首页 -> 安全研究

安全研究

安全漏洞
Linux Kernel r8169驱动Out-of-IOMMU错误本地拒绝服务漏洞

发布日期:2008-08-28
更新日期:2009-11-04

受影响系统:
Linux kernel 2.6.x
不受影响系统:
Linux kernel 2.6.27.22
描述:
BUGTRAQ  ID: 36706
CVE(CAN) ID: CVE-2009-3613

Linux Kernel是开放源码操作系统Linux所使用的内核。

Linux Kernel的Realtek r8169以太网驱动中存在漏洞,pci_unmap_single()中的内存泄露可能导致耗尽IOMMU空间和系统崩溃。本地网络中的攻击者可以通过ping操作发送巨型帧触发out-of-IOMMU错误,导致拒绝服务的情况。

<*来源:Alistair Strachan (alistair@devzero.co.uk
  
  链接:http://marc.info/?l=oss-security&m=125558760716641&w=2
        https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=529137
        http://bugzilla.kernel.org/show_bug.cgi?format=multiple&id=9468
        https://www.redhat.com/support/errata/RHSA-2009-1548.html
        https://www.redhat.com/support/errata/RHSA-2009-1540.html
        http://www.debian.org/security/2009/dsa-1928
        https://www.redhat.com/support/errata/RHSA-2009-1671.html
        https://www.redhat.com/support/errata/RHSA-2009-1692.html
*>

测试方法:

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

ping -f -s 3000 IP

建议:
厂商补丁:

Debian
------
Debian已经为此发布了一个安全公告(DSA-1928-1)以及相应补丁:
DSA-1928-1:New Linux 2.6.24 packages fix several vulnerabilities
链接:http://www.debian.org/security/2009/dsa-1928

补丁下载:
Source archives:

http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.9etch1.dsc
Size/MD5 checksum:     5118 11c39e0f0505c5a71453ba177ec2f780
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.9etch1.diff.gz
Size/MD5 checksum:  4062851 38835b393eaf53915dbee39ef0ef0bce
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz
Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af

Architecture independent packages:

http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.9etch1_all.deb
Size/MD5 checksum:  4262022 bb1c503dcb847b700814d433cdddb1f9
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.9etch1_all.deb
Size/MD5 checksum:    83302 2a8576eb3003b7ba1ead19ad7ef6ce0c
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.9etch1_all.deb
Size/MD5 checksum:  1548296 3e044fb0d0bb8614f787f78fee86ce04
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.9etch1_all.deb
Size/MD5 checksum: 46864328 20c0417498421842a7175074aea06a0f
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.9etch1_all.deb
Size/MD5 checksum:    97672 b1aa55ab4464293f5dac5b38e05948bb
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.9etch1_all.deb
Size/MD5 checksum:   964124 a40463a66e93920bdd639d2c70d870cb

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-alpha_2.6.24-6~etchnhalf.9etch1_alpha.deb
Size/MD5 checksum:    82894 819512914da24a2d82d471a17a6126ea
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.9etch1_alpha.deb
Size/MD5 checksum:   332670 c249c0b58448936c450c26b1340994d0
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.9etch1_alpha.deb
Size/MD5 checksum: 26758158 1a5497e6cd4f62b36f4cfdae9a606e24
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.9etch1_alpha.deb
Size/MD5 checksum: 26737882 fc949e1dbc0d0c6c7688148babdfd5d1
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch1_alpha.deb
Size/MD5 checksum:  3454880 83a5e26b99def049eec7571242778961
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.9etch1_alpha.deb
Size/MD5 checksum:   332158 8f3a3adf61a6e150763a383d4b566db2
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.9etch1_alpha.deb
Size/MD5 checksum:   330952 0ec11881ba63842e135d3752a765177d
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch1_alpha.deb
Size/MD5 checksum:    82868 b5396790365bab5a2d032d1b3bece1ed
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.9etch1_alpha.deb
Size/MD5 checksum: 27341634 d11f40ed34af0197de7f61ef07d30abb

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.9etch1_amd64.deb
Size/MD5 checksum:   354620 0decd6646f19383f6958e5d90b92e87b
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch1_amd64.deb
Size/MD5 checksum:    82864 2869e673de24c9741042e2bb37f84d58
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch1_amd64.deb
Size/MD5 checksum:  3650612 1b0f205b955558d402611693f783c495
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.9etch1_amd64.deb
Size/MD5 checksum: 19598112 ed3b7a91d93a116a4b175d173ad0f078
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-amd64_2.6.24-6~etchnhalf.9etch1_amd64.deb
Size/MD5 checksum:    82872 c560fbca727844a090f88f9d6569ed0b

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch1_hppa.deb
Size/MD5 checksum:    82992 1604c10382bd677723af0a811fdb466f
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.9etch1_hppa.deb
Size/MD5 checksum:   258316 90502abd75a09ceed13a5efd22e996c5
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch1_hppa.deb
Size/MD5 checksum:  3445284 32e69244553a870750d771254d1c95bd
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.9etch1_hppa.deb
Size/MD5 checksum:   258996 fc63f1ef7e55c899b9ef2d736bc5e648
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.9etch1_hppa.deb
Size/MD5 checksum:   260542 97df4eda2fbd582dd6951bb1b7f31e85
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.9etch1_hppa.deb
Size/MD5 checksum: 14830274 fb45fe9d1b77d908d5adbb353b211994
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.9etch1_hppa.deb
Size/MD5 checksum:   261064 f5d2cbb6216c1ffebbd73153a75e75a5
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-hppa_2.6.24-6~etchnhalf.9etch1_hppa.deb
Size/MD5 checksum:    83020 103285de6aad099908a2fedbbca24069
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.9etch1_hppa.deb
Size/MD5 checksum: 13847626 3c429ea0e61a446b3e7b13b943eafcb5
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.9etch1_hppa.deb
Size/MD5 checksum: 14374844 760d7850faff110d14494c86095aa45c
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.9etch1_hppa.deb
Size/MD5 checksum: 13335298 2b476692a155f3f735f3af76f7170cd8

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.9etch1_i386.deb
Size/MD5 checksum:   358770 0778828f3b2061e293f3aabc0aa78315
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.9etch1_i386.deb
Size/MD5 checksum:   358342 3c8b34971bd6f2b69854328888aa4349
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.9etch1_i386.deb
Size/MD5 checksum: 19146708 1818f00a12bc38f393e6d84f71afae73
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-i386_2.6.24-6~etchnhalf.9etch


补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

Linux
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.26.4.tar.bz2

RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2009:1540-01)以及相应补丁:
RHSA-2009:1540-01:Important: kernel-rt security, bug fix, and enhancement update
链接:https://www.redhat.com/support/errata/RHSA-2009-1540.html

浏览次数:3013
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客