Securité : Dirty Frag
De www.yakakliker.org
CVE-2026-43284
Liens
- https://github.com/V4bel/dirtyfrag/tree/master
- https://seclists.org/oss-sec/2026/q2/430
- https://itcc.uni-koeln.de/en/services/information-security/it-security/vulnerability-cve-2026-43284-dirty-frag
- https://www.bortzmeyer.org/dirtyfrag.html
- https://github.com/odoucet/copyfail-dirtyfrag-blocker
Test de vulnérabilité
python3 - <<'PY'
import socket
tests = [
("AF_ALG", 38, socket.SOCK_SEQPACKET, 0),
("AF_RXRPC", 33, socket.SOCK_DGRAM, 0),
("NETLINK_XFRM", socket.AF_NETLINK, socket.SOCK_RAW, 6),
]
for name, family, typ, proto in tests:
try:
s = socket.socket(family, typ, proto)
s.close()
print(f"FAIL: {name} authorized")
except OSError as e:
print(f"OK: {name} blocked or unavailable: errno={e.errno} {e}")
PY
- Normalement vous devriez avoir ceci si vous êtes protégé :
OK: AF_ALG blocked or unavailable: errno=1 [Errno 1] Operation not permitted
OK: AF_RXRPC blocked or unavailable: errno=1 [Errno 1] Operation not permitted
OK: NETLINK_XFRM blocked or unavailable: errno=1 [Errno 1] Operation not permitted
- sinon vous obtiendrez quelque chose comme ceci :
FAIL: AF_ALG authorized
OK: AF_RXRPC blocked or unavailable: errno=93 [Errno 93] Protocol not supported
FAIL: NETLINK_XFRM authorized
Contournement
sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"
Sur Ubuntu :
Step 1 – block the modules:
Block the modules by creating a /etc/modprobe.d/dirty-frag.conf file:
echo "install esp4 /bin/false" | sudo tee /etc/modprobe.d/dirty-frag.conf
echo "install esp6 /bin/false" | sudo tee -a /etc/modprobe.d/dirty-frag.conf
echo "install rxrpc /bin/false" | sudo tee -a /etc/modprobe.d/dirty-frag.conf
Regenerate the initramfs images, to prevent the modules from being loaded during early boot:
sudo update-initramfs -u -k all
Step 2 – unload modules:
Unload the modules, in case they are already loaded:
sudo rmmod esp4 esp6 rxrpc 2>/dev/null
Step 3 – confirm the modules aren’t loaded:
Check whether the modules are still loaded:
grep -qE '^(esp4|esp6|rxrpc) ' /proc/modules && echo "Affected modules are loaded" || echo "Affected modules are NOT loaded"
If the previous action indicates that the modules are not loaded, no further action is required. However, unloading the modules may not be possible if they are in use by applications. In these instances, a system reboot will enforce their blocking, but will affect applications:
sudo reboot
