发布时间 :2004-11-23 00:00:00
修订时间 :2017-07-10 21:30:26

[原文]The TCP/IP Networking component in Mac OS X before 10.3.5 allows remote attackers to cause a denial of service (memory and resource consumption) via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.

[CNNVD]Mac OS X TCP/IP堆栈IP碎片攻击远程拒绝服务漏洞(CNNVD-200411-058)

        Mac OS X是一款使用在Mac机器上的操作系统,基于BSD系统。
        Mac OS X TCP/IP堆栈实现存在问题,远程攻击者可以利用这个漏洞对系统进行拒绝服务攻击。
        Apple报告,远程用户可通过名为"Rose Attack"的攻击,发送特殊构建的IP碎片攻击,而导致系统消耗大量资源产生拒绝服务。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:apple:mac_os_x_server:10.2.4Apple Mac OS X Server 10.2.4
cpe:/o:apple:mac_os_x_server:10.3.3Apple Mac OS X Server 10.3.3
cpe:/o:apple:mac_os_x:10.2.7Apple Mac OS X 10.2.7
cpe:/o:apple:mac_os_x_server:10.2.5Apple Mac OS X Server 10.2.5
cpe:/o:apple:mac_os_x_server:10.3.4Apple Mac OS X Server 10.3.4
cpe:/o:apple:mac_os_x:10.2.8Apple Mac OS X 10.2.8
cpe:/o:apple:mac_os_x_server:10.2.3Apple Mac OS X Server 10.2.3
cpe:/o:apple:mac_os_x_server:10.3.2Apple Mac OS X Server 10.3.2
cpe:/o:apple:mac_os_x_server:10.2.1Apple Mac OS X Server 10.2.1
cpe:/o:apple:mac_os_x_server:10.2.6Apple Mac OS X Server 10.2.6
cpe:/o:apple:mac_os_x_server:10.3Apple Mac OS X Server 10.3
cpe:/o:apple:mac_os_x_server:10.2.8Apple Mac OS X Server 10.2.8
cpe:/o:apple:mac_os_x_server:10.2.7Apple Mac OS X Server 10.2.7
cpe:/o:apple:mac_os_x:10.2Apple Mac OS X 10.2
cpe:/o:apple:mac_os_x:10.2.2Apple Mac OS X 10.2.2
cpe:/o:apple:mac_os_x:10.3.1Apple Mac OS X 10.3.1
cpe:/o:apple:mac_os_x:10.2.6Apple Mac OS X 10.2.6
cpe:/o:apple:mac_os_x:10.3Apple Mac OS X 10.3
cpe:/o:apple:mac_os_x_server:10.2.2Apple Mac OS X Server 10.2.2
cpe:/o:apple:mac_os_x_server:10.3.1Apple Mac OS X Server 10.3.1
cpe:/o:apple:mac_os_x:10.2.1Apple Mac OS X 10.2.1
cpe:/o:apple:mac_os_x:10.2.3Apple Mac OS X 10.2.3
cpe:/o:apple:mac_os_x:10.3.2Apple Mac OS X 10.3.2
cpe:/o:apple:mac_os_x:10.2.4Apple Mac OS X 10.2.4
cpe:/o:apple:mac_os_x:10.3.3Apple Mac OS X 10.3.3
cpe:/o:apple:mac_os_x:10.2.5Apple Mac OS X 10.2.5
cpe:/o:apple:mac_os_x:10.3.4Apple Mac OS X 10.3.4
cpe:/o:apple:mac_os_x_server:10.2Apple Mac OS X Server 10.2

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20040331 IPv4 fragmentation --> The Rose Attack
(UNKNOWN)  BUGTRAQ  20040427 Source Code To Test IPv4 fragmentation --> The Rose Attack
(UNKNOWN)  XF  macos-tcp-ip-dos(16946)

- 漏洞信息

Mac OS X TCP/IP堆栈IP碎片攻击远程拒绝服务漏洞
中危 未知
2004-11-23 00:00:00 2005-10-20 00:00:00
        Mac OS X是一款使用在Mac机器上的操作系统,基于BSD系统。
        Mac OS X TCP/IP堆栈实现存在问题,远程攻击者可以利用这个漏洞对系统进行拒绝服务攻击。
        Apple报告,远程用户可通过名为"Rose Attack"的攻击,发送特殊构建的IP碎片攻击,而导致系统消耗大量资源产生拒绝服务。

- 公告与补丁

        Apple Mac OS x 10.3.5已经修补此漏洞,建议用户升级:

- 漏洞信息

Multiple Vendor Fragmented TCP/IP Packet DoS (Rose)
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

The implementation of the TCP/IP stack of multiple vendors contains a flaw that may allow a remote denial of service. The issue is triggered when sending a specially crafted sequence of fragmented ICMP packets which will cause the system to consume all available CPU resources during the defragmentation process (a.k.a. the 'rose attack'), which will result in loss of availability for the platform.

- 时间线

2004-08-10 Unknow
2004-08-10 Unknow

- 解决方案

Contact the vendor for an appropriate upgrade. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者