3.
- Red Hat has released advisory RHSA-2006:0190-5 to address this and other issues.

The following fixes are available:


SGI IRIX 6.5.14 f

SGI IRIX 6.5.14 m

SGI IRIX 6.5.15 m

SGI IRIX 6.5.15 f

SGI IRIX 6.5.16 f

SGI IRIX 6.5.16 m

SGI IRIX 6.5.17 m

SGI IRIX 6.5.17 f

SGI IRIX 6.5.18 m

SGI IRIX 6.5.18 f

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站