CVE-2003-0804
CVSS5.0
发布时间 :2003-11-17 00:00:00
修订时间 :2008-09-10 15:20:30
NMCOS    

[原文]The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.


[CNNVD]BSD Kernel ARP缓冲淹没远程拒绝服务漏洞(CNNVD-200311-088)

        
        Address Resolution Protocol(ARP)是用于映射IP地址到MAC地址的协议。这些映射数据存储在系统的ARP缓冲中。
        通过伪造的ARP请求,远程攻击者可以对系统进行拒绝服务攻击,导致系统崩溃。
        在部分条件下,攻击者可以通过伪造的ARP请求进行淹没攻击,可引起资源耗竭。攻击者可以在短时间内发送大量包含不同网络协议地址的ARP请求,由于arplookup()函数没有删除不需要的ARP缓冲条目,可导致消耗大量资源而使系统崩溃,造成拒绝服务。
        攻击者必须在本地网络段使目标机器挂起或崩溃,使用ARP代理的网络也能使网络段的机器受到攻击。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:freebsd:freebsd:5.1FreeBSD 5.1
cpe:/o:openbsd:openbsd:3.3OpenBSD 3.3
cpe:/o:apple:mac_os_x_server:10.2.1Apple Mac OS X Server 10.2.1
cpe:/o:apple:mac_os_x:10.2Apple Mac OS X 10.2
cpe:/o:apple:mac_os_x:10.2.7Apple Mac OS X 10.2.7
cpe:/o:apple:mac_os_x_server:10.2.6Apple Mac OS X Server 10.2.6
cpe:/o:freebsd:freebsd:4.6.2FreeBSD 4.6.2
cpe:/o:freebsd:freebsd:5.0FreeBSD 5.0
cpe:/o:freebsd:freebsd:4.9:pre-release
cpe:/o:freebsd:freebsd:4.6FreeBSD 4.6
cpe:/o:apple:mac_os_x:10.2.5Apple Mac OS X 10.2.5
cpe:/o:apple:mac_os_x_server:10.2Apple Mac OS X Server 10.2
cpe:/o:apple:mac_os_x_server:10.2.4Apple Mac OS X Server 10.2.4
cpe:/o:apple:mac_os_x:10.2.2Apple Mac OS X 10.2.2
cpe:/o:apple:mac_os_x_server:10.2.7Apple Mac OS X Server 10.2.7
cpe:/o:freebsd:freebsd:4.7FreeBSD 4.7
cpe:/o:apple:mac_os_x:10.2.4Apple Mac OS X 10.2.4
cpe:/o:freebsd:freebsd:4.2FreeBSD 4.2
cpe:/o:openbsd:openbsd:3.4OpenBSD 3.4
cpe:/o:freebsd:freebsd:4.4FreeBSD 4.4
cpe:/o:apple:mac_os_x:10.2.3Apple Mac OS X 10.2.3
cpe:/o:apple:mac_os_x:10.2.1Apple Mac OS X 10.2.1
cpe:/o:freebsd:freebsd:4.8FreeBSD 4.8
cpe:/o:apple:mac_os_x:10.2.6Apple Mac OS X 10.2.6
cpe:/o:apple:mac_os_x_server:10.2.5Apple Mac OS X Server 10.2.5
cpe:/o:freebsd:freebsd:4.1FreeBSD 4.1
cpe:/o:freebsd:freebsd:4.3FreeBSD 4.3
cpe:/o:freebsd:freebsd:4.1.1FreeBSD 4.1.1
cpe:/o:freebsd:freebsd:4.5FreeBSD 4.5
cpe:/o:openbsd:openbsd:3.2OpenBSD 3.2
cpe:/o:apple:mac_os_x_server:10.2.3Apple Mac OS X Server 10.2.3
cpe:/o:apple:mac_os_x_server:10.2.2Apple Mac OS X Server 10.2.2
cpe:/o:freebsd:freebsd:4.0FreeBSD 4.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0804
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0804
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200311-088
(官方数据源) CNNVD

- 其它链接及资源

http://docs.info.apple.com/article.html?artnum=61798
(UNKNOWN)  CONFIRM  http://docs.info.apple.com/article.html?artnum=61798
ftp://patches.sgi.com/support/free/security/advisories/20040502-01-P.asc
(UNKNOWN)  SGI  20040502-01-P
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:14.arp.asc
(UNKNOWN)  FREEBSD  FreeBSD-SA-03:14

- 漏洞信息

BSD Kernel ARP缓冲淹没远程拒绝服务漏洞
中危 其他
2003-11-17 00:00:00 2005-10-20 00:00:00
远程  
        
        Address Resolution Protocol(ARP)是用于映射IP地址到MAC地址的协议。这些映射数据存储在系统的ARP缓冲中。
        通过伪造的ARP请求,远程攻击者可以对系统进行拒绝服务攻击,导致系统崩溃。
        在部分条件下,攻击者可以通过伪造的ARP请求进行淹没攻击,可引起资源耗竭。攻击者可以在短时间内发送大量包含不同网络协议地址的ARP请求,由于arplookup()函数没有删除不需要的ARP缓冲条目,可导致消耗大量资源而使系统崩溃,造成拒绝服务。
        攻击者必须在本地网络段使目标机器挂起或崩溃,使用ARP代理的网络也能使网络段的机器受到攻击。
        

- 公告与补丁

        厂商补丁:
        Apple
        -----
        Apple MacOS X 10.2.8不存在此漏洞,可下载使用。或者可以通过软件升级进行升级。
        
        http://www.apple.com

        FreeBSD
        -------
        FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-03:14)以及相应补丁:
        FreeBSD-SA-03:14:denial of service due to ARP resource starvation
        链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:14.arp.asc
        采用如下步骤:
        1)升级有漏洞的系统到修正日期后的-STABLE; 或RELENG_5_1,RELENG_5_1,
        RELENG_5_0, RELENG_4_8, 或RELENG_4_7 security branch。
        2)对系统打补丁:
        下面的补丁可以修补FreeBSD 5-CURRENT,4.9-PRERELEASE, 和4.8系统:
        a)从如下地址下载相关补丁:
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:14/arp.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:14/arp.patch.asc
        b)执行如下命令:
        # cd /usr/src
        # patch < /path/to/patch
        c)重建内核:
        
        http://www.freebsd.org/handbook/kernelconfig.html>

- 漏洞信息

2251
OpenBSD ARP Request DoS
Denial of Service
Loss of Availability

- 漏洞描述

OpenBSD contains a flaw that may allow a remote denial of service. The issue is triggered when a local network user to causes a system panic by flooding it with spoofed ARP requests, and will result in loss of availability for the platform.

- 时间线

2003-10-01 2003-10-01
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, OpenBSD has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

BSD Kernel ARP Cache Flooding Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 8689
Yes No
2003-09-22 12:00:00 2009-07-11 11:56:00
This vulnerability was announced by Apple.

- 受影响的程序版本

SGI IRIX 6.5.22 m
SGI IRIX 6.5.22
SGI IRIX 6.5.21 m
SGI IRIX 6.5.21 f
SGI IRIX 6.5.21
SGI IRIX 6.5.20 m
SGI IRIX 6.5.20 f
SGI IRIX 6.5.20
SGI IRIX 6.5.19 m
SGI IRIX 6.5.19 f
SGI IRIX 6.5.19
SGI IRIX 6.5.18 m
SGI IRIX 6.5.18 f
SGI IRIX 6.5.18
SGI IRIX 6.5.17 m
SGI IRIX 6.5.17 f
SGI IRIX 6.5.17
SGI IRIX 6.5.16 m
SGI IRIX 6.5.16 f
SGI IRIX 6.5.16
SGI IRIX 6.5.15 m
SGI IRIX 6.5.15 f
SGI IRIX 6.5.15
SGI IRIX 6.5.14 m
SGI IRIX 6.5.14 f
SGI IRIX 6.5.14
SGI IRIX 6.5.13 m
SGI IRIX 6.5.13 f
SGI IRIX 6.5.13
SGI IRIX 6.5.12 m
SGI IRIX 6.5.12 f
SGI IRIX 6.5.12
SGI IRIX 6.5.11 m
SGI IRIX 6.5.11 f
SGI IRIX 6.5.11
SGI IRIX 6.5.10 m
SGI IRIX 6.5.10 f
SGI IRIX 6.5.10
SGI IRIX 6.5.9 m
SGI IRIX 6.5.9 f
SGI IRIX 6.5.9
SGI IRIX 6.5.8 m
SGI IRIX 6.5.8 f
SGI IRIX 6.5.8
SGI IRIX 6.5.7 m
SGI IRIX 6.5.7 f
SGI IRIX 6.5.7
SGI IRIX 6.5.6 m
SGI IRIX 6.5.6 f
SGI IRIX 6.5.6
SGI IRIX 6.5.5 m
SGI IRIX 6.5.5 f
SGI IRIX 6.5.5
SGI IRIX 6.5.4 m
SGI IRIX 6.5.4 f
SGI IRIX 6.5.4
SGI IRIX 6.5.3 m
SGI IRIX 6.5.3 f
SGI IRIX 6.5.3
SGI IRIX 6.5.2 m
SGI IRIX 6.5.2 f
SGI IRIX 6.5.2
SGI IRIX 6.5.1
SGI IRIX 6.5 20
SGI IRIX 6.5 .19m
SGI IRIX 6.5 .19f
SGI IRIX 6.5
OpenBSD OpenBSD 3.4
OpenBSD OpenBSD 3.3
OpenBSD OpenBSD 3.2
FreeBSD FreeBSD 5.1
FreeBSD FreeBSD 5.0
FreeBSD FreeBSD 4.9 -PRERELEASE
FreeBSD FreeBSD 4.8
FreeBSD FreeBSD 4.7
FreeBSD FreeBSD 4.6.2
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.5
FreeBSD FreeBSD 4.4
FreeBSD FreeBSD 4.3
FreeBSD FreeBSD 4.2
FreeBSD FreeBSD 4.1.1
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 4.0
Apple Mac OS X Server 10.2.7
Apple Mac OS X Server 10.2.6
Apple Mac OS X Server 10.2.5
Apple Mac OS X Server 10.2.4
Apple Mac OS X Server 10.2.3
Apple Mac OS X Server 10.2.2
Apple Mac OS X Server 10.2.1
Apple Mac OS X Server 10.2
Apple Mac OS X 10.2.7
Apple Mac OS X 10.2.6
Apple Mac OS X 10.2.5
Apple Mac OS X 10.2.4
Apple Mac OS X 10.2.3
Apple Mac OS X 10.2.2
Apple Mac OS X 10.2.1
Apple Mac OS X 10.2
SGI IRIX 6.5.23
Apple Mac OS X Server 10.2.8
Apple Mac OS X 10.2.8

- 不受影响的程序版本

SGI IRIX 6.5.23
Apple Mac OS X Server 10.2.8
Apple Mac OS X 10.2.8

- 漏洞讨论

A vulnerability has been discovered in the BSD kernel. The problem occurs in the storage of ARP cache entries when handling ARP requests. As a result of this issue, an attacker capable of transmitted a large volume of spoofed ARP requests to a target system may be capable of triggering a system panic. This would effectively deny services to other legitimate users until the system is manually rebooted.

The issue is reported to exist in FreeBSD, IRIX and MacOS X. Other systems, which use a BSD-derived kernel, may also be prone to the issue.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

OpenBSD has acknowledged that this issue affects OpenBSD version 3.2 and 3.3. A patch is available to address this issue. The patches are linked below.

FreeBSD has addressed this issue in the latest RELENG releases. They have also issued a patch which is known to work with FreeBSD 5-CURRENT, 4-9-PRELEASE, and 4.8 systems. Users wishing to upgrade to the latest RELENG release can see the attached advisory for further details.

Apple has also released MacOS X 10.2.8 to address this issue. This update can be applied via the Software Update pane in System Preferences. Manual updates are available via the Apple Software Downloads site.

OpenBSD has issued a new patch for 3.4. At the time of writing, the patch is not available.

SGI has released an advisory (20050502-01-P) and patches to address this issue in SGI IRIX. Customers are advised to see the referenced advisory for further details regarding obtaining and applying appropriate patches.


OpenBSD OpenBSD 3.2

OpenBSD OpenBSD 3.4

OpenBSD OpenBSD 3.3

FreeBSD FreeBSD 4.8

FreeBSD FreeBSD 4.9 -PRERELEASE

FreeBSD FreeBSD 5.0

SGI IRIX 6.5.18 m

SGI IRIX 6.5.18 f

SGI IRIX 6.5.19 m

SGI IRIX 6.5.19 f

SGI IRIX 6.5.20 f

SGI IRIX 6.5.20 m

SGI IRIX 6.5.21 m

SGI IRIX 6.5.22 m

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站