Foro de elhacker.net

Seguridad Informática => Bugs y Exploits => Mensaje iniciado por: j0s3x002 en 23 Febrero 2017, 12:55 pm


Título: duda vulnerabilidad en Linux kernel: CVE-2017-6074: DCCP double-free vulnerabili
Publicado por: j0s3x002 en 23 Febrero 2017, 12:55 pm
Hola a t2! ;-)

Estoy investigando sobre la vulnerabilidad que afecta al kernel de Linux: CVE-2017-6074, concretamente afecta si el el kernel es construido con CONFIG_IP_DCCP para que la vulnerabilidad esté presente. Muchas de las distribuciones modernas permiten esta opción por defecto.

La duda es saber si mi sistema está afectado por esta vulnerabilidad.

Desconozco la forma de saber si mi distro está construido con CONFIG_IP_DCCP, y tampoco localizo el fichero /net/dccp/input.c .

Esta es la versión de mi sistema y los ficheros que tengo relacionados con dccp son:

Red Hat Enterprise Linux Server release 6.6 (Santiago)

# locate dccp
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/dccp
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/dccp/dccp.ko
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/dccp/dccp_diag.ko
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/dccp/dccp_ipv4.ko
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/dccp/dccp_ipv6.ko
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/dccp/dccp_probe.ko
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/ipv4/netfilter/nf_nat_proto_dccp.ko
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/netfilter/nf_conntrack_proto_dccp.ko
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/netfilter/xt_dccp.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/dccp
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/dccp/dccp.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/dccp/dccp_diag.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/dccp/dccp_ipv4.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/dccp/dccp_ipv6.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/dccp/dccp_probe.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/ipv4/netfilter/nf_nat_proto_dccp.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/netfilter/nf_conntrack_proto_dccp.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/netfilter/xt_dccp.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/dccp
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/dccp/dccp.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/dccp/dccp_diag.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/dccp/dccp_ipv4.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/dccp/dccp_ipv6.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/dccp/dccp_probe.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/ipv4/netfilter/nf_nat_proto_dccp.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/netfilter/nf_conntrack_proto_dccp.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/netfilter/xt_dccp.ko
/lib64/xtables/libxt_dccp.so
/lib64/xtables-1.4.7/libxt_dccp.so
/usr/include/linux/dccp.h
/usr/include/linux/netfilter/xt_dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/inet/dccp
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/inet/dccp/diag.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/ip/dccp
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/ip/dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/ip/dccp/ccid3
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/ip/dccp/ccid3.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/ip/dccp/tfrc
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/ip/dccp/ccid3/rto.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/ip/dccp/tfrc/lib.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/net/dccpprobe.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/netfilter/xt/match/dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/nf/ct/proto/dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/nf/nat/proto/dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/linux/dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/linux/netfilter/nf_conntrack_dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/linux/netfilter/xt_dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/net/netns/dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/net/dccp
/usr/src/kernels/2.6.32-504.el6.x86_64/net/dccp/Kconfig
/usr/src/kernels/2.6.32-504.el6.x86_64/net/dccp/Makefile
/usr/src/kernels/2.6.32-504.el6.x86_64/net/dccp/ccids
/usr/src/kernels/2.6.32-504.el6.x86_64/net/dccp/ccids/Kconfig
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/inet/dccp
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/inet/dccp/diag.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/ip/dccp
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/ip/dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/ip/dccp/ccid3
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/ip/dccp/ccid3.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/ip/dccp/tfrc
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/ip/dccp/ccid3/rto.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/ip/dccp/tfrc/lib.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/net/dccpprobe.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/netfilter/xt/match/dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/nf/ct/proto/dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/nf/nat/proto/dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/linux/dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/linux/netfilter/nf_conntrack_dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/linux/netfilter/xt_dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/net/netns/dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/net/dccp
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/net/dccp/Kconfig
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/net/dccp/Makefile
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/net/dccp/ccids
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/net/dccp/ccids/Kconfig
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/inet/dccp
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/inet/dccp/diag.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/ip/dccp
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/ip/dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/ip/dccp/ccid3
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/ip/dccp/ccid3.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/ip/dccp/tfrc
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/ip/dccp/ccid3/rto.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/ip/dccp/tfrc/lib.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/net/dccpprobe.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/netfilter/xt/match/dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/nf/ct/proto/dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/nf/nat/proto/dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/linux/dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/linux/netfilter/nf_conntrack_dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/linux/netfilter/xt_dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/net/netns/dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/net/dccp
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/net/dccp/Kconfig
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/net/dccp/Makefile
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/net/dccp/ccids
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/net/dccp/ccids/Kconfig

Veo mención a dccp, pero desconozco si mi sistema está usandolo y si tengo afectación para saber si necesito aplicar el parche facilitado por Red Hat.

Alguien por aquí que me pueda aportar algo de ayuda?

muchas gracias de antemano, salu2

Título: Re: duda vulnerabilidad en Linux kernel: CVE-2017-6074: DCCP double-free vulnerabili
Publicado por: MCKSys Argentina en 23 Febrero 2017, 15:42 pm
Citar
This issue affects Red Hat Enterprise Linux 5, 6, 7, and Red Hat Enterprise MRG 2 kernels.

Source: https://access.redhat.com/security/cve/CVE-2017-6074 (https://access.redhat.com/security/cve/CVE-2017-6074)

Saludos!

Título: Re: duda vulnerabilidad en Linux kernel: CVE-2017-6074: DCCP double-free vulnerabili
Publicado por: j0s3x002 en 24 Febrero 2017, 12:15 pm
he estado revisando el enlace a la info de red hat, gracias MCKSys por el aporte. ;-)

Os muestro la salida del script de evaluación de si es el sistema es vulnerable:

This script is primarily designed to detect CVE-2017-6074 on supported
RHEL systems and kernel packages.
Result may be inaccurate for other RPM based systems.

Detected kernel package is '2.6.32-642.6.2.el6.x86_64'.
This kernel version is vulnerable.
Either update kernel package or apply mitigation (SELinux on RHEL6 and RHEL7 or disable DCCP loading).
Follow https://access.redhat.com/security/vulnerabilities/2934281 for advice.


Finalmente, he conseguido saber que no tengo cargado el módulo, pero por la salida del script, veo que Red hat indica que la versión del kernel es vulnerable e INTERPRETO que recomienda deshabilitar DCCP aunque no lo tengas cargado, por lo que salvo que lo haya interpretado mal, tengo que aplicar la mitigación o actualizar la versión del kernel.

Entiendo que si no fuera necesario realizar ninguna acción, hubieran añadido un checkeo adicional para indicarlo en el script, no creéis?

Alguien más lo interpreta así??  Salu2    ;-)



Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines