« Securité : Dirty Frag » : différence entre les versions
De www.yakakliker.org
Aucun résumé des modifications |
Aucun résumé des modifications |
||
| (Une version intermédiaire par le même utilisateur non affichée) | |||
| Ligne 10 : | Ligne 10 : | ||
==== Test de vulnérabilité ==== | ==== Test de vulnérabilité ==== | ||
===== Liens ===== | |||
* https://github.com/odoucet/copyfail-dirtyfrag-blocker | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
python3 - <<'PY' | python3 - <<'PY' | ||
| Ligne 45 : | Ligne 50 : | ||
</syntaxhighlight> | </syntaxhighlight> | ||
==== | ==== Sécurisation ==== | ||
* https://github.com/V4bel/dirtyfrag | * https://github.com/V4bel/dirtyfrag | ||
Dernière version du 11 mai 2026 à 11:38
CVE-2026-43284
Liens
- https://github.com/V4bel/dirtyfrag/tree/master
- https://seclists.org/oss-sec/2026/q2/430
- https://itcc.uni-koeln.de/en/services/information-security/it-security/vulnerability-cve-2026-43284-dirty-frag
- https://www.bortzmeyer.org/dirtyfrag.html
- https://github.com/odoucet/copyfail-dirtyfrag-blocker
Test de vulnérabilité
Liens
python3 - <<'PY'
import socket
tests = [
("AF_ALG", 38, socket.SOCK_SEQPACKET, 0),
("AF_RXRPC", 33, socket.SOCK_DGRAM, 0),
("NETLINK_XFRM", socket.AF_NETLINK, socket.SOCK_RAW, 6),
]
for name, family, typ, proto in tests:
try:
s = socket.socket(family, typ, proto)
s.close()
print(f"FAIL: {name} authorized")
except OSError as e:
print(f"OK: {name} blocked or unavailable: errno={e.errno} {e}")
PY
- Normalement vous devriez avoir ceci si vous êtes protégé :
OK: AF_ALG blocked or unavailable: errno=1 [Errno 1] Operation not permitted
OK: AF_RXRPC blocked or unavailable: errno=1 [Errno 1] Operation not permitted
OK: NETLINK_XFRM blocked or unavailable: errno=1 [Errno 1] Operation not permitted
- sinon vous obtiendrez quelque chose comme ceci :
FAIL: AF_ALG authorized
OK: AF_RXRPC blocked or unavailable: errno=93 [Errno 93] Protocol not supported
FAIL: NETLINK_XFRM authorized
Sécurisation
sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"
Sur Ubuntu :
Step 1 – block the modules:
Block the modules by creating a /etc/modprobe.d/dirty-frag.conf file:
echo "install esp4 /bin/false" | sudo tee /etc/modprobe.d/dirty-frag.conf
echo "install esp6 /bin/false" | sudo tee -a /etc/modprobe.d/dirty-frag.conf
echo "install rxrpc /bin/false" | sudo tee -a /etc/modprobe.d/dirty-frag.conf
Regenerate the initramfs images, to prevent the modules from being loaded during early boot:
sudo update-initramfs -u -k all
Step 2 – unload modules:
Unload the modules, in case they are already loaded:
sudo rmmod esp4 esp6 rxrpc 2>/dev/null
Step 3 – confirm the modules aren’t loaded:
Check whether the modules are still loaded:
grep -qE '^(esp4|esp6|rxrpc) ' /proc/modules && echo "Affected modules are loaded" || echo "Affected modules are NOT loaded"
If the previous action indicates that the modules are not loaded, no further action is required. However, unloading the modules may not be possible if they are in use by applications. In these instances, a system reboot will enforce their blocking, but will affect applications:
sudo reboot
