Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.704272 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian Security Advisory DSA 4272-1 (linux - security update) |
Zusammenfassung: | CVE-2018-5391 (FragmentSmack);;Juha-Matti Tilli discovered a flaw in the way the Linux kernel;handled reassembly of fragmented IPv4 and IPv6 packets. A remote;attacker can take advantage of this flaw to trigger time and;calculation expensive fragment reassembly algorithms by sending;specially crafted packets, leading to remote denial of service.;;This is mitigated by reducing the default limits on memory usage;for incomplete fragmented packets. The same mitigation can be;achieved without the need to reboot, by setting the sysctls:;;net.ipv4.ipfrag_low_thresh = 196608 net.ipv6.ip6frag_low_thresh = 196608 net.ipv4.ipfrag_high_thresh = 262144 net.ipv6.ip6frag_high_thresh = 262144;The default values may still be increased by local configuration;if necessary. |
Beschreibung: | Summary: CVE-2018-5391 (FragmentSmack) Juha-Matti Tilli discovered a flaw in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker can take advantage of this flaw to trigger time and calculation expensive fragment reassembly algorithms by sending specially crafted packets, leading to remote denial of service. This is mitigated by reducing the default limits on memory usage for incomplete fragmented packets. The same mitigation can be achieved without the need to reboot, by setting the sysctls: net.ipv4.ipfrag_low_thresh = 196608 net.ipv6.ip6frag_low_thresh = 196608 net.ipv4.ipfrag_high_thresh = 262144 net.ipv6.ip6frag_high_thresh = 262144 The default values may still be increased by local configuration if necessary. Affected Software/OS: linux on Debian Linux Solution: For the stable distribution (stretch), this problem has been fixed in version 4.9.110-3+deb9u2. We recommend that you upgrade your linux packages. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-5391 BugTraq ID: 105108 http://www.securityfocus.com/bid/105108 CERT/CC vulnerability note: VU#641765 https://www.kb.cert.org/vuls/id/641765 Debian Security Information: DSA-4272 (Google Search) https://www.debian.org/security/2018/dsa-4272 https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists/oss-security/2019/07/06/4 RedHat Security Advisories: RHSA-2018:2785 https://access.redhat.com/errata/RHSA-2018:2785 RedHat Security Advisories: RHSA-2018:2791 https://access.redhat.com/errata/RHSA-2018:2791 RedHat Security Advisories: RHSA-2018:2846 https://access.redhat.com/errata/RHSA-2018:2846 RedHat Security Advisories: RHSA-2018:2924 https://access.redhat.com/errata/RHSA-2018:2924 RedHat Security Advisories: RHSA-2018:2925 https://access.redhat.com/errata/RHSA-2018:2925 RedHat Security Advisories: RHSA-2018:2933 https://access.redhat.com/errata/RHSA-2018:2933 RedHat Security Advisories: RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:2948 RedHat Security Advisories: RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3083 RedHat Security Advisories: RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2018:3096 RedHat Security Advisories: RHSA-2018:3459 https://access.redhat.com/errata/RHSA-2018:3459 RedHat Security Advisories: RHSA-2018:3540 https://access.redhat.com/errata/RHSA-2018:3540 RedHat Security Advisories: RHSA-2018:3586 https://access.redhat.com/errata/RHSA-2018:3586 RedHat Security Advisories: RHSA-2018:3590 https://access.redhat.com/errata/RHSA-2018:3590 http://www.securitytracker.com/id/1041476 http://www.securitytracker.com/id/1041637 https://usn.ubuntu.com/3740-1/ https://usn.ubuntu.com/3740-2/ https://usn.ubuntu.com/3741-1/ https://usn.ubuntu.com/3741-2/ https://usn.ubuntu.com/3742-1/ https://usn.ubuntu.com/3742-2/ |
Copyright | Copyright (C) 2018 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |