Linux SCTP 多个远程拒绝服务漏洞

CNNVD-ID编号	CNNVD-200605-146
CVE编号	CVE-2006-2272
发布时间	2006-05-09
更新时间	2006-05-10
漏洞类型	设计错误
漏洞来源	This issue was discovered by the Mu Security research team.
危险等级	高危
威胁类型	远程
厂商	lksctp

漏洞介绍

Linux SCTP (lksctp) 2.6.17之前版本可以使远程攻击者借助引入的IP碎片整理的(1) COOKIE_ECHO和(2) HEARTBEAT SCTP控制组块，引起拒绝服务(内核恐慌)。

漏洞补丁

Linux kernel源控制库已经进行了修复。请参见厂商公告和修补程序。 Linux kernel 2.6.16

Linux [SCTP]: Fix panic's when receiving fragmented SCTP control chunks. http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813
Linux [SCTP]: Fix state table entries for chunks received in CLOSED state. http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e

Linux kernel 2.6.16 13

Linux [SCTP]: Fix panic's when receiving fragmented SCTP control chunks. http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813
Linux [SCTP]: Fix state table entries for chunks received in CLOSED state. http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e

Linux kernel 2.6.16 .9

Linux [SCTP]: Fix panic's when receiving fragmented SCTP control chunks. http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813
Linux [SCTP]: Fix state table entries for chunks received in CLOSED state. http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e

Linux kernel 2.6.16 .11

Linux [SCTP]: Fix panic's when receiving fragmented SCTP control chunks. http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813
Linux [SCTP]: Fix state table entries for chunks received in CLOSED state. http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e

Linux kernel 2.6.16

Linux [SCTP]: Fix panic's when receiving fragmented SCTP control chunks. http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813
Linux [SCTP]: Fix state table entries for chunks received in CLOSED state. http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e

Linux kernel 2.6.16 .1

Linux [SCTP]: Fix panic's when receiving fragmented SCTP control chunks. http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813
Linux [SCTP]: Fix state table entries for chunks received in CLOSED state. http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e

Linux kernel 2.6.16

Linux [SCTP]: Fix panic's when receiving fragmented SCTP control chunks. http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813
Linux [SCTP]: Fix state table entries for chunks received in CLOSED state. http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e

Linux kernel 2.6.16

Linux [SCTP]: Fix panic's when receiving fragmented SCTP control chunks. http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813
Linux [SCTP]: Fix state table entries for chunks received in CLOSED state. http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e

Linux kernel 2.6.16

Linux [SCTP]: Fix panic's when receiving fragmented SCTP control chunks. http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813
Linux [SCTP]: Fix state table entries for chunks received in CLOSED state. http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e

Linux kernel 2.6.16

Linux [SCTP]: Fix panic's when receiving fragmented SCTP control chunks. http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813
Linux [SCTP]: Fix state table entries for chunks received in CLOSED state. http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e
RedHat Fedora kernel-2.6.16-1.2122_FC5.i586.rpmFedora Core 5 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

参考网址

来源: VUPEN

名称: ADV-2006-1734

链接：http://www.frsirt.com/english/advisories/2006/1734
来源: SECUNIA

名称: 19990

链接：http://secunia.com/advisories/19990
来源: MISC

链接：http://labs.musecurity.com/advisories/MU-200605-01.txt
来源: git.kernel.org

链接：http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813
来源: FULLDISC

名称: 20060508 [MU-200605-01] Multiple vulnerabilities in Linux SCTP 2.6.16

链接：http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0227.html
来源: XF

名称: linux-sctp-control-chunk-dos(26431)

链接：http://xforce.iss.net/xforce/xfdb/26431
来源: UBUNTU

名称: USN-302-1

链接：http://www.ubuntu.com/usn/usn-302-1
来源: TRUSTIX

名称: 2006-0026

链接：http://www.trustix.org/errata/2006/0026
来源: BID

名称: 17910

链接：http://www.securityfocus.com/bid/17910
来源: REDHAT

名称: RHSA-2006:0493

链接：http://www.redhat.com/support/errata/RHSA-2006-0493.html
来源: OSVDB

名称: 25633

链接：http://www.osvdb.org/25633
来源: SUSE

名称: SUSE-SA:2006:028

链接：http://www.novell.com/linux/security/advisories/2006-05-31.html
来源: MANDRIVA

名称: MDKSA-2006:086

链接：http://www.mandriva.com/security/advisories?name=MDKSA-2006:086
来源: VUPEN

名称: ADV-2006-2554

链接：http://www.frsirt.com/english/advisories/2006/2554
来源: DEBIAN

名称: DSA-1103

链接：http://www.debian.org/security/2006/dsa-1103
来源: DEBIAN

名称: DSA-1097

链接：http://www.debian.org/security/2006/dsa-1097
来源: support.avaya.com

链接：http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm
来源: SECUNIA

名称: 21745

链接：http://secunia.com/advisories/21745
来源: SECUNIA

名称: 21476

链接：http://secunia.com/advisories/21476
来源: SECUNIA

名称: 20914

链接：http://secunia.com/advisories/20914
来源: SECUNIA

名称: 20716

链接：http://secunia.com/advisories/20716
来源: SECUNIA

名称: 20671

链接：http://secunia.com/advisories/20671
来源: SECUNIA

名称: 20398

链接：http://secunia.com/advisories/20398
来源: SECUNIA

名称: 20237

链接：http://secunia.com/advisories/20237
来源: SECUNIA

名称: 20157

链接：http://secunia.com/advisories/20157

受影响实体

Lksctp Stream_control_transmission_protocol:2.6.16

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-146