PXE服务器DHCP包造成拒绝服务漏洞发布时间:2002-11-22 更新时间:2002-11-22 严重程度:中 威胁程度:远程拒绝服务 错误类型:意外情况处置错误 利用方式:服务器模式 BUGTRAQ ID:5596 CVE(CAN) ID:CAN-2002-0835 受影响系统 Caldera OpenLinux Server 3.1详细描述 Red Hat包含一个Preboot eXecution Environment (PXE)服务器。PXE可以用于从远程磁盘镜像重起系统。一些redhat linux的PXE在接收非法的DHCP包可以造成崩溃。 测试代码 尚无 解决方案 下载补丁: Caldera OpenLinux Workstation 3.1: SCO RPM pxe-0.1-33.i386.rpm ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-044.0/RPMS/pxe-0.1-33.i386.rpm Caldera OpenLinux Server 3.1: SCO RPM pxe-0.1-33.i386.rpm ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-044.0/RPMS/pxe-0.1-33.i386.rpm Caldera OpenLinux Server 3.1.1: SCO RPM pxe-0.1-33.i386.rpm ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-044.0/RPMS/pxe-0.1-33.i386.rpm Caldera OpenLinux Workstation 3.1.1: SCO RPM pxe-0.1-33.i386.rpm ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-044.0/RPMS/pxe-0.1-33.i386.rpm HP Secure OS software for Linux 1.0: Red Hat RPM pxe-0.1-31.99.7.3.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/pxe-0.1-31.99.7.3.i386.rpm RedHat PXE Server 0.1: Red Hat RPM pxe-0.1-31.100.6.2.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/pxe-0.1-31.100.6.2.i386.rpm Red Hat RPM pxe-0.1-31.99.7.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/pxe-0.1-31.99.7.3.i386.rpm Red Hat RPM pxe-0.1-31.99.7.3.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/pxe-0.1-31.99.7.3.i386.rpm Red Hat RPM pxe-0.1-31.99.7.3.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/pxe-0.1-31.99.7.3.i386.rpm Red Hat RPM pxe-0.1-31.99.7.3.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/pxe-0.1-31.99.7.3.i386.rpm 相关信息 CSSA-2002-044.0: Linux: Preboot eXecution Environment (PXE) server denial-of-service attacks http://online.securityfocus.com/advisories/4659 HPSBTL0209-066: Security vulnerability in PXE package http://online.securityfocus.com/advisories/4449 RHSA |
