English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.704272
Kategorie:Debian Local Security Checks
Titel:Debian Security Advisory DSA 4272-1 (linux - security update)
Zusammenfassung:CVE-2018-5391 (FragmentSmack);;Juha-Matti Tilli discovered a flaw in the way the Linux kernel;handled reassembly of fragmented IPv4 and IPv6 packets. A remote;attacker can take advantage of this flaw to trigger time and;calculation expensive fragment reassembly algorithms by sending;specially crafted packets, leading to remote denial of service.;;This is mitigated by reducing the default limits on memory usage;for incomplete fragmented packets. The same mitigation can be;achieved without the need to reboot, by setting the sysctls:;;net.ipv4.ipfrag_low_thresh = 196608 net.ipv6.ip6frag_low_thresh = 196608 net.ipv4.ipfrag_high_thresh = 262144 net.ipv6.ip6frag_high_thresh = 262144;The default values may still be increased by local configuration;if necessary.
Beschreibung:Summary:
CVE-2018-5391 (FragmentSmack)

Juha-Matti Tilli discovered a flaw in the way the Linux kernel
handled reassembly of fragmented IPv4 and IPv6 packets. A remote
attacker can take advantage of this flaw to trigger time and
calculation expensive fragment reassembly algorithms by sending
specially crafted packets, leading to remote denial of service.

This is mitigated by reducing the default limits on memory usage
for incomplete fragmented packets. The same mitigation can be
achieved without the need to reboot, by setting the sysctls:

net.ipv4.ipfrag_low_thresh = 196608 net.ipv6.ip6frag_low_thresh = 196608 net.ipv4.ipfrag_high_thresh = 262144 net.ipv6.ip6frag_high_thresh = 262144
The default values may still be increased by local configuration
if necessary.

Affected Software/OS:
linux on Debian Linux

Solution:
For the stable distribution (stretch), this problem has been fixed in
version 4.9.110-3+deb9u2.

We recommend that you upgrade your linux packages.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-5391
BugTraq ID: 105108
http://www.securityfocus.com/bid/105108
CERT/CC vulnerability note: VU#641765
https://www.kb.cert.org/vuls/id/641765
Debian Security Information: DSA-4272 (Google Search)
https://www.debian.org/security/2018/dsa-4272
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f
https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
http://www.openwall.com/lists/oss-security/2019/06/28/2
http://www.openwall.com/lists/oss-security/2019/07/06/3
http://www.openwall.com/lists/oss-security/2019/07/06/4
RedHat Security Advisories: RHSA-2018:2785
https://access.redhat.com/errata/RHSA-2018:2785
RedHat Security Advisories: RHSA-2018:2791
https://access.redhat.com/errata/RHSA-2018:2791
RedHat Security Advisories: RHSA-2018:2846
https://access.redhat.com/errata/RHSA-2018:2846
RedHat Security Advisories: RHSA-2018:2924
https://access.redhat.com/errata/RHSA-2018:2924
RedHat Security Advisories: RHSA-2018:2925
https://access.redhat.com/errata/RHSA-2018:2925
RedHat Security Advisories: RHSA-2018:2933
https://access.redhat.com/errata/RHSA-2018:2933
RedHat Security Advisories: RHSA-2018:2948
https://access.redhat.com/errata/RHSA-2018:2948
RedHat Security Advisories: RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:3083
RedHat Security Advisories: RHSA-2018:3096
https://access.redhat.com/errata/RHSA-2018:3096
RedHat Security Advisories: RHSA-2018:3459
https://access.redhat.com/errata/RHSA-2018:3459
RedHat Security Advisories: RHSA-2018:3540
https://access.redhat.com/errata/RHSA-2018:3540
RedHat Security Advisories: RHSA-2018:3586
https://access.redhat.com/errata/RHSA-2018:3586
RedHat Security Advisories: RHSA-2018:3590
https://access.redhat.com/errata/RHSA-2018:3590
http://www.securitytracker.com/id/1041476
http://www.securitytracker.com/id/1041637
https://usn.ubuntu.com/3740-1/
https://usn.ubuntu.com/3740-2/
https://usn.ubuntu.com/3741-1/
https://usn.ubuntu.com/3741-2/
https://usn.ubuntu.com/3742-1/
https://usn.ubuntu.com/3742-2/
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.