您当前的位置 >> 首页     

BSD TCP/IP广播连接检查错误

/ns/ld/unix/data/20020804013740.htm

 

BSD TCP/IP广播连接检查错误

翻译:晓澜 <emile_liao@163.net>
   QQ: 42449970
   http://www.unsecret.org
---------------------------------------------




受影响系统:
FreeBSD FreeBSD 2.0
FreeBSD FreeBSD 2.0.5
FreeBSD FreeBSD 2.1
FreeBSD FreeBSD 2.1.5
FreeBSD FreeBSD 2.1.6.1
FreeBSD FreeBSD 2.1.6
FreeBSD FreeBSD 2.1.7.1
FreeBSD FreeBSD 2.2
FreeBSD FreeBSD 2.2.2
FreeBSD FreeBSD 2.2.3
FreeBSD FreeBSD 2.2.4
FreeBSD FreeBSD 2.2.5
FreeBSD FreeBSD 2.2.6
FreeBSD FreeBSD 2.2.8
FreeBSD FreeBSD 3.0
FreeBSD FreeBSD 3.1
FreeBSD FreeBSD 3.2
FreeBSD FreeBSD 3.3
FreeBSD FreeBSD 3.4
FreeBSD FreeBSD 3.5
FreeBSD FreeBSD 3.5.1
FreeBSD FreeBSD 4.0
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 4.1.1
FreeBSD FreeBSD 4.2
FreeBSD FreeBSD 4.3
FreeBSD FreeBSD 4.4
FreeBSD FreeBSD 4.5
NetBSD NetBSD 1.0
NetBSD NetBSD 1.1
NetBSD NetBSD 1.2
NetBSD NetBSD 1.2.1
NetBSD NetBSD 1.3
NetBSD NetBSD 1.3.1
NetBSD NetBSD 1.3.2
NetBSD NetBSD 1.3.3
NetBSD NetBSD 1.4
NetBSD NetBSD 1.4.1 x86
NetBSD NetBSD 1.4.1 SPARC
NetBSD NetBSD 1.4.1 sh3
NetBSD NetBSD 1.4.1 arm32
NetBSD NetBSD 1.4.1 Alpha
NetBSD NetBSD 1.4.1
NetBSD NetBSD 1.4.2 x86
NetBSD NetBSD 1.4.2 SPARC
NetBSD NetBSD 1.4.2 arm32
NetBSD NetBSD 1.4.2 Alpha
NetBSD NetBSD 1.4.2
NetBSD NetBSD 1.4.3
NetBSD NetBSD 1.5 x86
NetBSD NetBSD 1.5 sh3
NetBSD NetBSD 1.5
NetBSD NetBSD 1.5.1
NetBSD NetBSD 1.5.2
OpenBSD OpenBSD 2.0
OpenBSD OpenBSD 2.1
OpenBSD OpenBSD 2.2
OpenBSD OpenBSD 2.3
OpenBSD OpenBSD 2.4
OpenBSD OpenBSD 2.5
OpenBSD OpenBSD 2.6
OpenBSD OpenBSD 2.7
OpenBSD OpenBSD 2.8
OpenBSD OpenBSD 2.9
OpenBSD OpenBSD 3.0

漏洞描述:

在多种BSD系统(包括FreeBSD,NetBSD,OpenBSD)都存在TCP/IP实施的错误。

RFC 1122规定TCP必须抛弃收到的发向多线程广播或广播地址的SYN数据包。存在漏洞的BSD抛弃了基于连接
层的数据包,但是却没有检查目的IP。

解决方法:

2002年2月5日FreeBSD 5-CURRENT发布了一个补丁。OpenBSD和NetBSD的补丁也由Crist J. Clark
<cjclark@alum.mit.edu>发布。

NetBSD安全官方小组正在准备正式的补丁,同时提出了使用下列IP过滤规则的建议。

block in quick on fxp0 from any to 192.168.1.0/32
block in quick on fxp0 from any to 192.168.1.255/32

itojun <itojun@iijlab.net> has reported that this issue is resolved in the current code base
for both OpenBSD and NetBSD.


FreeBSD FreeBSD 2.0:
FreeBSD FreeBSD 2.0.5:
FreeBSD FreeBSD 2.1:
FreeBSD FreeBSD 2.1.5:
FreeBSD FreeBSD 2.1.6.1:
FreeBSD FreeBSD 2.1.6:
FreeBSD FreeBSD 2.1.7.1:
FreeBSD FreeBSD 2.2:
FreeBSD FreeBSD 2.2.2:
FreeBSD FreeBSD 2.2.3:
FreeBSD FreeBSD 2.2.4:
FreeBSD FreeBSD 2.2.5:
FreeBSD FreeBSD 2.2.6:
FreeBSD FreeBSD 2.2.8:
FreeBSD FreeBSD 3.0:
FreeBSD FreeBSD 3.1:
FreeBSD FreeBSD 3.2:
FreeBSD FreeBSD 3.3:
FreeBSD FreeBSD 3.4:
FreeBSD FreeBSD 3.5:
FreeBSD FreeBSD 3.5.1:
FreeBSD FreeBSD 4.0:
FreeBSD FreeBSD 4.1:
FreeBSD FreeBSD 4.1.1:
FreeBSD FreeBSD 4.2:
FreeBSD FreeBSD 4.3:
FreeBSD FreeBSD 4.4:
FreeBSD FreeBSD 4.5:
NetBSD NetBSD 1.0:
NetBSD NetBSD 1.1:
NetBSD NetBSD 1.2:
NetBSD NetBSD 1.2.1:
NetBSD NetBSD 1.3:
NetBSD NetBSD 1.3.1:
NetBSD NetBSD 1.3.2:
NetBSD NetBSD 1.3.3:
NetBSD NetBSD 1.4:
NetBSD NetBSD 1.4.1 x86:
NetBSD NetBSD 1.4.1 SPARC:
NetBSD NetBSD 1.4.1 sh3:
NetBSD NetBSD 1.4.1 arm32:
NetBSD NetBSD 1.4.1 Alpha:
NetBSD NetBSD 1.4.1:
NetBSD NetBSD 1.4.2 x86:
NetBSD NetBSD 1.4.2 SPARC:
NetBSD NetBSD 1.4.2 arm32:
NetBSD NetBSD 1.4.2 Alpha:
NetBSD NetBSD 1.4.2:
NetBSD NetBSD 1.4.3:
NetBSD NetBSD 1.5 x86:
NetBSD NetBSD 1.5 sh3:
NetBSD NetBSD 1.5:
NetBSD NetBSD 1.5.1:
NetBSD NetBSD 1.5.2:
OpenBSD OpenBSD 2.0:
OpenBSD OpenBSD 2.1:
OpenBSD OpenBSD 2.2:
OpenBSD OpenBSD 2.3:
OpenBSD OpenBSD 2.4:
OpenBSD OpenBSD 2.5:
OpenBSD OpenBSD 2.6:
OpenBSD OpenBSD 2.7:
OpenBSD OpenBSD 2.8:
OpenBSD OpenBSD 2.9:
OpenBSD OpenBSD 3.0:

参考:
http://online.securityfocus.com/archive/1/263422
http://online.securityfocus.com/archive/1/263216
http://online.securityfocus.com/archive/1/262733
http://www.freebsd.org/
http://www.netbsd.org/
http://www.openbsd.org/
http://www.freebsd.org/cgi/query-pr.cgi?pr=35022

关于我们 | 加入我们 | 网站结构 | 交换连接 | 联系我们

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Network Security Group.
All Rights Reserved.
W3C XHTML 1.0 Strict & CSS 1.2 Valid.