漏洞起因
异常条件处理失败错误
危险等级
中
影响系统
Kaspersky Internet Security 13.x
不受影响系统
危害
远程攻击者可以利用漏洞可使系统崩溃。
攻击所需条件
攻击者必须访问Kaspersky Internet Security所在系统。
漏洞信息
Kaspersky Internet Security是一款卡巴斯基发行的安全解决方案。
Kaspersky Internet Security在处理某些IPv6通信时存在一个错误,允许攻击者利用漏洞发送特制的报文使得系统变得不稳定。
测试方法
厂商解决方案
目前厂商还没有提供此漏洞的相关补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.kaspersky.com/kaspersky_internet_security
漏洞提供者
Marc Heuse
==============================================================================================
I usually do not write security advisories unless absolutely necessary.
This time I should, however I have neither the time, nor the desire to
do so.
But Kaspersky did not react, so … quick and dirty:
Kaspersky Internet Security 2013 (and any other Kaspersky product which
includes the firewall funcionality) is susceptible to a remote system
freeze.
As of the 3rd March 2013, the bug is still unfixed.
If IPv6 connectivity to a victim is possible (which is always the case
on local networks), a fragmented packet with multiple but one large
extension header leads to a complete freeze of the operating system.
No log message or warning window is generated, nor is the system able to
perform any task.
To test:
1. download the thc-ipv6 IPv6 protocol attack suite for Linux from
www.thc.org/thc-ipv6
2. compile the tools with “make”
3. run the following tool on the target:
firewall6
where interface is the network interface (e.g. eth0)
target is the IPv6 address of the victim (e.g. ff02::1)
port is any tcp port, doesnt matter which (e.g. 80)
and 19 is the test case number.
The test case numbers 18, 19, 20 and 21 lead to a remote system freeze.
Solution: Remove the Kaspersky Anti-Virus NDIS 6 Filter from all network
interfaces or uninstall the Kaspersky software until a fix is provided.
The bug was reported to Kaspersky first on the 21st January 2013, then
reminded on the 14th Feburary 2013.
No feedback was given by Kaspersky, and the reminder contained a warning
that without feedback the bug would be disclosed on this day. So here we
are.
Greets,
Marc Heuse
—
Marc Heuse
www.mh-sec.de
PGP: FEDD 5B50 C087 F8DF 5CB9 876F 7FDD E533 BF4F 891A
评论关闭。