多家厂商TCP/IP协议栈实现ICMP拒绝服务漏洞

2008-04-09 04:23:23来源：互联网阅读 ()

多家厂商TCP/IP协议栈实现ICMP拒绝服务漏洞

发布日期：2005-04-21
更新日期：2005-04-21

受影响系统：

Cisco Catalyst 6624
Cisco Catalyst 6608
Cisco IOS XR
Cisco IOS 12.3
Cisco IOS 12.2
Cisco IOS 12.1
Cisco IOS 12.0
Cisco PIX Firewall 6.3.3(133)
Cisco PIX Firewall 6.3.2
Cisco PIX Firewall 6.3.1
Cisco PIX Firewall 6.3
Cisco PIX Firewall 6.2.3
Cisco PIX Firewall 6.2.2
Cisco PIX Firewall 6.2.1
Cisco PIX Firewall 6.2
IBM AIX 5.3L
IBM AIX 5.3
IBM AIX 5.2L
IBM AIX 5.2
IBM AIX 5.1L
IBM AIX 5.1
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows 2000
NetAppliance NetCache C630 3.3.1
SCO Unixware 7.1.4
Sun Solaris 9.0_x86
Sun Solaris 9.0
Sun Solaris 8.0_x86
Sun Solaris 8.0
Sun Solaris 7.0_x86
Sun Solaris 7.0
Sun Solaris 10_x86
Sun Solaris 10
WatchGuard FireboxII Firmware 4.6
WatchGuard FireboxII Firmware 4.5
WatchGuard FireboxII Firmware 4.4
WatchGuard FireboxII Firmware 4.3
WatchGuard FireboxII Firmware 4.2
WatchGuard FireboxII Firmware 4.1
WatchGuard FireboxII Firmware 4.0
WatchGuard SOHO 2.2
WatchGuard SOHO Firewall 5.0.35
WatchGuard SOHO Firewall 5.0.31
WatchGuard SOHO Firewall 5.0.29
WatchGuard SOHO Firewall 5.0.28
WatchGuard SOHO Firewall 2.2.1
WatchGuard SOHO Firewall 2.1.3
WatchGuard SOHO Firewall 1.6
RedBack Networks AOS
Cisco VPN 5000 Concentrator
WatchGuard Firebox V80
WatchGuard Firebox V60
WatchGuard Firebox V100
WatchGuard Firebox V10
WatchGuard Firebox II 4.5
WatchGuard Firebox II 4.1
WatchGuard Firebox Firmware 6.0
WatchGuard Firebox Firmware 5.0
WatchGuard Firebox 4500
WatchGuard Firebox 2500
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 2.1 IA64
RedHat Enterprise Linux AS 2.1
RedHat Desktop 3.0
Cisco CSS 11500
Cisco CSS 11000
Cisco GSS 4490
Cisco GSS 4480
Cisco MDS 9000 2.0 (0.86)
Cisco MDS 9000 1.3 (4a)
Cisco MDS 9000 1.3 (3.33)
Cisco MDS 9000
Cisco ONS 15454 IOS-Based Blades
Cisco ONS 15305
Cisco ONS 15302
Juniper Networks M-series Router M5
Juniper Networks M-series Router M40e
Juniper Networks M-series Router M40
Juniper Networks M-series Router M20
Juniper Networks M-series Router M160
Juniper Networks M-series Router M10
Juniper Networks T-series Router T640
Juniper Networks T-series Router T320
RedHat Advanced Workstation 2.1 IA64
RedHat Advanced Workstation 2.1
Wind River Systems BSD/OS 5.0
Wind River Systems BSD/OS 4.3.1
Wind River Systems BSD/OS 4.2

描述：

BUGTRAQ ID: 13124
CVE(CAN) ID: CVE-2004-1060,CVE-2004-0791,CVE-2004-0790,CVE-2005-0068,CVE-2005-0067,CVE-2005-0066,CVE-2005-0065

TCP/IP互联网控制消息协议（ICMP）是多个厂商都在使用的网络协议，使用IP通讯的主机和路由器可以使用ICMP报告错误和交换控制和状态信息。

多家厂商的TCP/IP协议栈ICMP实现中存在多种拒绝服务漏洞，远程攻击者可能利用这些漏洞对主机进行拒绝服务攻击。

1、多家厂商TCP/IP协议栈实现受连接重置攻击的影响，起因是如果收到了特制的ICMP消息的话就会丢掉已有的连接。远程攻击者可以利用这个漏洞终止目标TCP连接，造成合法用户的拒绝服务。

2、多家厂商TCP/IP协议栈实现受ICMP源站抑制攻击的影响，起因是主机在响应ICMP源站抑制消息时必须降低相关连接的传输速度。远程攻击者可以利用这个漏洞降低TCP连接的性能，造成合法用户的拒绝服务。

3、如果部署使用PMTUD的话，多家厂商TCP/IP协议栈实现受ICMP PMTUD攻击的影响。攻击者可以向目标主机发送特制的ICMP消息，降低特定连接的MTU。远程攻击者可以利用这个漏洞降低TCP连接的性能，造成合法用户的拒绝服务。

<*来源：Fernando Gont

链接：http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml
http://www.microsoft.com/technet/security/Bulletin/MS05-019.mspx
http://lwn.net/Alerts/119833/
http://lwn.net/Alerts/120231/
http://lwn.net/Alerts/120232/
http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-57746-1
http://www.us-cert.gov/cas/techalerts/TA04-111A.html
*>

测试方法：

警告

以下程序(方法)可能带有攻击性，仅供安全研究与教学之用。使用者风险自负！

/* HOD-icmp-attacks-poc.c: 2005-04-15: PUBLIC v.0.2
*
* Copyright (c) 2004-2005 houseofdabus.
*
* (MS05-019) (CISCO:20050412)
* ICMP attacks against TCP (Proof-of-Concept)

标签：

版权申明：本站文章部分自网络，如有侵权，请联系：west999com@outlook.com
特别注意：本站所有转载文章言论不代表本站观点，本站所提供的摄影照片，插画，设计作品，如需使用，请与原作者联系，版权归原作者所有