|NetBSD/FreeBSD IPComp实现栈溢出远程内存破坏漏洞

NetBSD/FreeBSD IPComp实现栈溢出远程内存破坏漏洞

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

Bugtraq ID: 47123 IPcomp是一款IP有效载荷压缩协议，为IP层提供无损耗压缩。源自NetBSD/KAME的IPComp实现，未压缩负载的注入其代码类似如下： algo = ipcomp_algorithm_lookup(cpi); /* ... */ error = (*algo->decompress)(m, m->m_next, &newlen); /* ... */ if (nxt != IPPROTO_DONE) { if ((inetsw[ip_protox[nxt]].pr_flags & PR_LASTHDR) != 0 && ipsec4_in_reject(m, NULL)) { IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); goto fail; } (*inetsw[ip_protox[nxt]].pr_input)(m, off, nxt); } else m_freem(m); /* ... */ 这里的inetsw[]包含的是其所支持的协议，nxt是协议号，一般相关于ip->ip_p (查看 http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml)，但是在这个情况却来自ipcomp->comp_nxt，m是用于调整未压缩有效负载指向的mbuf结构。未压缩报文分派到ipcomp协议处理器所提供的相应的协议处理程序，这个递归实现没有正确检查栈溢出，因此可触发一个远程未验证内核内存破坏漏洞。 NetBSD/KAME网络栈用于多个操作系统，如Xnu, FTOS，嵌入设备和网络应用设备，早期的FreeBSD/OpenBSD版本。 NetBSD NetBSD 5.0.2 NetBSD NetBSD 5.0.1 NetBSD NetBSD Current NetBSD NetBSD 5.1 NetBSD NetBSD 5.0 RC3 NetBSD NetBSD 5.0 KAME KAME project 0 FreeBSD FreeBSD 6.0 .x FreeBSD FreeBSD 6.0 -STABLE FreeBSD FreeBSD 6.0 -RELEASE FreeBSD FreeBSD 5.5 -STABLE FreeBSD FreeBSD 5.5 -RELEASE FreeBSD FreeBSD 5.4 -RELENG FreeBSD FreeBSD 5.4 -RELEASE FreeBSD FreeBSD 5.4 -PRERELEASE FreeBSD FreeBSD 5.3 -STABLE FreeBSD FreeBSD 5.3 -RELENG FreeBSD FreeBSD 5.3 -RELEASE FreeBSD FreeBSD 5.3 FreeBSD FreeBSD 5.2.1 -RELEASE FreeBSD FreeBSD 5.2 -RELENG FreeBSD FreeBSD 5.2 -RELEASE FreeBSD FreeBSD 5.2 FreeBSD FreeBSD 5.1 -RELENG FreeBSD FreeBSD 5.1 -RELEASE/Alpha FreeBSD FreeBSD 5.1 -RELEASE-p5 FreeBSD FreeBSD 5.1 -RELEASE FreeBSD FreeBSD 5.1 FreeBSD FreeBSD 5.0 .x FreeBSD FreeBSD 5.0 -RELENG FreeBSD FreeBSD 5.0 -RELEASE-p14 FreeBSD FreeBSD 5.0 alpha FreeBSD FreeBSD 5.0 FreeBSD FreeBSD 4.11 -STABLE FreeBSD FreeBSD 4.11 -RELENG FreeBSD FreeBSD 4.11 -RELEASE-p3 FreeBSD FreeBSD 4.11 -RELEASE-p20 FreeBSD FreeBSD 4.11 -RELEASE FreeBSD FreeBSD 4.10 -RELENG FreeBSD FreeBSD 4.10 -RELEASE-p8 FreeBSD FreeBSD 4.10 -RELEASE FreeBSD FreeBSD 4.10 FreeBSD FreeBSD 4.9 -RELENG FreeBSD FreeBSD 4.9 -PRERELEASE FreeBSD FreeBSD 4.9 FreeBSD FreeBSD 4.8 -RELENG FreeBSD FreeBSD 4.8 -RELEASE-p7 FreeBSD FreeBSD 4.8 -PRERELEASE FreeBSD FreeBSD 4.8 FreeBSD FreeBSD 4.7 -STABLE FreeBSD FreeBSD 4.7 -RELENG FreeBSD FreeBSD 4.7 -RELEASE-p17 FreeBSD FreeBSD 4.7 -RELEASE FreeBSD FreeBSD 4.7 FreeBSD FreeBSD 4.6.2 FreeBSD FreeBSD 4.6 -STABLE FreeBSD FreeBSD 4.6 -RELENG FreeBSD FreeBSD 4.6 -RELEASE-p20 FreeBSD FreeBSD 4.6 -RELEASE FreeBSD FreeBSD 4.6 FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07 FreeBSD FreeBSD 4.5 -STABLE FreeBSD FreeBSD 4.5 -RELENG FreeBSD FreeBSD 4.5 -RELEASE-p32 FreeBSD FreeBSD 4.5 -RELEASE FreeBSD FreeBSD 4.5 FreeBSD FreeBSD 4.4 -STABLE FreeBSD FreeBSD 4.4 -RELENG FreeBSD FreeBSD 4.4 -RELEASE-p42 FreeBSD FreeBSD 4.4 FreeBSD FreeBSD 4.3 -STABLE FreeBSD FreeBSD 4.3 -RELENG FreeBSD FreeBSD 4.3 -RELEASE-p38 FreeBSD FreeBSD 4.3 -RELEASE FreeBSD FreeBSD 4.3 FreeBSD FreeBSD 4.2 -STABLEpre122300 FreeBSD FreeBSD 4.2 -STABLEpre050201 FreeBSD FreeBSD 4.2 -STABLE FreeBSD FreeBSD 4.2 -RELEASE FreeBSD FreeBSD 4.2 FreeBSD FreeBSD 4.1.1 -STABLE FreeBSD FreeBSD 4.1.1 -RELEASE FreeBSD FreeBSD 4.1.1 FreeBSD FreeBSD 4.1 FreeBSD FreeBSD 4.0 .x FreeBSD FreeBSD 4.0 -RELENG FreeBSD FreeBSD 4.0 alpha FreeBSD FreeBSD 4.0 FreeBSD FreeBSD 3.5.1 -STABLEpre2001-07-20 FreeBSD FreeBSD 3.5.1 -STABLE FreeBSD FreeBSD 3.5.1 -RELEASE FreeBSD FreeBSD 3.5.1 FreeBSD FreeBSD 3.5 x FreeBSD FreeBSD 3.5 -STABLEpre122300 FreeBSD FreeBSD 3.5 -STABLEpre050201 FreeBSD FreeBSD 3.5 -STABLE FreeBSD FreeBSD 3.5 FreeBSD FreeBSD 3.4 x FreeBSD FreeBSD 3.4 FreeBSD FreeBSD 3.3 x FreeBSD FreeBSD 3.3 FreeBSD FreeBSD 3.2 x FreeBSD FreeBSD 3.2 FreeBSD FreeBSD 3.1 x FreeBSD FreeBSD 3.1 FreeBSD FreeBSD 3.0 -RELENG FreeBSD FreeBSD 3.0 FreeBSD FreeBSD 2.2.8 FreeBSD FreeBSD 2.2.7 FreeBSD FreeBSD 2.2.6 FreeBSD FreeBSD 2.2.5 FreeBSD FreeBSD 2.2.4 FreeBSD FreeBSD 2.2.3 FreeBSD FreeBSD 2.2.2 FreeBSD FreeBSD 2.2 x FreeBSD FreeBSD 2.2 FreeBSD FreeBSD 2.1.7 .1 FreeBSD FreeBSD 2.1.7 FreeBSD FreeBSD 2.1.6 .1 FreeBSD FreeBSD 2.1.6 FreeBSD FreeBSD 2.1.5 FreeBSD FreeBSD 2.1 x FreeBSD FreeBSD 2.1 FreeBSD FreeBSD 2.0.5 FreeBSD FreeBSD 2.0 FreeBSD FreeBSD 1.1.5 .1 FreeBSD FreeBSD 1.1.5 FreeBSD FreeBSD 8.1-RELEASE FreeBSD FreeBSD 8.1-PRERELEASE FreeBSD FreeBSD 8.0-STABLE FreeBSD FreeBSD 8.0-RELEASE FreeBSD FreeBSD 7.3-STABLE FreeBSD FreeBSD 7.3-RELEASE-p1 FreeBSD FreeBSD 7.2-STABLE FreeBSD FreeBSD 7.2-RELEASE-p4 FreeBSD FreeBSD 7.2-RELEASE-p1 FreeBSD FreeBSD 7.2-RC2 FreeBSD FreeBSD 7.2-PRERELEASE FreeBSD FreeBSD 7.1-STABLE FreeBSD FreeBSD 7.1-RELEASE-p6 FreeBSD FreeBSD 7.1-RELEASE-p5 FreeBSD FreeBSD 7.1-RELEASE-p4 FreeBSD FreeBSD 7.1 Rc1 FreeBSD FreeBSD 7.1 -RELEASE-p2 FreeBSD FreeBSD 7.1 -RELEASE-p1 FreeBSD FreeBSD 7.1 -PRE-RELEASE FreeBSD FreeBSD 7.1 FreeBSD FreeBSD 7.0-STABLE FreeBSD FreeBSD 7.0-RELEASE-p8 FreeBSD FreeBSD 7.0-RELEASE-p3 FreeBSD FreeBSD 7.0-RELEASE-p12 FreeBSD FreeBSD 7.0-RELEASE-p11 FreeBSD FreeBSD 7.0-RELEASE FreeBSD FreeBSD 7.0 BETA4 FreeBSD FreeBSD 7.0 -RELENG FreeBSD FreeBSD 7.0 -RELEASE-p9 FreeBSD FreeBSD 7.0 -PRERELEASE FreeBSD FreeBSD 7.0 FreeBSD FreeBSD 6.4-RELENG FreeBSD FreeBSD 6.4-RELEASE-p5 FreeBSD FreeBSD 6.4-RELEASE-p4 FreeBSD FreeBSD 6.4-RELEASE-p2 FreeBSD FreeBSD 6.4 -STABLE FreeBSD FreeBSD 6.4 -RELEASE-p3 FreeBSD FreeBSD 6.4 -RELEASE FreeBSD FreeBSD 6.4 FreeBSD FreeBSD 6.3-RELEASE-p11 FreeBSD FreeBSD 6.3-RELEASE-p10 FreeBSD FreeBSD 6.3 -RELENG FreeBSD FreeBSD 6.3 -RELEASE-p9 FreeBSD FreeBSD 6.3 -RELEASE-p8 FreeBSD FreeBSD 6.3 -RELEASE-p6 FreeBSD FreeBSD 6.3 FreeBSD FreeBSD 6.2 -STABLE FreeBSD FreeBSD 6.2 -RELENG FreeBSD FreeBSD 6.2 FreeBSD FreeBSD 6.1 -STABLE FreeBSD FreeBSD 6.1 -RELEASE-p10 FreeBSD FreeBSD 6.1 -RELEASE FreeBSD FreeBSD 6.1 FreeBSD FreeBSD 6.0-RELENG FreeBSD FreeBSD 6.0 -RELEASE-p5 FreeBSD FreeBSD 6.0 FreeBSD FreeBSD 5.5 FreeBSD FreeBSD 5.4-STABLE FreeBSD FreeBSD 5.4 FreeBSD FreeBSD 5.2.1 FreeBSD FreeBSD 4.11 FreeBSD FreeBSD 4.10-PRERELEASE FreeBSD FreeBSD 3.x FreeBSD FreeBSD 2.x FreeBSD FreeBSD 2.2.1 FreeBSD FreeBSD 2.0.1 FreeBSD FreeBSD 1.5 FreeBSD FreeBSD 1.2 FreeBSD FreeBSD 1.1 FreeBSD FreeBSD 1.0 FreeBSD FreeBSD 0.4 1 FreeBSD FreeBSD -current Cosmicperl Directory Pro 10.0.3 Apple Mac OS X Server 10.6.6 Apple Mac OS X Server 10.6.5 Apple Mac OS X Server 10.6.5 Apple Mac OS X Server 10.6.4 Apple Mac OS X Server 10.6.3 Apple Mac OS X Server 10.6.2 Apple Mac OS X Server 10.6.1 Apple Mac OS X Server 10.5.8 Apple Mac OS X Server 10.5.7 Apple Mac OS X Server 10.5.6 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.5 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 Apple Mac Os X Server 10.6.7 Apple Mac OS X Server 10.6 Apple Mac OS X Server 10.5 Apple Mac OS X 10.6.5 Apple Mac OS X 10.6.4 Apple Mac OS X 10.6.3 Apple Mac OS X 10.6.2 Apple Mac OS X 10.6.1 Apple Mac OS X 10.5.8 Apple Mac OS X 10.5.7 Apple Mac OS X 10.5.6 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.5 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.0.4 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0 3 Apple Mac OS X 10.0 Apple Mac OS X 10.6 Apple Mac OS X 10.5 用户可参考如下测试方法： http://www.securityfocus.com/data/vulnerabilities/exploits/47123.zip 临时解决方案受影响的服务器和设备可使用报文过滤器来阻止受影响代码执行，如在使用ipfw的系统上，可采用如下规则： # ipfw add deny proto ipcomp 在其他BSD系统上，可通过pfctl规则来代替。厂商解决方案 NetBSD系统用户可参考如下供应商提供安全补丁： http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?rev=1.36&content-type=text/x-cvsweb-markup&only_with_tag=MAIN

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™