CVE-2011-1093

Опубликовано: 02 мар. 2011

Источник: redhat

CVSS2: 7.8

Описание

The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet.

Отчет

This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not include support for the DCCP protocol. Future updates in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG may address this flaw.

Меры по смягчению последствий

For users that do not run applications that use DCCP, you can prevent the dccp module from being loaded by adding the following entry to the end of the /etc/modprobe.d/blacklist file: blacklist dccp This way, the dccp module cannot be loaded accidentally, which may occur if an application that requires DCCP is started. A reboot is not necessary for this change to take effect but do make sure the module is not loaded in the first place. You can verify that by running: lsmod | grep dccp You may also consider removing the CAP_SYS_MODULE capability from the current global capability set to prevent kernel modules from being loaded or unloaded. The CAP_SYS_MODULE has a capability number of 16 (see linux/capability.h). The default value has all the bits set. To remove this capability, you have to clear the 16th bit of the default 32-bit value, e.g. 0xffffff ^ (1 << 16): echo 0xFFFEFFFF > /proc/sys/kernel/cap-bound