CVE-2004-0986
CVSS7.5
发布时间 :2005-03-01 00:00:00
修订时间 :2016-10-17 22:50:28
NMCOPS    

[原文]Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.


[CNNVD]iptables 自动装载模块失败漏洞(CNNVD-200503-019)

        iptables是一款基于Linux的防火墙系统。
        iptables在某些情况下自动装载某些模块失败,可导致安全隐患。目前没有详细漏洞细节提供。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:debian:debian_linux:3.0::ia-32
cpe:/o:debian:debian_linux:3.0::ppc
cpe:/o:debian:debian_linux:3.0::hppa
cpe:/o:linux:linux_kernel:2.0.2Linux Kernel 2.0.2
cpe:/o:linux:linux_kernel:2.4.1Linux Kernel 2.4.1
cpe:/o:linux:linux_kernel:2.4.0Linux Kernel 2.4.0
cpe:/o:linux:linux_kernel:2.4.5Linux Kernel 2.4.5
cpe:/o:linux:linux_kernel:2.6.3Linux Kernel 2.6.3
cpe:/o:debian:debian_linux:3.0::sparc
cpe:/o:linux:linux_kernel:2.4.4Linux Kernel 2.4.4
cpe:/o:linux:linux_kernel:2.6.2Linux Kernel 2.6.2
cpe:/a:suse:suse_iptables:1.2.11
cpe:/o:linux:linux_kernel:2.4.3Linux Kernel 2.4.3
cpe:/o:linux:linux_kernel:2.6.1Linux Kernel 2.6.1
cpe:/o:debian:debian_linux:3.0::s-390
cpe:/o:linux:linux_kernel:2.4.2Linux Kernel 2.4.2
cpe:/o:linux:linux_kernel:2.6.0Linux Kernel 2.6.0
cpe:/o:debian:debian_linux:3.0::arm
cpe:/o:debian:debian_linux:3.0::mipsel
cpe:/o:debian:debian_linux:3.0::mips
cpe:/o:debian:debian_linux:3.0::alpha
cpe:/o:linux:linux_kernel:2.6.9:2.6.20
cpe:/o:linux:linux_kernel:2.6.8Linux Kernel 2.6.8
cpe:/o:linux:linux_kernel:2.4.12Linux Kernel 2.4.12
cpe:/o:linux:linux_kernel:2.4.11Linux Kernel 2.4.11
cpe:/o:redhat:fedora_core:core_3.0
cpe:/o:debian:debian_linux:3.0::m68k
cpe:/o:linux:linux_kernel:2.4.19Linux Kernel 2.4.19
cpe:/o:linux:linux_kernel:2.4.14Linux Kernel 2.4.14
cpe:/o:linux:linux_kernel:2.4.13Linux Kernel 2.4.13
cpe:/o:linux:linux_kernel:2.4.16Linux Kernel 2.4.16
cpe:/o:linux:linux_kernel:2.4.15Linux Kernel 2.4.15
cpe:/o:linux:linux_kernel:2.4.10Linux Kernel 2.4.10
cpe:/o:linux:linux_kernel:2.4.18Linux Kernel 2.4.18
cpe:/o:linux:linux_kernel:2.4.17Linux Kernel 2.4.17
cpe:/o:linux:linux_kernel:2.4.23Linux Kernel 2.4.23
cpe:/o:linux:linux_kernel:2.4.22Linux Kernel 2.4.22
cpe:/o:debian:debian_linux:3.0::ia-64
cpe:/o:linux:linux_kernel:2.4.25Linux Kernel 2.4.25
cpe:/o:linux:linux_kernel:2.4.24Linux Kernel 2.4.24
cpe:/o:linux:linux_kernel:2.4.26Linux Kernel 2.4.26
cpe:/o:linux:linux_kernel:2.4.21Linux Kernel 2.4.21
cpe:/o:linux:linux_kernel:2.4.20Linux Kernel 2.4.20
cpe:/o:linux:linux_kernel:2.4.9Linux Kernel 2.4.9
cpe:/o:linux:linux_kernel:2.6.7Linux Kernel 2.6.7
cpe:/o:debian:debian_linux:3.0Debian Debian Linux 3.0
cpe:/o:linux:linux_kernel:2.4.8Linux Kernel 2.4.8
cpe:/o:linux:linux_kernel:2.6.6Linux Kernel 2.6.6
cpe:/o:linux:linux_kernel:2.4.7Linux Kernel 2.4.7
cpe:/o:linux:linux_kernel:2.6.5Linux Kernel 2.6.5
cpe:/o:linux:linux_kernel:2.4.6Linux Kernel 2.4.6
cpe:/o:linux:linux_kernel:2.6.4Linux Kernel 2.6.4

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0986
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0986
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200503-019
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=110815247703862&w=2
(UNKNOWN)  UBUNTU  USN-81-1
http://rpmfind.net/linux/RPM/suse/updates/9.2/i386/rpm/i586/iptables-1.2.11-4.2.i586.html
(UNKNOWN)  CONFIRM  http://rpmfind.net/linux/RPM/suse/updates/9.2/i386/rpm/i586/iptables-1.2.11-4.2.i586.html
http://www.ciac.org/ciac/bulletins/p-026.shtml
(UNKNOWN)  CIAC  P-026
http://www.debian.org/security/2004/dsa-580
(UNKNOWN)  DEBIAN  DSA-580
http://www.mandriva.com/security/advisories?name=MDKSA-2004:125
(UNKNOWN)  MANDRAKE  MDKSA-2004:125
http://www.securityfocus.com/bid/11570
(VENDOR_ADVISORY)  BID  11570
http://xforce.iss.net/xforce/xfdb/17928
(VENDOR_ADVISORY)  XF  iptables-module-dos(17928)
https://bugzilla.fedora.us/show_bug.cgi?id=2252
(UNKNOWN)  FEDORA  FLSA:2252

- 漏洞信息

iptables 自动装载模块失败漏洞
高危 设计错误
2005-03-01 00:00:00 2005-10-20 00:00:00
本地  
        iptables是一款基于Linux的防火墙系统。
        iptables在某些情况下自动装载某些模块失败,可导致安全隐患。目前没有详细漏洞细节提供。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.netfilter.org/

- 漏洞信息 (F34909)

dsa-580.txt (PacketStormID:F34909)
2004-11-02 00:00:00
 
advisory
linux,debian
CVE-2004-0986
[点击下载]

Debian Security Advisory 580-1 - Faheem Mitha noticed that the iptables command, an administration tool for IPv4 packet filtering and NAT, did not always load the required modules on it own as it was supposed to. This could lead to firewall rules not being loaded on system startup. This caused a failure in connection with rules provided by lokkit at least.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 580-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
November 1st, 2004                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : iptables
Vulnerability  : missing initialisation
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2004-0986
Debian Bug     : 219686

Faheem Mitha noticed that the iptables command, an administration tool
for IPv4 packet filtering and NAT, did not always load the required
modules on it own as it was supposed to.  This could lead to firewall
rules not being loaded on system startup.  This caused a failure in
connection with rules provided by lokkit at least.

For the stable distribution (woody) this problem has been fixed in
version 1.2.6a-5.0woody2.

For the unstable distribution (sid) this problem has been fixed in
version 1.2.11-4.

We recommend that you upgrade your iptables package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2.dsc
      Size/MD5 checksum:      639 03ce7ecd0cc462b0b0bef08d400f5a39
    http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2.diff.gz
      Size/MD5 checksum:    82136 6c6305ebf8da551d7cbdfc4fe1149d87
    http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a.orig.tar.gz
      Size/MD5 checksum:   422313 84aed37b27830c1a74ece6765db0c31c

  Alpha architecture:

    http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_alpha.deb
      Size/MD5 checksum:   377404 4adc7c8e3b71d6732fe36a223d044fc7
    http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_alpha.deb
      Size/MD5 checksum:   110230 c0e0ecb43614186556adcd714e4d1272

  ARM architecture:

    http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_arm.deb
      Size/MD5 checksum:   314110 8d0b4d2e6d7af1377cccf91898a7bda6
    http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_arm.deb
      Size/MD5 checksum:    99130 aff30c9fc49fed3c4b21f418b43c4e65

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_i386.deb
      Size/MD5 checksum:   287114 b0ff0f6ab787a136d7ef6f8819b04f96
    http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_i386.deb
      Size/MD5 checksum:    96442 1c2d7ec853da4fdca2ca4e5bddd6740f

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_ia64.deb
      Size/MD5 checksum:   446814 e9ea93b92e97a66164411be155b93598
    http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_ia64.deb
      Size/MD5 checksum:   116386 42deb79a474dd9d78bddfe723b4ee6c4

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_hppa.deb
      Size/MD5 checksum:   345212 4866e88ca61f8ac2778cc3ce44d142ac
    http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_hppa.deb
      Size/MD5 checksum:    95430 c60ef8c05e0c238d8ac7682626f3972d

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_m68k.deb
      Size/MD5 checksum:   289032 f7748d7e5cc9726b7142d918712abd6d
    http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_m68k.deb
      Size/MD5 checksum:    91232 37e6e304f0b4ebf666c4ffc860253a73

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_mips.deb
      Size/MD5 checksum:   326050 713a2efd308c98a3a48135664c7a385c
    http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_mips.deb
      Size/MD5 checksum:   106754 f44458bc89644ddb91a63caa498456ad

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_mipsel.deb
      Size/MD5 checksum:   327082 731e9de4f81d6ecc114c89b2c54e99c7
    http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_mipsel.deb
      Size/MD5 checksum:   106898 25d89525b8d158f12eaaf2db6635fd14

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_powerpc.deb
      Size/MD5 checksum:   321422 a73bf7a5f4696a44abe4dc19d9508cc8
    http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_powerpc.deb
      Size/MD5 checksum:   101350 e81ceac78d6a38cfdd6b8f09e0cb176e

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_s390.deb
      Size/MD5 checksum:   307826 1092ceb008461ac0323b2ddfc2327c22
    http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_s390.deb
      Size/MD5 checksum:    97020 c5079802be1fed9934527371cf6a99d8

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_sparc.deb
      Size/MD5 checksum:   323322 b33b11c7b474c50a84087f99580c122c
    http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_sparc.deb
      Size/MD5 checksum:    98876 dc0ed1d555df1abb1868514fa307a88c


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBhmTlW5ql+IAeqTIRAhjTAKCH0M8Oz0a5MAXA3NZzk3FufsHzAQCZASWi
cE4GcVBtJ3eVv3jEUr14OeQ=
=agdX
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
    

- 漏洞信息

11351
iptables Module Loading Failure
Remote / Network Access Infrastructure
Loss of Integrity
Exploit Public

- 漏洞描述

iptables contains a flaw that may allow a malicious user to bypass firewall rules. The issue is triggered when iptables fails to load required modules in iptables.c and ip6tables.c under certain configurations. It is possible that the flaw may prohibit the firewall rules from being applied without notifying the victim of the problem resulting in a loss of integrity.

- 时间线

2004-11-01 Unknow
2004-11-01 Unknow

- 解决方案

An official iptables patch has not been released, although many Linux Distributions are providing their own upgrades. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Linux Kernel IPTables Initialization Failure Vulnerability
Design Error 11570
No Yes
2004-11-01 12:00:00 2009-07-12 08:06:00
Discovery of this issue is credited to Faheem Mitha.

- 受影响的程序版本

Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 9.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux Advanced Server 6.0
Turbolinux Turbolinux 7.0
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux Appliance Server 1.0 Hosting Edition
S.u.S.E. IPTables 1.2.11
+ S.u.S.E. Linux Personal 9.2
RedHat Linux 9.0 i386
RedHat Linux 7.3
Red Hat Fedora Core3
Red Hat Fedora Core1
Linux kernel 2.6.9
Linux kernel 2.6.8
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.7
Linux kernel 2.6.6
Linux kernel 2.6.5
+ S.u.S.E. Linux Enterprise Server 9
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 2.6.1
Linux kernel 2.6
Linux kernel 2.4.26
Linux kernel 2.4.25
Linux kernel 2.4.24
Linux kernel 2.4.23
+ Trustix Secure Linux 2.0
Linux kernel 2.4.22
+ Devil-Linux Devil-Linux 1.0.5
+ Devil-Linux Devil-Linux 1.0.4
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Red Hat Fedora Core1
+ Slackware Linux 9.1
Linux kernel 2.4.21
+ Conectiva Linux 9.0
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ SuSE SUSE Linux Enterprise Server 8
Linux kernel 2.4.20
+ CRUX CRUX Linux 1.0
+ Gentoo Linux 1.4
+ Gentoo Linux 1.2
+ RedHat Linux 9.0 i386
+ Slackware Linux 9.0
+ WOLK WOLK 4.4 s
Linux kernel 2.4.19
+ Conectiva Linux 8.0
+ Conectiva Linux Enterprise Edition 1.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux 8.1
+ Slackware Linux -current
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7
Linux kernel 2.4.18
+ Astaro Security Linux 2.0 23
+ Astaro Security Linux 2.0 16
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
+ Red Hat Enterprise Linux AS 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Linux 8.0
+ RedHat Linux 7.3
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. Linux Office Server
+ S.u.S.E. Linux Openexchange Server
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. SuSE eMail Server 3.1
+ S.u.S.E. SuSE eMail Server III
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
Linux kernel 2.4.17
Linux kernel 2.4.16
+ Sun Cobalt RaQ 550
Linux kernel 2.4.15
Linux kernel 2.4.14
Linux kernel 2.4.13
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
Linux kernel 2.4.12
+ Conectiva Linux 7.0
Linux kernel 2.4.11
Linux kernel 2.4.10
+ S.u.S.E. Linux 7.3
Linux kernel 2.4.9
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0
Linux kernel 2.4.8
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.7
+ RedHat Linux 7.2
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
Linux kernel 2.4.6
Linux kernel 2.4.5
+ Slackware Linux 8.0
Linux kernel 2.4.4
+ S.u.S.E. Linux 7.2
Linux kernel 2.4.3
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.2
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
Linux kernel 2.4.1
Linux kernel 2.4
Linux kernel 2.0.2
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0

- 漏洞讨论

Linux kernel iptables is reportedly affected by an initialization error vulnerability. This issue is due to a design error within the application.

This issue causes the affected utility to initialize improperly, leading to a false sense of security as all of the firewall rules may not always be loaded.

- 漏洞利用

No exploit is required to leverage this issue.

- 解决方案

Debian Linux has made an advisory available (DSA 580-1) along with fixes dealing with this issue. Please see the referenced advisory for more information.

Mandrake has made an advisory available (MDKSA-2004:125) along with fixes dealing with this issue. Please see the referenced advisory for more information.

SuSE Linux has released fixes dealing with this issue.

SuSE Linux has made an advisory available regarding the fixes that were previously released. Please see the advisory reference for more details.

RedHat Linux has released advisory FEDORA-2004-417 to address this issue in Fedora Core 3. Please see the referenced advisory for further information.

TurboLinux has issued an advisory and fixes for TurboLinux systems. See advisory TLSA-2005-10 in the reference section.

The Fedora Legacy project has released advisory FLSA:2252 to address this issue for RedHat Fedora Core 1, and RedHat Linux 7.3 and 9.0. Please see the referenced advisory for further information.

Ubuntu Linux has released advisory USN-81-1 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.


Red Hat Fedora Core1

Red Hat Fedora Core3

S.u.S.E. IPTables 1.2.11

Turbolinux Turbolinux Server 10.0

Turbolinux Turbolinux Desktop 10.0

Debian Linux 3.0 s/390

Debian Linux 3.0 alpha

Debian Linux 3.0 mips

Debian Linux 3.0 mipsel

Debian Linux 3.0 m68k

Debian Linux 3.0 hppa

Debian Linux 3.0 arm

Debian Linux 3.0 ia-64

Debian Linux 3.0 ia-32

Debian Linux 3.0 sparc

Debian Linux 3.0 ppc

Ubuntu Ubuntu Linux 4.1 ia32

Ubuntu Ubuntu Linux 4.1 ia64

Ubuntu Ubuntu Linux 4.1 ppc

Turbolinux Turbolinux Server 7.0

Turbolinux Turbolinux Workstation 7.0

RedHat Linux 7.3

Turbolinux Turbolinux Workstation 8.0

Turbolinux Turbolinux Server 8.0

RedHat Linux 9.0 i386

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站