记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

CVE-2018-5390漏洞预警

2018-08-09 12:20

sad linux tux securityf

RedHat将Linux kernel TCP漏洞(CVE-2018-5390)命名为SegmentSmack。研究人员发现对每个进入的包,tcp_collapse_ofo_queue()和tcp_prune_ofo_queue()的调用成本很高,会导致DoS攻击。

攻击者可以使用修改过的数据包来进行代价较大的调用,这会让带宽较小的网络中系统的CPU利用率达到饱和状态,导致DoS攻击。在最坏情况下,2k个包每秒的流量就可以导致系统拒绝服务。攻击会使系统CPU处于满负荷状态,同时网络包处理会有很大的延迟。

$ top%Cpu25 :  0.0 us,  0.0 sy,  0.0 ni,  1.4 id,  0.0 wa,  0.0 hi, 98.5 si,  0.0 st%Cpu26 :  0.0 us,  0.0 sy,  0.0 ni,  1.4 id,  0.0 wa,  0.0 hi, 98.6 si,  0.0 st%Cpu28 :  0.0 us,  0.3 sy,  0.0 ni,  0.7 id,  0.0 wa,  0.0 hi, 99.0 si,  0.0 st%Cpu30 :  0.0 us,  0.0 sy,  0.0 ni,  1.4 id,  0.0 wa,  0.0 hi, 98.6 si,  0.0 st   PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND   141 root      20   0       0      0      0 R  97.3  0.0   1:16.33 ksoftirqd/26   151 root      20   0       0      0      0 R  97.3  0.0   1:16.68 ksoftirqd/28   136 root      20   0       0      0      0 R  97.0  0.0   0:39.09 ksoftirqd/25   161 root      20   0       0      0      0 R  97.0  0.0   1:16.48 ksoftirqd/30

因为DoS攻击需要到开放、可达端口的双向TCP session,所以用伪造的IP地址不能发起此类攻击。

为了解决该漏洞,Linux kernel开发人员已经发布了补丁。截止目前,除了运行修复的内核外,还没有其他缓解的方法,也没有攻击PoC发布。

补丁地址:https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e

漏洞影响Linux kernel 4.9及以上版本。因为Linux内核的广泛应用,漏洞会影响软、硬件厂商,包括亚马逊、Apple、Ubuntu、ZyXEL等。

受影响的网络设备厂商、PC和服务器厂商、手机厂商、操作系统厂商列表:

· 3com Inc  

· A10 Networks  

· ACCESS  

· Actelis Networks  

· Actiontec  

· ADTRAN  

· aep NETWORKS  

· Aerohive  

· AhnLab Inc  

· AirWatch  

· Akamai Technologies, Inc.  

· Alcatel-Lucent Enterprise  

· Amazon  

· Android Open Source Project  

· ANTlabs  

· Appgate Network Security  

· Apple  

· Arch Linux  

· Arista Networks, Inc.  

· ARRIS  

· Aruba Networks  

· ASP Linux  

· AsusTek Computer Inc.  

· AT&T  

· Avaya, Inc.  

· AVM GmbH  

· Barracuda Networks  

· Belkin, Inc.  

· Bell Canada Enterprises  

· BlackBerry  

· BlueCat Networks, Inc.  

· Broadcom  

· Brocade Communication Systems  

· CA Technologies  

· Cambium Networks  

· Check Point Software Technologies  

· Cisco  

· Comcast  

· Command Software Systems  

· CoreOS  

· Cradlepoint  

· D-Link Systems, Inc.  

· Debian GNU/Linux  

· Dell  

· Dell EMC  

· Dell SecureWorks  

· DesktopBSD  

· Deutsche Telekom  

· Devicescape  

· Digi International  

· dnsmasq  

· DragonFly BSD Project  

· eero  

· EfficientIP SAS  

· Ericsson  

· Espressif Systems  

· European Registry for Internet Domains  

· Express Logic  

· Extreme Networks  

· F-Secure Corporation  

· F5 Networks, Inc.  

· Fedora Project  

· Force10 Networks  

· Fortinet, Inc.  

· Foundry Brocade  

· FreeBSD Project  

· Geexbox  

· Gentoo Linux  

· GNU glibc  

· Google  

· HardenedBSD  

· Hitachi  

· Honeywell  

· HP Inc.  

· HTC  

· Huawei Technologies  

· IBM Corporation (zseries)  

· IBM eServer  

· IBM, INC.  

· Infoblox  

· InfoExpress, Inc.  

· Intel  

· Internet Systems Consortium  

· Internet Systems Consortium – DHCP  

· Interniche Technologies, inc.  

· Joyent  

· Juniper Networks  

· Lancope  

· Lantronix  

· Lenovo  

· Linksys  

· m0n0wall  

· Marvell Semiconductors  

· McAfee  

· MediaTek  

· Medtronic  

· Men & Mice  

· MetaSwitch  

· Micro Focus  

· Microchip Technology  

· Microsoft  

· MikroTik  

· Miredo  

· Mitel Networks, Inc.  

· NEC Corporation  

· NetBSD  

· Netgear, Inc.  

· NETSCOUT  

· netsnmp  

· Nixu  

· NLnet Labs  

· Nokia  

· Nominum  

· OmniTI  

· OpenBSD  

· OpenConnect  

· OpenDNS  

· Openwall GNU/*/Linux  

· Oracle Corporation  

· Paessler  

· Peplink  

· pfSENSE  

· Philips Electronics  

· PowerDNS  

· Pulse Secure  

· QLogic  

· QNX Software Systems Inc.  

· Quagga  

· QUALCOMM Incorporated  

· Quantenna Communications  

· Red Hat, Inc.  

· Riverbed Technologies  

· Roku  

· Ruckus Wireless  

· Samsung Mobile  

· Samsung Semiconductor Inc.  

· Secure64 Software Corporation  

· Sierra Wireless  

· Slackware Linux Inc.  

· Snort  

· SonicWall  

· Sonos  

· Sony Corporation  

· Sophos, Inc.  

· Sourcefire  

· SUSE Linux  

· Symantec  

· Synology  

· Technicolor  

· TippingPoint Technologies Inc.  

· Toshiba Commerce Solutions  

· TP-LINK  

· TrueOS  

· Turbolinux  

· Ubiquiti Networks  

· Ubuntu  

· Unisys  

· VMware  

· Wind River  

· Xilinx  

· Zebra Technologies  

· Zephyr Project  

· ZyXEL  

· 

https://www.zdnet.com/article/linux-kernel-bug-tcp-flaw-lets-remote-attackers-stall-devices-with-tiny-dos-attack/

https://access.redhat.com/articles/3553061#affected-products-2

https://fossbytes.com/segmentsmack-tcp-flaw-linux-kernel-remote-denial-of-service/

https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=962459&SearchOrder=4

如若转载,请注明原文地址: http://www.hackdig.com/08/hack-52588.htm
知识来源: www.4hou.com/vulnerable/12965.html

阅读:17401 | 评论:0 | 标签:漏洞 CVE-2018-5390

想收藏或者和大家分享这篇好文章→复制链接地址

“CVE-2018-5390漏洞预警”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云

本页关键词