CVE-2006-0381
CVSS5.0
发布时间 :2006-01-25 17:03:00
修订时间 :2008-09-05 16:59:06
NMCOS    

[原文]A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a packet fragment to be inserted twice.


[CNNVD]OpenBSD PF IP分片拒绝服务漏洞(CNNVD-200601-321)

        OpenBSD是一款开放源代码Unix类操作系统。
        OpenBSD内核的报文分片处理模块存在漏洞,远程攻击者可利用此漏洞对服务器进行拒绝服务攻击。远程攻击者可能通过精心构造的恶意分片报文导致内核崩溃。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:freebsd:freebsd:5.4:releng
cpe:/o:freebsd:freebsd:5.3:release
cpe:/o:freebsd:freebsd:6.0:stable
cpe:/o:freebsd:freebsd:5.4:pre-release
cpe:/o:freebsd:freebsd:5.3FreeBSD 5.3
cpe:/o:freebsd:freebsd:5.3:releng
cpe:/o:freebsd:freebsd:5.4:release
cpe:/o:freebsd:freebsd:6.0:release
cpe:/o:freebsd:freebsd:5.3:stable

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0381
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0381
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200601-321
(官方数据源) CNNVD

- 其它链接及资源

http://secunia.com/advisories/18609
(VENDOR_ADVISORY)  SECUNIA  18609
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:07.pf.asc
(PATCH)  FREEBSD  FreeBSD-SA-06:07
http://www.securityfocus.com/bid/16375
(UNKNOWN)  BID  16375
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c.diff?r1=1.103&r2=1.104
(UNKNOWN)  CONFIRM  http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c.diff?r1=1.103&r2=1.104
http://xforce.iss.net/xforce/xfdb/24337
(UNKNOWN)  XF  bsd-pf-fragment-dos(24337)
http://www.osvdb.org/22732
(UNKNOWN)  OSVDB  22732
http://securitytracker.com/id?1015542
(UNKNOWN)  SECTRACK  1015542
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-004.txt.asc
(UNKNOWN)  NETBSD  NetBSD-SA2006-004

- 漏洞信息

OpenBSD PF IP分片拒绝服务漏洞
中危 设计错误
2006-01-25 00:00:00 2006-01-31 00:00:00
远程  
        OpenBSD是一款开放源代码Unix类操作系统。
        OpenBSD内核的报文分片处理模块存在漏洞,远程攻击者可利用此漏洞对服务器进行拒绝服务攻击。远程攻击者可能通过精心构造的恶意分片报文导致内核崩溃。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c.diff?r1=1.103&r2=1.104

- 漏洞信息

22732
Multiple BSD pf Crafted IP Fragment Ruleset DoS
Remote / Network Access Denial of Service
Loss of Availability

- 漏洞描述

Packet Filter (PF) contains a flaw that may allow a remote denial of service. The issue is triggered when a logic bug in the IP fragment cache may result in a packet fragment being inserted twice, violating a kernel invariant. This will result in loss of availability for the platform.

- 时间线

2006-01-25 Unknow
Unknow Unknow

- 解决方案

Upgrade to FreeBSD version 5-STABLE or 6-STABLE, or to the RELENG_6_0, RELENG_5_4, or RELENG_5_3 security branch dated after the correction date, as it has been reported to fix this vulnerability. In addition, FreeBSD has released a patch to address this vulnerability. OpenBSD has released a patch to address this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Do not use 'scrub fragment crop' or 'scrub fragment drop-ovl' rules on systems running pf.

- 相关参考

- 漏洞作者

- 漏洞信息

OpenBSD PF IP Fragment Remote Denial Of Service Vulnerability
Design Error 16375
Yes No
2006-01-25 12:00:00 2006-02-07 08:55:00
Jakob Schlyter and Daniel Hartmeier are credited with the discovery of this issue.

- 受影响的程序版本

OpenBSD OpenBSD 3.8
OpenBSD OpenBSD 3.7
OpenBSD OpenBSD -current
FreeBSD FreeBSD 6.0 -STABLE
FreeBSD FreeBSD 6.0 -RELEASE
FreeBSD FreeBSD 5.4 -RELENG
FreeBSD FreeBSD 5.4 -RELEASE
FreeBSD FreeBSD 5.4 -PRERELEASE
FreeBSD FreeBSD 5.3 -STABLE
FreeBSD FreeBSD 5.3 -RELENG
FreeBSD FreeBSD 5.3 -RELEASE
FreeBSD FreeBSD 5.3
FreeBSD FreeBSD 5.4-STABLE

- 漏洞讨论

OpenBSD's PF is susceptible to a remote denial-of-service vulnerability. This issue is due to a flaw in affected kernels that results in a kernel crash when attempting to normalize IP fragments.

This issue allows remote attackers to crash affected kernels, denying further network service to legitimate users.

- 漏洞利用

An exploit is not required.

- 解决方案

The OpenBSD CVS tree has had fixes applied since 2006-01-19. These fixes are available for OpenBSD 3.7, 3.8, and -current. Patches can be obtained from CVSweb at:
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c.diff?r1=1.103&r2=1.104

FreeBSD has released an advisory, along with a patch to address this issue. The FreeBSD CVS tree has had fixes applied since 2006-01-25 10:02:27 UTC. Please see the referenced advisory for further information.


FreeBSD FreeBSD 5.4-STABLE

FreeBSD FreeBSD 5.3 -RELEASE

FreeBSD FreeBSD 5.3 -RELENG

FreeBSD FreeBSD 5.3

FreeBSD FreeBSD 5.3 -STABLE

FreeBSD FreeBSD 5.4 -RELEASE

FreeBSD FreeBSD 5.4 -RELENG

FreeBSD FreeBSD 6.0 -RELEASE

FreeBSD FreeBSD 6.0 -STABLE

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站