Hola a t2!
Estoy investigando sobre la vulnerabilidad que afecta al kernel de Linux: CVE-2017-6074, concretamente afecta si el el kernel es construido con CONFIG_IP_DCCP para que la vulnerabilidad esté presente. Muchas de las distribuciones modernas permiten esta opción por defecto.
La duda es saber si mi sistema está afectado por esta vulnerabilidad.
Desconozco la forma de saber si mi distro está construido con CONFIG_IP_DCCP, y tampoco localizo el fichero /net/dccp/input.c .
Esta es la versión de mi sistema y los ficheros que tengo relacionados con dccp son:
Red Hat Enterprise Linux Server release 6.6 (Santiago)
# locate dccp
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/dccp
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/dccp/dccp.ko
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/dccp/dccp_diag.ko
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/dccp/dccp_ipv4.ko
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/dccp/dccp_ipv6.ko
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/dccp/dccp_probe.ko
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/ipv4/netfilter/nf_nat_proto_dccp.ko
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/netfilter/nf_conntrack_proto_dccp.ko
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/netfilter/xt_dccp.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/dccp
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/dccp/dccp.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/dccp/dccp_diag.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/dccp/dccp_ipv4.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/dccp/dccp_ipv6.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/dccp/dccp_probe.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/ipv4/netfilter/nf_nat_proto_dccp.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/netfilter/nf_conntrack_proto_dccp.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/netfilter/xt_dccp.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/dccp
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/dccp/dccp.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/dccp/dccp_diag.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/dccp/dccp_ipv4.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/dccp/dccp_ipv6.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/dccp/dccp_probe.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/ipv4/netfilter/nf_nat_proto_dccp.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/netfilter/nf_conntrack_proto_dccp.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/netfilter/xt_dccp.ko
/lib64/xtables/libxt_dccp.so
/lib64/xtables-1.4.7/libxt_dccp.so
/usr/include/linux/dccp.h
/usr/include/linux/netfilter/xt_dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/inet/dccp
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/inet/dccp/diag.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/ip/dccp
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/ip/dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/ip/dccp/ccid3
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/ip/dccp/ccid3.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/ip/dccp/tfrc
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/ip/dccp/ccid3/rto.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/ip/dccp/tfrc/lib.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/net/dccpprobe.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/netfilter/xt/match/dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/nf/ct/proto/dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/nf/nat/proto/dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/linux/dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/linux/netfilter/nf_conntrack_dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/linux/netfilter/xt_dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/net/netns/dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/net/dccp
/usr/src/kernels/2.6.32-504.el6.x86_64/net/dccp/Kconfig
/usr/src/kernels/2.6.32-504.el6.x86_64/net/dccp/Makefile
/usr/src/kernels/2.6.32-504.el6.x86_64/net/dccp/ccids
/usr/src/kernels/2.6.32-504.el6.x86_64/net/dccp/ccids/Kconfig
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/inet/dccp
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/inet/dccp/diag.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/ip/dccp
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/ip/dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/ip/dccp/ccid3
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/ip/dccp/ccid3.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/ip/dccp/tfrc
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/ip/dccp/ccid3/rto.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/ip/dccp/tfrc/lib.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/net/dccpprobe.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/netfilter/xt/match/dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/nf/ct/proto/dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/nf/nat/proto/dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/linux/dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/linux/netfilter/nf_conntrack_dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/linux/netfilter/xt_dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/net/netns/dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/net/dccp
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/net/dccp/Kconfig
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/net/dccp/Makefile
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/net/dccp/ccids
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/net/dccp/ccids/Kconfig
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/inet/dccp
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/inet/dccp/diag.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/ip/dccp
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/ip/dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/ip/dccp/ccid3
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/ip/dccp/ccid3.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/ip/dccp/tfrc
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/ip/dccp/ccid3/rto.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/ip/dccp/tfrc/lib.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/net/dccpprobe.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/netfilter/xt/match/dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/nf/ct/proto/dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/nf/nat/proto/dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/linux/dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/linux/netfilter/nf_conntrack_dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/linux/netfilter/xt_dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/net/netns/dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/net/dccp
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/net/dccp/Kconfig
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/net/dccp/Makefile
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/net/dccp/ccids
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/net/dccp/ccids/Kconfig
Veo mención a dccp, pero desconozco si mi sistema está usandolo y si tengo afectación para saber si necesito aplicar el parche facilitado por Red Hat.
Alguien por aquí que me pueda aportar algo de ayuda?
muchas gracias de antemano, salu2
Estoy investigando sobre la vulnerabilidad que afecta al kernel de Linux: CVE-2017-6074, concretamente afecta si el el kernel es construido con CONFIG_IP_DCCP para que la vulnerabilidad esté presente. Muchas de las distribuciones modernas permiten esta opción por defecto.
La duda es saber si mi sistema está afectado por esta vulnerabilidad.
Desconozco la forma de saber si mi distro está construido con CONFIG_IP_DCCP, y tampoco localizo el fichero /net/dccp/input.c .
Esta es la versión de mi sistema y los ficheros que tengo relacionados con dccp son:
Red Hat Enterprise Linux Server release 6.6 (Santiago)
# locate dccp
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/dccp
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/dccp/dccp.ko
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/dccp/dccp_diag.ko
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/dccp/dccp_ipv4.ko
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/dccp/dccp_ipv6.ko
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/dccp/dccp_probe.ko
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/ipv4/netfilter/nf_nat_proto_dccp.ko
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/netfilter/nf_conntrack_proto_dccp.ko
/lib/modules/2.6.32-504.el6.x86_64/kernel/net/netfilter/xt_dccp.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/dccp
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/dccp/dccp.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/dccp/dccp_diag.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/dccp/dccp_ipv4.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/dccp/dccp_ipv6.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/dccp/dccp_probe.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/ipv4/netfilter/nf_nat_proto_dccp.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/netfilter/nf_conntrack_proto_dccp.ko
/lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/netfilter/xt_dccp.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/dccp
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/dccp/dccp.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/dccp/dccp_diag.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/dccp/dccp_ipv4.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/dccp/dccp_ipv6.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/dccp/dccp_probe.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/ipv4/netfilter/nf_nat_proto_dccp.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/netfilter/nf_conntrack_proto_dccp.ko
/lib/modules/2.6.32-642.6.2.el6.x86_64/kernel/net/netfilter/xt_dccp.ko
/lib64/xtables/libxt_dccp.so
/lib64/xtables-1.4.7/libxt_dccp.so
/usr/include/linux/dccp.h
/usr/include/linux/netfilter/xt_dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/inet/dccp
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/inet/dccp/diag.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/ip/dccp
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/ip/dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/ip/dccp/ccid3
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/ip/dccp/ccid3.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/ip/dccp/tfrc
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/ip/dccp/ccid3/rto.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/ip/dccp/tfrc/lib.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/net/dccpprobe.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/netfilter/xt/match/dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/nf/ct/proto/dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/config/nf/nat/proto/dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/linux/dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/linux/netfilter/nf_conntrack_dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/linux/netfilter/xt_dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/include/net/netns/dccp.h
/usr/src/kernels/2.6.32-504.el6.x86_64/net/dccp
/usr/src/kernels/2.6.32-504.el6.x86_64/net/dccp/Kconfig
/usr/src/kernels/2.6.32-504.el6.x86_64/net/dccp/Makefile
/usr/src/kernels/2.6.32-504.el6.x86_64/net/dccp/ccids
/usr/src/kernels/2.6.32-504.el6.x86_64/net/dccp/ccids/Kconfig
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/inet/dccp
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/inet/dccp/diag.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/ip/dccp
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/ip/dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/ip/dccp/ccid3
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/ip/dccp/ccid3.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/ip/dccp/tfrc
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/ip/dccp/ccid3/rto.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/ip/dccp/tfrc/lib.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/net/dccpprobe.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/netfilter/xt/match/dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/nf/ct/proto/dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/config/nf/nat/proto/dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/linux/dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/linux/netfilter/nf_conntrack_dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/linux/netfilter/xt_dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/include/net/netns/dccp.h
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/net/dccp
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/net/dccp/Kconfig
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/net/dccp/Makefile
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/net/dccp/ccids
/usr/src/kernels/2.6.32-642.6.1.el6.x86_64/net/dccp/ccids/Kconfig
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/inet/dccp
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/inet/dccp/diag.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/ip/dccp
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/ip/dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/ip/dccp/ccid3
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/ip/dccp/ccid3.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/ip/dccp/tfrc
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/ip/dccp/ccid3/rto.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/ip/dccp/tfrc/lib.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/net/dccpprobe.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/netfilter/xt/match/dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/nf/ct/proto/dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/config/nf/nat/proto/dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/linux/dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/linux/netfilter/nf_conntrack_dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/linux/netfilter/xt_dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/include/net/netns/dccp.h
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/net/dccp
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/net/dccp/Kconfig
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/net/dccp/Makefile
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/net/dccp/ccids
/usr/src/kernels/2.6.32-642.6.2.el6.x86_64/net/dccp/ccids/Kconfig
Veo mención a dccp, pero desconozco si mi sistema está usandolo y si tengo afectación para saber si necesito aplicar el parche facilitado por Red Hat.
Alguien por aquí que me pueda aportar algo de ayuda?
muchas gracias de antemano, salu2