CVE-2003-0244
CVSS5.0
发布时间 :2003-05-27 00:00:00
修订时间 :2016-10-17 22:31:11
NMCOS    

[原文]The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions.


[CNNVD]Linux内核路由缓冲条目远程拒绝服务攻击漏洞(CNNVD-200305-073)

        
        Linux Kernel是开放源代码的Linux内核系统。
        Linux内核网络代码的HASH表实现存在缺陷,远程攻击者可以利用这个漏洞消耗目标机器大量资源,不能对新的包进行路由,导致拒绝服务攻击。
        路由缓冲用于缓冲路由通信,以对后续的转发进行判断,当包达到的时候,IP路由代码就会检查通信包并根据路由缓冲进行判断,如果存在缓冲信息,就会重用,否则将产生新路由。Linux内核的网络代码在处理IP头具有相同IPv4源和目的地址,及相同TOS值的包存在缺陷,攻击者精心构建上面描述的包发送给Linux,可导致每个包的路由条目连接到相同的HASH链中,这就使得当路由列表很长的时查找会变的非常消耗资源,因此大量发送此类包,可导致服务器消耗大量系统资源而产生拒绝服务。根据测试,一般每秒发400个此类包可使受攻击的系统消耗4G的RAM。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:261Linux Route Cache / Netfilter Denial of Service
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0244
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0244
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200305-073
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0073.html
(UNKNOWN)  VULNWATCH  20030517 Algorithmic Complexity Attacks and the Linux Networking Code
http://marc.info/?l=bugtraq&m=105301461726555&w=2
(UNKNOWN)  ENGARDE  ESA-20030515-017
http://marc.info/?l=bugtraq&m=105595901923063&w=2
(UNKNOWN)  BUGTRAQ  20030618 [slackware-security] 2.4.21 kernels available (SSA:2003-168-01)
http://marc.info/?l=linux-kernel&m=104956079213417
(UNKNOWN)  MISC  http://marc.info/?l=linux-kernel&m=104956079213417
http://www.debian.org/security/2003/dsa-311
(VENDOR_ADVISORY)  DEBIAN  DSA-311
http://www.debian.org/security/2003/dsa-312
(UNKNOWN)  DEBIAN  DSA-312
http://www.debian.org/security/2003/dsa-332
(UNKNOWN)  DEBIAN  DSA-332
http://www.debian.org/security/2003/dsa-336
(UNKNOWN)  DEBIAN  DSA-336
http://www.debian.org/security/2004/dsa-442
(UNKNOWN)  DEBIAN  DSA-442
http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html
(UNKNOWN)  MISC  http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html
http://www.mandriva.com/security/advisories?name=MDKSA-2003:066
(UNKNOWN)  MANDRAKE  MDKSA-2003:066
http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
(UNKNOWN)  MANDRAKE  MDKSA-2003:074
http://www.redhat.com/support/errata/RHSA-2003-145.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2003:145
http://www.redhat.com/support/errata/RHSA-2003-147.html
(UNKNOWN)  REDHAT  RHSA-2003:147
http://www.redhat.com/support/errata/RHSA-2003-172.html
(UNKNOWN)  REDHAT  RHSA-2003:172
http://www.securityfocus.com/bid/7601
(UNKNOWN)  BID  7601
http://xforce.iss.net/xforce/xfdb/15382
(UNKNOWN)  XF  data-algorithmic-complexity-dos(15382)

- 漏洞信息

Linux内核路由缓冲条目远程拒绝服务攻击漏洞
中危 设计错误
2003-05-27 00:00:00 2005-10-20 00:00:00
远程  
        
        Linux Kernel是开放源代码的Linux内核系统。
        Linux内核网络代码的HASH表实现存在缺陷,远程攻击者可以利用这个漏洞消耗目标机器大量资源,不能对新的包进行路由,导致拒绝服务攻击。
        路由缓冲用于缓冲路由通信,以对后续的转发进行判断,当包达到的时候,IP路由代码就会检查通信包并根据路由缓冲进行判断,如果存在缓冲信息,就会重用,否则将产生新路由。Linux内核的网络代码在处理IP头具有相同IPv4源和目的地址,及相同TOS值的包存在缺陷,攻击者精心构建上面描述的包发送给Linux,可导致每个包的路由条目连接到相同的HASH链中,这就使得当路由列表很长的时查找会变的非常消耗资源,因此大量发送此类包,可导致服务器消耗大量系统资源而产生拒绝服务。根据测试,一般每秒发400个此类包可使受攻击的系统消耗4G的RAM。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * Florian Weimer提供非官方解决方案:
        使用iptables设置rate限制或者降低路由缓冲大小。路由缓冲大小可以使用/proc接口来减少。不过选择设置rate限制比较复杂,因此建议采用缓冲大小减少的办法,不过此方法会减低部分路由性能:
        # echo 4096 > /proc/sys/net/ipv4/route/max_size
        # echo 2048 > /proc/sys/net/ipv4/route/gc_thresh
        #
        厂商补丁:
        RedHat
        ------
        RedHat已经为此发布了一个安全公告(RHSA-2003:172-00)以及相应补丁:
        RHSA-2003:172-00:Updated 2.4 kernel fixes security vulnerabilities and various bugs
        链接:https://www.redhat.com/support/errata/RHSA-2003-172.html
        补丁下载:
        Red Hat Linux 7.1:
        SRPMS:
        ftp://updates.redhat.com/7.1/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm
        athlon:
        ftp://updates.redhat.com/7.1/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm
        ftp://updates.redhat.com/7.1/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm
        i386:
        ftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.20-13.7.i386.rpm
        ftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm
        ftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm
        ftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm
        i586:
        ftp://updates.redhat.com/7.1/en/os/i586/kernel-2.4.20-13.7.i586.rpm
        ftp://updates.redhat.com/7.1/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm
        i686:
        ftp://updates.redhat.com/7.1/en/os/i686/kernel-2.4.20-13.7.i686.rpm
        ftp://updates.redhat.com/7.1/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm
        ftp://updates.redhat.com/7.1/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm
        Red Hat Linux 7.2:
        SRPMS:
        ftp://updates.redhat.com/7.2/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm
        athlon:
        ftp://updates.redhat.com/7.2/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm
        ftp://updates.redhat.com/7.2/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm
        i386:
        ftp://updates.redhat.com/7.2/en/os/i386/kernel-2.4.20-13.7.i386.rpm
        ftp://updates.redhat.com/7.2/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm
        ftp://updates.redhat.com/7.2/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm
        ftp://updates.redhat.com/7.2/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm
        i586:
        ftp://updates.redhat.com/7.2/en/os/i586/kernel-2.4.20-13.7.i586.rpm
        ftp://updates.redhat.com/7.2/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm
        i686:
        ftp://updates.redhat.com/7.2/en/os/i686/kernel-2.4.20-13.7.i686.rpm
        ftp://updates.redhat.com/7.2/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm
        ftp://updates.redhat.com/7.2/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm
        Red Hat Linux 7.3:
        SRPMS:
        ftp://updates.redhat.com/7.3/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm
        athlon:
        ftp://updates.redhat.com/7.3/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm
        ftp://updates.redhat.com/7.3/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm
        i386:
        ftp://updates.redhat.com/7.3/en/os/i386/kernel-2.4.20-13.7.i386.rpm
        ftp://updates.redhat.com/7.3/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm
        ftp://updates.redhat.com/7.3/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm
        ftp://updates.redhat.com/7.3/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm
        i586:
        ftp://updates.redhat.com/7.3/en/os/i586/kernel-2.4.20-13.7.i586.rpm
        ftp://updates.redhat.com/7.3/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm
        i686:
        ftp://updates.redhat.com/7.3/en/os/i686/kernel-2.4.20-13.7.i686.rpm
        ftp://updates.redhat.com/7.3/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm
        ftp://updates.redhat.com/7.3/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm
        Red Hat Linux 8.0:
        SRPMS:
        ftp://updates.redhat.com/8.0/en/os/SRPMS/kernel-2.4.20-13.8.src.rpm
        ftp://updates.redhat.com/8.0/en/os/SRPMS/oprofile-0.4-44.8.1.src.rpm
        athlon:
        ftp://updates.redhat.com/8.0/en/os/athlon/kernel-2.4.20-13.8.athlon.rpm
        ftp://updates.redhat.com/8.0/en/os/athlon/kernel-smp-2.4.20-13.8.athlon.rpm
        i386:
        ftp://updates.redhat.com/8.0/en/os/i386/kernel-2.4.20-13.8.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/kernel-source-2.4.20-13.8.i386.rpm
        

- 漏洞信息

4453
Linux Kernel Route Cache Netfilter IP Conntrack Module DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2003-04-05 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux Kernel Route Cache Entry Remote Denial Of Service Vulnerability
Design Error 7601
Yes No
2003-05-14 12:00:00 2009-07-11 10:06:00
Discovery credited to Florian Weimer.

- 受影响的程序版本

Sun Linux 5.0.5
Sun Linux 5.0.3
Sun Linux 5.0
+ Sun LX50
RedHat Linux Advanced Work Station 2.1
RedHat kernel-utils-2.4-8.29.i386.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-utils-2.4-8.13.i386.rpm
+ RedHat Linux 8.0
RedHat kernel-utils-2.4-7.4.i386.rpm
+ RedHat Linux 7.3
RedHat kernel-uml-2.4.18-14.i686.rpm
+ RedHat Linux 8.0
RedHat kernel-source-2.4.7-10.i386.rpm
+ RedHat Linux 7.2
RedHat kernel-source-2.4.20-8.i386.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-source-2.4.2-2.i386.rpm
+ RedHat Linux 7.1
RedHat kernel-source-2.4.18-3.i386.rpm
+ RedHat Linux 7.3
RedHat kernel-source-2.4.18-14.i386.rpm
+ RedHat Linux 8.0
RedHat kernel-smp-2.4.7-10.i686.rpm
+ RedHat Linux 7.2
RedHat kernel-smp-2.4.7-10.i586.rpm
+ RedHat Linux 7.2
RedHat kernel-smp-2.4.7-10.athlon.rpm
+ RedHat Linux 7.2
RedHat kernel-smp-2.4.20-8.i686.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-smp-2.4.20-8.athlon.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-smp-2.4.2-2.i686.rpm
+ RedHat Linux 7.1
RedHat kernel-smp-2.4.2-2.i586.rpm
+ RedHat Linux 7.1
RedHat kernel-smp-2.4.18-3.i686.rpm
+ RedHat Linux 7.3
RedHat kernel-smp-2.4.18-3.i586.rpm
+ RedHat Linux 7.3
RedHat kernel-smp-2.4.18-3.athlon.rpm
+ RedHat Linux 7.3
RedHat kernel-smp-2.4.18-14.i686.rpm
+ RedHat Linux 8.0
RedHat kernel-smp-2.4.18-14.athlon.rpm
+ RedHat Linux 8.0
RedHat kernel-headers-2.4.7-10.i386.rpm
+ RedHat Linux 7.2
RedHat kernel-headers-2.4.2-2.i386.rpm
+ RedHat Linux 7.1
RedHat kernel-enterprise-2.4.2-2.i686.rpm
+ RedHat Linux 7.1
RedHat kernel-doc-2.4.7-10.i386.rpm
RedHat kernel-doc-2.4.20-8.i386.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-doc-2.4.2-2.i386.rpm
+ RedHat Linux 7.1
RedHat kernel-doc-2.4.18-3.i386.rpm
+ RedHat Linux 7.3
RedHat kernel-doc-2.4.18-14.i386.rpm
+ RedHat Linux 8.0
RedHat kernel-debug-2.4.18-3.i686.rpm
+ RedHat Linux 7.3
RedHat kernel-debug-2.4.18-14.i686.rpm
+ RedHat Linux 8.0
RedHat kernel-BOOT-2.4.7-10.i386.rpm
+ RedHat Linux 7.2
RedHat kernel-BOOT-2.4.20-8.i386.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-BOOT-2.4.2-2.i386.rpm
+ RedHat Linux 7.1
RedHat kernel-BOOT-2.4.18-3.i386.rpm
+ RedHat Linux 7.3
RedHat kernel-BOOT-2.4.18-14.i386.rpm
+ RedHat Linux 8.0
RedHat kernel-bigmem-2.4.20-8.i686.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-bigmem-2.4.18-3.i686.rpm
+ RedHat Linux 7.3
RedHat kernel-bigmem-2.4.18-14.i686.rpm
+ RedHat Linux 8.0
RedHat kernel-2.4.7-10.i686.rpm
+ RedHat Linux 7.2
RedHat kernel-2.4.7-10.i386.rpm
+ RedHat Linux 7.2
RedHat kernel-2.4.7-10.athlon.rpm
+ RedHat Linux 7.2
RedHat kernel-2.4.20-8.i686.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.20-8.i586.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.20-8.athlon.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.2-2.i686.rpm
+ RedHat Linux 7.1
RedHat kernel-2.4.2-2.i586.rpm
RedHat kernel-2.4.2-2.i386.rpm
+ RedHat Linux 7.1
RedHat kernel-2.4.18-3.i686.rpm
+ RedHat Linux 7.3
RedHat kernel-2.4.18-3.i386.rpm
+ RedHat Linux 7.3
RedHat kernel-2.4.18-3.athlon.rpm
+ RedHat Linux 7.3
RedHat kernel-2.4.18-14.i686.rpm
+ RedHat Linux 8.0
RedHat kernel-2.4.18-14.i586.rpm
+ RedHat Linux 8.0
RedHat kernel-2.4.18-14.athlon.rpm
+ RedHat Linux 8.0
RedHat Enterprise Linux WS 2.1 IA64
Red Hat Enterprise Linux AS 2.1 IA64
Mandriva Linux Mandrake 9.1 ppc
Mandriva Linux Mandrake 9.1
Mandriva Linux Mandrake 9.0
Mandriva Linux Mandrake 8.2 ppc
Mandriva Linux Mandrake 8.2
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 2.1
Linux kernel 2.4.21 pre4
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
Linux kernel 2.4.20
+ CRUX CRUX Linux 1.0
+ Gentoo Linux 1.4
+ Gentoo Linux 1.2
+ RedHat Linux 9.0 i386
+ Slackware Linux 9.0
+ WOLK WOLK 4.4 s
Linux kernel 2.4.19
+ Conectiva Linux 8.0
+ Conectiva Linux Enterprise Edition 1.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux 8.1
+ Slackware Linux -current
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7
Linux kernel 2.4.18 x86
+ Debian Linux 3.0 ia-32
Linux kernel 2.4.18
+ Astaro Security Linux 2.0 23
+ Astaro Security Linux 2.0 16
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
+ Red Hat Enterprise Linux AS 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Linux 8.0
+ RedHat Linux 7.3
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. Linux Office Server
+ S.u.S.E. Linux Openexchange Server
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. SuSE eMail Server 3.1
+ S.u.S.E. SuSE eMail Server III
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
Linux kernel 2.4.17
Linux kernel 2.4.16
+ Sun Cobalt RaQ 550
Linux kernel 2.4.15
Linux kernel 2.4.14
Linux kernel 2.4.13
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
Linux kernel 2.4.12
+ Conectiva Linux 7.0
Linux kernel 2.4.11
Linux kernel 2.4.10
+ S.u.S.E. Linux 7.3
Linux kernel 2.4.9
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0
Linux kernel 2.4.8
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.7
+ RedHat Linux 7.2
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
Linux kernel 2.4.6
Linux kernel 2.4.5
+ Slackware Linux 8.0
Linux kernel 2.4.4
+ S.u.S.E. Linux 7.2
Linux kernel 2.4.3
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.2
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
Linux kernel 2.4.1
Linux kernel 2.4
Sun Linux 5.0.6

- 不受影响的程序版本

Sun Linux 5.0.6

- 漏洞讨论

It has been reported that the Linux kernel does not properly handle a low volume flood of some types of traffic. Because of this, an attacker may be able to cause excessive consumption of resources and failure to route traffic.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

This issue has reportedly been addressed in the latest prepatch (2.4.21) for the stable Linux kernel tree.

Mandrake Linux have released a security advisory (MDKSA-2003:074) to address this issue. Further details regarding downloading and applying these fixes can be found in the referenced advisory. Fixes are linked below.

Mandrake has issued a kernel upgrade that is patched. Please see the advisory linked to in the reference section (MDKSA-2003:066-1) for further information.

Red Hat has released advisory RHSA-2003:172-00 and fixes to address this issue. See referenced advisory for additional details.

EnGarde has released an advisory. Information about obtaining fixes can be found in the referenced advisory (ESA-20030515-017).

Conectiva has released advisory CLSA-2003:657 to address this issue.

Red Hat Linux has released a new advisory RHSA-2003:145-01. Users are advised to upgrade vulnerable systems with the fix information provided in the referenced advisory. Updates to packages are available through the Red Hat Network.

Red Hat Linux has released a new advisory RHSA-2003:187-01. Affected users are advised to upgrade to newer kernel packages. Further information is available in the referenced advisory.

Debian has issued a kernel upgrade that is patched. Please see the advisories linked to in the reference section (DSA-311-1 and DSA 312-1) for URLs to fixes.

Debian has released a new advisory DSA 332-1. Information about obtaining and applying fixes is available in the referenced advisory.

Debian has announced in DSA 336-2 that advisory DSA 336-1 does not address this issue.

Conectiva has released advisory CLA-2003:701 to address this issue. See referenced advisory for additional details and fix information.

Gentoo has released advisory 200308-01 to address this issue. Affected users are advised to execute the following commands:

emerge sync
emerge gentoo-sources
emerge clean

RHBA-2003:263-05 (for non-Enterprise Red Hat distributions) has been released to address unrelated bugs but provides Kernel updates that include more recent fixes for this and other security vulnerabilities.

Conectiva has released a security advisory (CLA-2003:796) containing fixes to address this issue in Conectiva Linux 8.

Debian has released DSA 442-1 to provide fixes for s390 platforms. Please see the attached advisory for further information.


RedHat kernel-2.4.18-3.i686.rpm

RedHat kernel-2.4.2-2.i386.rpm

RedHat kernel-source-2.4.18-14.i386.rpm

RedHat kernel-bigmem-2.4.18-14.i686.rpm

RedHat kernel-BOOT-2.4.7-10.i386.rpm

RedHat kernel-doc-2.4.2-2.i386.rpm

RedHat kernel-2.4.20-8.athlon.rpm

RedHat kernel-source-2.4.2-2.i386.rpm

RedHat kernel-2.4.7-10.athlon.rpm

RedHat kernel-doc-2.4.18-3.i386.rpm

RedHat kernel-BOOT-2.4.20-8.i386.rpm

RedHat kernel-2.4.20-8.i586.rpm

RedHat kernel-2.4.7-10.i686.rpm

RedHat kernel-bigmem-2.4.20-8.i686.rpm

RedHat kernel-source-2.4.20-8.i386.rpm

RedHat kernel-2.4.20-8.i686.rpm

RedHat kernel-BOOT-2.4.18-3.i386.rpm

RedHat kernel-doc-2.4.18-14.i386.rpm

RedHat kernel-BOOT-2.4.2-2.i386.rpm

RedHat kernel-2.4.7-10.i386.rpm

RedHat kernel-2.4.18-3.athlon.rpm

RedHat kernel-2.4.18-3.i386.rpm

RedHat kernel-bigmem-2.4.18-3.i686.rpm

RedHat kernel-source-2.4.7-10.i386.rpm

RedHat kernel-2.4.18-14.i586.rpm

RedHat kernel-2.4.18-14.i686.rpm

RedHat kernel-doc-2.4.20-8.i386.rpm

RedHat kernel-BOOT-2.4.18-14.i386.rpm

RedHat kernel-2.4.18-14.athlon.rpm

RedHat kernel-2.4.2-2.i686.rpm

MandrakeSoft Multi Network Firewall 2.0

MandrakeSoft Corporate Server 2.1

Linux kernel 2.4.17

Linux kernel 2.4.18

Linux kernel 2.4.18 x86

Linux kernel 2.4.19

Linux kernel 2.4.20

Linux kernel 2.4.21 pre4

Sun Linux 5.0

Sun Linux 5.0.3

Sun Linux 5.0.5

Mandriva Linux Mandrake 8.2

Mandriva Linux Mandrake 8.2 ppc

Mandriva Linux Mandrake 9.1 ppc

Mandriva Linux Mandrake 9.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站