luo
2018-10-05 15:46:07 UTC
I just applied for the cve number at https://cveform.mitre.org/. I don't know if it is correct to publish the complete information. Please check the community. This vulnerability is very different. Almost all versions of the kernel will work with the centos desktop version. Memory remote accumulation leads to secure remote denial of service
-------- Forwarding messages --------
From: cve-***@mitre.org
Date: 2018-10-04 11:31:06
To: ***@163.com
Cc: cve-***@mitre.org
Subject: Re: [scr579986] CentOS and IPSec
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- --
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
http://cve.mitre.org/cve/request_id.html ]
-------- Forwarding messages --------
From: cve-***@mitre.org
Date: 2018-10-04 11:31:06
To: ***@163.com
Cc: cve-***@mitre.org
Subject: Re: [scr579986] CentOS and IPSec
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
[Suggested description]
The Linux kernel 4.14.67 mishandles certain interaction among XFRM
Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which
allows local users to cause a denial of service (memory consumption
and system hang) by leveraging root access to execute crafted
applications, as demonstrated on CentOS 7.
------------------------------------------
[Additional Information]
ipsec Can cause the
remote memory of the centos desktop version to run out, I tested this
problem with centos6.10 centos7.10 , but the minimal installation
version is not very obvious
1.Compile the kernel and start compiling options
<*> IP:AH transformation
<*> IP:ESP transformation
<*> IP:IPComp transformation
<*> IP:IPsec transport mode
<*> IP:IPsec tunnel mode
<*> IP:IPsec BEET mode
2.Modify the firewall or turn off the firewall to allow the ah
protocol or the esp protocol to pass through the firewall. 3.Run
ah_add on the target machine with root privileges, you need to modify
the inet_addr("127.0.0.1") of line 101 of ah_add.c; it refers to the
local address (the address of the target machine)
https://drive.google.com/file/d/15aIxj_yupCcs7i14AIlE8U2ySfOyovnk/view
4,.Run ipip as an attacker with root privileges,Need to modify the
source address and destination address in the main function, the
destination address refers to the IP address of the target machine
https://drive.google.com/file/d/1_dh_KX0JpJdoWQopN1KWORwJsQlah7Nv/view
5.Running the free command can obviously see the decline in the amount
of memory remaining space.Finally, it may lead to deadlock, shutdown
may be, the centos7 desktop version may be more obvious
Can cause the remote memory of the centos desktop version to run out,
I tested this problem with centos6.10 centos7.10, but the minimal
installation version is not very obvious
And the strange thing is that when I tested ubuntu, there was no such
problem. Basically, most kernel versions can cause this effect.
------------------------------------------
[VulnerabilityType Other]
Memory accumulation, memory application speed exceeds release speed, causing denial of service
------------------------------------------
[Vendor of Product]
CentOS desktop remote denial of service about ipsec
------------------------------------------
[Affected Product Code Base]
CentOS desktop - CentOS desktop6 CentOS desktop7
------------------------------------------
[Affected Component]
Can cause the remote memory of the centos desktop version to run out, I tested this problem with centos6.10 centos7.10,
https://drive.google.com/file/d/1TmOuAV56JiLP_bTnCQIAFVemN9OoDlIa/view?usp=sharing
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Denial of Service]
true
------------------------------------------
[Attack Vectors]
A packet attack opens a secure server that can cause a remote denial of service
------------------------------------------
[Reference]
https://drive.google.com/file/d/1TmOuAV56JiLP_bTnCQIAFVemN9OoDlIa/view?usp=sharing
https://drive.google.com/file/d/1Mjr9Pu_dAjet2Bq_iWCEUIQkUtSTIBVK/view?usp=sharing
https://drive.google.com/file/d/15aIxj_yupCcs7i14AIlE8U2ySfOyovnk/view
https://drive.google.com/file/d/1_dh_KX0JpJdoWQopN1KWORwJsQlah7Nv/view
------------------------------------------
[Discoverer]
360 ESG Codesafe Team luo quan
Use CVE-2018-17977.The Linux kernel 4.14.67 mishandles certain interaction among XFRM
Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which
allows local users to cause a denial of service (memory consumption
and system hang) by leveraging root access to execute crafted
applications, as demonstrated on CentOS 7.
------------------------------------------
[Additional Information]
ipsec Can cause the
remote memory of the centos desktop version to run out, I tested this
problem with centos6.10 centos7.10 , but the minimal installation
version is not very obvious
1.Compile the kernel and start compiling options
<*> IP:AH transformation
<*> IP:ESP transformation
<*> IP:IPComp transformation
<*> IP:IPsec transport mode
<*> IP:IPsec tunnel mode
<*> IP:IPsec BEET mode
2.Modify the firewall or turn off the firewall to allow the ah
protocol or the esp protocol to pass through the firewall. 3.Run
ah_add on the target machine with root privileges, you need to modify
the inet_addr("127.0.0.1") of line 101 of ah_add.c; it refers to the
local address (the address of the target machine)
https://drive.google.com/file/d/15aIxj_yupCcs7i14AIlE8U2ySfOyovnk/view
4,.Run ipip as an attacker with root privileges,Need to modify the
source address and destination address in the main function, the
destination address refers to the IP address of the target machine
https://drive.google.com/file/d/1_dh_KX0JpJdoWQopN1KWORwJsQlah7Nv/view
5.Running the free command can obviously see the decline in the amount
of memory remaining space.Finally, it may lead to deadlock, shutdown
may be, the centos7 desktop version may be more obvious
Can cause the remote memory of the centos desktop version to run out,
I tested this problem with centos6.10 centos7.10, but the minimal
installation version is not very obvious
And the strange thing is that when I tested ubuntu, there was no such
problem. Basically, most kernel versions can cause this effect.
------------------------------------------
[VulnerabilityType Other]
Memory accumulation, memory application speed exceeds release speed, causing denial of service
------------------------------------------
[Vendor of Product]
CentOS desktop remote denial of service about ipsec
------------------------------------------
[Affected Product Code Base]
CentOS desktop - CentOS desktop6 CentOS desktop7
------------------------------------------
[Affected Component]
Can cause the remote memory of the centos desktop version to run out, I tested this problem with centos6.10 centos7.10,
https://drive.google.com/file/d/1TmOuAV56JiLP_bTnCQIAFVemN9OoDlIa/view?usp=sharing
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Denial of Service]
true
------------------------------------------
[Attack Vectors]
A packet attack opens a secure server that can cause a remote denial of service
------------------------------------------
[Reference]
https://drive.google.com/file/d/1TmOuAV56JiLP_bTnCQIAFVemN9OoDlIa/view?usp=sharing
https://drive.google.com/file/d/1Mjr9Pu_dAjet2Bq_iWCEUIQkUtSTIBVK/view?usp=sharing
https://drive.google.com/file/d/15aIxj_yupCcs7i14AIlE8U2ySfOyovnk/view
https://drive.google.com/file/d/1_dh_KX0JpJdoWQopN1KWORwJsQlah7Nv/view
------------------------------------------
[Discoverer]
360 ESG Codesafe Team luo quan
- --
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
http://cve.mitre.org/cve/request_id.html ]