CVE-2018-5390漏洞预警

ang010ela 漏洞 2018年8月9日发布

导语:研究人员发现Linux kernel的TCP漏洞(SegmentSmack,CVE-2018-5390),攻击者利用该漏洞可以以很小的流程远程发起DoS攻击。

sad linux tux securityf

RedHat将Linux kernel TCP漏洞(CVE-2018-5390)命名为SegmentSmack。研究人员发现对每个进入的包,tcp_collapse_ofo_queue()和tcp_prune_ofo_queue()的调用成本很高,会导致DoS攻击。

攻击者可以使用修改过的数据包来进行代价较大的调用,这会让带宽较小的网络中系统的CPU利用率达到饱和状态,导致DoS攻击。在最坏情况下,2k个包每秒的流量就可以导致系统拒绝服务。攻击会使系统CPU处于满负荷状态,同时网络包处理会有很大的延迟。

$ top%Cpu25 :  0.0 us,  0.0 sy,  0.0 ni,  1.4 id,  0.0 wa,  0.0 hi, 98.5 si,  0.0 st%Cpu26 :  0.0 us,  0.0 sy,  0.0 ni,  1.4 id,  0.0 wa,  0.0 hi, 98.6 si,  0.0 st%Cpu28 :  0.0 us,  0.3 sy,  0.0 ni,  0.7 id,  0.0 wa,  0.0 hi, 99.0 si,  0.0 st%Cpu30 :  0.0 us,  0.0 sy,  0.0 ni,  1.4 id,  0.0 wa,  0.0 hi, 98.6 si,  0.0 st   PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND   141 root      20   0       0      0      0 R  97.3  0.0   1:16.33 ksoftirqd/26   151 root      20   0       0      0      0 R  97.3  0.0   1:16.68 ksoftirqd/28   136 root      20   0       0      0      0 R  97.0  0.0   0:39.09 ksoftirqd/25   161 root      20   0       0      0      0 R  97.0  0.0   1:16.48 ksoftirqd/30

因为DoS攻击需要到开放、可达端口的双向TCP session,所以用伪造的IP地址不能发起此类攻击。

为了解决该漏洞,Linux kernel开发人员已经发布了补丁。截止目前,除了运行修复的内核外,还没有其他缓解的方法,也没有攻击PoC发布。

补丁地址:https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e

漏洞影响Linux kernel 4.9及以上版本。因为Linux内核的广泛应用,漏洞会影响软、硬件厂商,包括亚马逊、Apple、Ubuntu、ZyXEL等。

受影响的网络设备厂商、PC和服务器厂商、手机厂商、操作系统厂商列表:

· 3com Inc  

· A10 Networks  

· ACCESS  

· Actelis Networks  

· Actiontec  

· ADTRAN  

· aep NETWORKS  

· Aerohive  

· AhnLab Inc  

· AirWatch  

· Akamai Technologies, Inc.  

· Alcatel-Lucent Enterprise  

· Amazon  

· Android Open Source Project  

· ANTlabs  

· Appgate Network Security  

· Apple  

· Arch Linux  

· Arista Networks, Inc.  

· ARRIS  

· Aruba Networks  

· ASP Linux  

· AsusTek Computer Inc.  

· AT&T  

· Avaya, Inc.  

· AVM GmbH  

· Barracuda Networks  

· Belkin, Inc.  

· Bell Canada Enterprises  

· BlackBerry  

· BlueCat Networks, Inc.  

· Broadcom  

· Brocade Communication Systems  

· CA Technologies  

· Cambium Networks  

· Check Point Software Technologies  

· Cisco  

· Comcast  

· Command Software Systems  

· CoreOS  

· Cradlepoint  

· D-Link Systems, Inc.  

· Debian GNU/Linux  

· Dell  

· Dell EMC  

· Dell SecureWorks  

· DesktopBSD  

· Deutsche Telekom  

· Devicescape  

· Digi International  

· dnsmasq  

· DragonFly BSD Project  

· eero  

· EfficientIP SAS  

· Ericsson  

· Espressif Systems  

· European Registry for Internet Domains  

· Express Logic  

· Extreme Networks  

· F-Secure Corporation  

· F5 Networks, Inc.  

· Fedora Project  

· Force10 Networks  

· Fortinet, Inc.  

· Foundry Brocade  

· FreeBSD Project  

· Geexbox  

· Gentoo Linux  

· GNU glibc  

· Google  

· HardenedBSD  

· Hitachi  

· Honeywell  

· HP Inc.  

· HTC  

· Huawei Technologies  

· IBM Corporation (zseries)  

· IBM eServer  

· IBM, INC.  

· Infoblox  

· InfoExpress, Inc.  

· Intel  

· Internet Systems Consortium  

· Internet Systems Consortium – DHCP  

· Interniche Technologies, inc.  

· Joyent  

· Juniper Networks  

· Lancope  

· Lantronix  

· Lenovo  

· Linksys  

· m0n0wall  

· Marvell Semiconductors  

· McAfee  

· MediaTek  

· Medtronic  

· Men & Mice  

· MetaSwitch  

· Micro Focus  

· Microchip Technology  

· Microsoft  

· MikroTik  

· Miredo  

· Mitel Networks, Inc.  

· NEC Corporation  

· NetBSD  

· Netgear, Inc.  

· NETSCOUT  

· netsnmp  

· Nixu  

· NLnet Labs  

· Nokia  

· Nominum  

· OmniTI  

· OpenBSD  

· OpenConnect  

· OpenDNS  

· Openwall GNU/*/Linux  

· Oracle Corporation  

· Paessler  

· Peplink  

· pfSENSE  

· Philips Electronics  

· PowerDNS  

· Pulse Secure  

· QLogic  

· QNX Software Systems Inc.  

· Quagga  

· QUALCOMM Incorporated  

· Quantenna Communications  

· Red Hat, Inc.  

· Riverbed Technologies  

· Roku  

· Ruckus Wireless  

· Samsung Mobile  

· Samsung Semiconductor Inc.  

· Secure64 Software Corporation  

· Sierra Wireless  

· Slackware Linux Inc.  

· Snort  

· SonicWall  

· Sonos  

· Sony Corporation  

· Sophos, Inc.  

· Sourcefire  

· SUSE Linux  

· Symantec  

· Synology  

· Technicolor  

· TippingPoint Technologies Inc.  

· Toshiba Commerce Solutions  

· TP-LINK  

· TrueOS  

· Turbolinux  

· Ubiquiti Networks  

· Ubuntu  

· Unisys  

· VMware  

· Wind River  

· Xilinx  

· Zebra Technologies  

· Zephyr Project  

· ZyXEL  

参考:

https://www.zdnet.com/article/linux-kernel-bug-tcp-flaw-lets-remote-attackers-stall-devices-with-tiny-dos-attack/

https://access.redhat.com/articles/3553061#affected-products-2

https://fossbytes.com/segmentsmack-tcp-flaw-linux-kernel-remote-denial-of-service/

https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=962459&SearchOrder=4

如若转载,请注明原文地址: http://www.4hou.com/vulnerable/12965.html
点赞 4
  • 分享至
取消

感谢您的支持,我会继续努力的!

扫码支持

打开微信扫一扫后点击右上角即可分享哟

发表评论