=Start=<\/p>\n
\u6f0f\u6d1e\u7f16\u53f7\uff1aCVE-2017-6074 Linux\u5185\u6838\u7248\u672c>2.6.18(2006\u5e749\u6708)\u3002\u4f46DCCP(\u6570\u636e\u62a5\u62e5\u585e\u63a7\u5236\u534f\u8bae)\u6700\u65e9\u662f\u572805\u5e7410\u6708\u7684Linux\u5185\u6838\u7248\u672c2.6.14\u4e2d\u652f\u6301\u7684\u3002\u76ee\u524d\u8be5\u6f0f\u6d1e\u4e8e2017\u5e742\u670817\u65e5\u4fee\u590d\u3002<\/p>\n Red Hat’s bug tracker provides some mitigation tactics\u00a0without<\/em>\u00a0updating the kernel and rebooting your box.<\/p>\n Recent versions of Selinux policy can mitigate this exploit. The steps below will work with SElinux enabled or disabled.<\/p>\n As the DCCP module will be auto loaded when required, its use can be disabled The system will need to be restarted if the dccp modules are loaded.<\/strong> In most circumstances the dccp kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use.<\/p>\n If you need further assistance, see this KCS article (\u00a0https:\/\/access.redhat.com\/solutions\/41278<\/a>\u00a0) or contact Red Hat Global Support Services.<\/p><\/blockquote>\n \u5347\u7ea7\u5185\u6838\u81f3\u5b89\u5168\u7248\u672c<\/p>\n https:\/\/github.com\/xairy\/kernel-exploits\/tree\/master\/CVE-2017-6074<\/a><\/p>\n Use-after-free in the IPv6 implementation of the DCCP protocol in the Linux kernel – CVE-2017-6074<\/strong> Linux kernel: CVE-2017-6074 \u2013 local privilege escalation in DCCP \u3010\u66f4\u65b0PoC\u3011\u6f5c\u4f0f11\u5e74\u7684Linux\u5185\u6838\u63d0\u6743\u6f0f\u6d1e\u66dd\u5149 http:\/\/www.openwall.com\/lists\/oss-security\/2017\/02\/26\/2<\/a><\/p>\n \u3010\u6f0f\u6d1e\u9884\u8b66\u3011\u96ea\u85cf11\u5e74\uff1aLinux kernel DCCP double-free \u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CVE-2017-6074\uff09 CVE-2017-6074\uff1aLinux\u5185\u6838\u4e2d\u5b58\u572811\u5e74\u7684\u7279\u6743\u63d0\u5347\u6f0f\u6d1e\uff08\u66f4\u65b0POC\uff09 Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root) =END=<\/p>\n","protected":false},"excerpt":{"rendered":" =Start= \u6f0f\u6d1e\u6982\u8ff0\uff1a \u6f0f\u6d1e\u7f16\u53f7\uff1aCVE-2017-6074 \u6f0f\u6d1e\u53d1\u73b0\u8005\uff1aAndrey Konovalov […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23,11,25],"tags":[454,792,30,793,37],"class_list":["post-3293","post","type-post","status-publish","format-standard","hentry","category-knowledgebase-2","category-linux","category-security","tag-cve","tag-dccp","tag-linux","tag-modprobe-d","tag-security"],"views":4797,"_links":{"self":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/3293","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/comments?post=3293"}],"version-history":[{"count":2,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/3293\/revisions"}],"predecessor-version":[{"id":3295,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/3293\/revisions\/3295"}],"wp:attachment":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/media?parent=3293"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/categories?post=3293"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/tags?post=3293"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n\u6f0f\u6d1e\u53d1\u73b0\u8005\uff1aAndrey Konovalov
\n\u6f0f\u6d1e\u5371\u5bb3\uff1a\u901a\u8fc7\u975e\u7279\u6743\u8fdb\u7a0b\u83b7\u5f97\u5185\u6838\u4ee3\u7801\u6267\u884c\u8fdb\u800c\u63d0\u5347\u6743\u9650<\/strong><\/span><\/p>\n\u5f71\u54cd\u8303\u56f4\uff1a<\/h3>\n
\u4fee\u590d\u65b9\u6848\uff1a<\/h3>\n
\u4e34\u65f6\u89c4\u907f\uff1a<\/h4>\n
\nby preventing the module from loading with the following instructions.<\/p>\n# echo \"install dccp \/bin\/true\" >> \/etc\/modprobe.d\/disable-dccp.conf\r\n<\/pre>\n
\u957f\u671f\u89e3\u51b3\uff1a<\/h4>\n
PoC\/Exp\uff1a<\/h3>\n
\u53c2\u8003\u6765\u6e90\uff1a<\/h3>\n
\nhttps:\/\/access.redhat.com\/security\/vulnerabilities\/2934281<\/a>
\nhttps:\/\/access.redhat.com\/sites\/default\/files\/cve-2017-6074-2.sh<\/a><\/p>\n
\nhttps:\/\/ma.ttias.be\/linux-kernel-cve-2017-6074-local-privilege-escalation-dccp\/<\/a><\/p>\n
\nhttp:\/\/www.freebuf.com\/news\/127620.html<\/a>
\nhttp:\/\/securityaffairs.co\/wordpress\/56566\/hacking\/cve-2017-6074-linux-flaw.html<\/a>
\nhttp:\/\/thehackernews.com\/2017\/02\/linux-kernel-local-root.html<\/a>
\nhttps:\/\/github.com\/xairy\/kernel-exploits\/tree\/master\/CVE-2017-6074<\/a><\/p>\n
\nhttp:\/\/bobao.360.cn\/learning\/detail\/3529.html<\/a>
\nhttp:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=2017-6074<\/a>
\nhttps:\/\/www.suse.com\/support\/kb\/doc?id=7018645<\/a><\/p>\n
\nhttp:\/\/www.mottoin.com\/96940.html<\/a><\/p>\n
\nhttps:\/\/news.ycombinator.com\/item?id=13705833<\/a>
\nhttps:\/\/www.reddit.com\/r\/netsec\/comments\/5vjpgj\/linux_kernel_cve20176074_dccp_doublefree\/<\/a><\/p>\n