{"id":2836,"date":"2019-06-28T10:09:51","date_gmt":"2019-06-28T02:09:51","guid":{"rendered":"https:\/\/www.baishitou.cn\/?p=2836"},"modified":"2019-12-19T23:08:05","modified_gmt":"2019-12-19T15:08:05","slug":"linux-tcp-sack-panic-%e8%bf%9c%e7%a8%8b%e6%8b%92%e7%bb%9d%e6%9c%8d%e5%8a%a1%e6%bc%8f%e6%b4%9e%e5%8f%8a%e4%bf%ae%e5%a4%8d","status":"publish","type":"post","link":"https:\/\/www.baishitou.cn\/2836.html","title":{"rendered":"Linux TCP &#8220;SACK PANIC&#8221; \u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u53ca\u4fee\u590d"},"content":{"rendered":"<p>\u8fd1\u65e5<strong>Linux \u5185\u6838\u88ab\u66dd\u5b58\u5728TCP \u201cSACK PANIC\u201d \u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08\u6f0f\u6d1e\u7f16\u53f7\uff1aCVE-2019-11477,CVE-2019-11478,CVE-2019-11479\uff09<\/strong>\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdc\u7a0b\u653b\u51fb\u76ee\u6807\u670d\u52a1\u5668\uff0c\u5bfc\u81f4\u7cfb\u7edf\u5d29\u6e83\u6216\u65e0\u6cd5\u63d0\u4f9b\u670d\u52a1\u3002<\/p>\n<p><strong>\u3010\u6f0f\u6d1e\u8be6\u60c5\u3011<\/strong><\/p>\n<p>\u8fd1\u65e5\u53d1\u73b0 Linux \u4ee5\u53ca FreeBSD \u7b49\u7cfb\u7edf\u5185\u6838\u4e0a\u5b58\u5728\u4e25\u91cd<a title=\"https:\/\/github.com\/Netflix\/security-bulletins\/blob\/master\/advisories\/third-party\/2019-001.md\" href=\"https:\/\/github.com\/Netflix\/security-bulletins\/blob\/master\/advisories\/third-party\/2019-001.md\"><strong>\u8fdc\u7a0bDoS\u6f0f\u6d1e<\/strong><\/a>\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6784\u9020\u5e76\u53d1\u9001\u7279\u5b9a\u7684 SACK \u5e8f\u5217\u8bf7\u6c42\u5230\u76ee\u6807\u670d\u52a1\u5668\u5bfc\u81f4\u670d\u52a1\u5668\u5d29\u6e83\u6216\u62d2\u7edd\u670d\u52a1\u3002<\/p>\n<p><strong>\u3010\u98ce\u9669\u7b49\u7ea7\u3011<\/strong><\/p>\n<p><span style=\"color: #ff0000;\"><strong>\u9ad8\u98ce\u9669<\/strong><\/span><\/p>\n<p><strong>\u3010\u6f0f\u6d1e\u98ce\u9669\u3011<\/strong><\/p>\n<p>\u8fdc\u7a0b\u53d1\u9001\u7279\u6b8a\u6784\u9020\u7684\u653b\u51fb\u5305\uff0c\u5bfc\u81f4\u76ee\u6807 Linux \u6216 FreeBSD \u670d\u52a1\u5668\u5d29\u6e83\u6216\u670d\u52a1\u4e0d\u53ef\u7528\u3002<\/p>\n<p><strong>\u3010\u5f71\u54cd\u7248\u672c\u3011<\/strong><\/p>\n<p>\u76ee\u524d\u5df2\u77e5\u53d7\u5f71\u54cd\u7248\u672c\u5982\u4e0b\uff1a<\/p>\n<p>FreeBSD 12\uff08\u4f7f\u7528\u5230 RACK TCP \u534f\u8bae\u6808\uff09<\/p>\n<p>CentOS 5\uff08Redhat \u5b98\u65b9\u5df2\u505c\u6b62\u652f\u6301\uff0c\u4e0d\u518d\u63d0\u4f9b\u8865\u4e01\uff09<\/p>\n<p>CentOS 6<\/p>\n<p>CentOS 7<\/p>\n<p>Ubuntu 18.04 LTS<\/p>\n<p>Ubuntu 16.04 LTS<\/p>\n<p>Ubuntu 19.04<\/p>\n<p>Ubuntu 18.10<\/p>\n<p><strong>\u3010\u5b89\u5168\u7248\u672c\u3011<\/strong><\/p>\n<p>\u5404\u5927Linux\u53d1\u884c\u5382\u5546\u5df2\u53d1\u5e03\u5185\u6838\u4fee\u590d\u8865\u4e01\uff0c\u8be6\u7ec6\u5185\u6838\u4fee\u590d\u7248\u672c\u5982\u4e0b\uff1a<\/p>\n<p>CentOS 6 \uff1a2.6.32-754.15.3<\/p>\n<p>CentOS 7 \uff1a3.10.0-957.21.3<\/p>\n<p>Ubuntu 18.04 LTS\uff1a4.15.0-52.56<\/p>\n<p>Ubuntu 16.04 LTS\uff1a4.4.0-151.178<\/p>\n<p><strong>\u3010\u4fee\u590d\u5efa\u8bae\u3011<\/strong><\/p>\n<p>\u8bf7\u53c2\u7167\u4e0a\u8ff0\u3010\u5b89\u5168\u7248\u672c\u3011\u5347\u7ea7\u60a8\u7684 Linux \u670d\u52a1\u5668\u5185\u6838\uff0c\u53c2\u8003\u64cd\u4f5c\u5982\u4e0b\uff1a<\/p>\n<h2><strong>\u63a8\u8350\u65b9\u6848\uff1a\u3010CentOS 6\/7 \u7cfb\u5217\u7528\u6237\u3011<\/strong><\/h2>\n<p>1\uff09yum clean all &amp;&amp; yum makecache\uff0c\u8fdb\u884c\u8f6f\u4ef6\u6e90\u66f4\u65b0\uff1b<br \/>\n2\uff09yum update kernel \u00a0-y\uff0c\u66f4\u65b0\u5f53\u524d\u5185\u6838\u7248\u672c;<br \/>\n3\uff09reboot\uff0c\u66f4\u65b0\u540e\u91cd\u542f\u7cfb\u7edf\u751f\u6548;<br \/>\n4\uff09uname -a\uff0c\u68c0\u67e5\u5f53\u524d\u7248\u672c\u662f\u5426\u4e3a\u4e0a\u8ff0\u3010\u5b89\u5168\u7248\u672c\u3011\uff0c\u5982\u679c\u662f\uff0c\u5219\u8bf4\u660e\u4fee\u590d\u6210\u529f\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/www.baishitou.cn\/wp-content\/uploads\/2019\/06\/j20190701114950.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2838\" src=\"https:\/\/www.baishitou.cn\/wp-content\/uploads\/2019\/06\/j20190701114950.jpg\" alt=\"\" width=\"370\" height=\"159\" srcset=\"https:\/\/www.baishitou.cn\/wp-content\/uploads\/2019\/06\/j20190701114950.jpg 370w, https:\/\/www.baishitou.cn\/wp-content\/uploads\/2019\/06\/j20190701114950-300x129.jpg 300w\" sizes=\"auto, (max-width: 370px) 100vw, 370px\" \/><\/a><\/p>\n<h2><strong>\u63a8\u8350\u65b9\u6848<\/strong>\uff1a<strong>\u3010Ubuntu 16.04\/18.04 LTS \u7cfb\u5217\u7528\u6237\u3011<\/strong><\/h2>\n<p>1\uff09sudo apt-get update &amp;&amp; sudo apt-get install linux-image-generic\uff0c\u8fdb\u884c\u8f6f\u4ef6\u6e90\u66f4\u65b0\u5e76\u5b89\u88c5\u6700\u65b0\u5185\u6838\u7248\u672c\uff1b<br \/>\n2\uff09sudo reboot\uff0c\u66f4\u65b0\u540e\u91cd\u542f\u7cfb\u7edf\u751f\u6548\uff1b<br \/>\n3\uff09uname -a\uff0c\u68c0\u67e5\u5f53\u524d\u7248\u672c\u662f\u5426\u4e3a\u3010\u5b89\u5168\u7248\u672c\u3011\uff0c\u5982\u679c\u662f\uff0c\u5219\u8bf4\u660e\u4fee\u590d\u6210\u529f\u3002<\/p>\n<h2><strong>\u4e34\u65f6\u7f13\u89e3\u65b9\u6848\uff1a<\/strong>\u5982\u7528\u6237\u4e0d\u65b9\u4fbf\u91cd\u542f\u8fdb\u884c\u5185\u6838\u8865\u4e01\u66f4\u65b0\uff0c\u53ef\u9009\u62e9\u5982\u4e0b\u65b9\u5f0f\u7981\u7528\u5185\u6838SACK\u914d\u7f6e\u9632\u8303\u6f0f\u6d1e\u5229\u7528\uff0c\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u5373\u53ef\uff1a<\/h2>\n<p>1\uff09echo 'net.ipv4.tcp_sack = 0' &gt;&gt; \/etc\/sysctl.conf \uff0c\u7981\u7528 SACK \u914d\u7f6e\uff1b<\/p>\n<p>2\uff09sysctl -p \uff0c\u91cd\u8f7d\u914d\u7f6e\uff0c\u4f7f\u5176\u751f\u6548\u3002<\/p>\n<p><strong>\u3010\u6f0f\u6d1e\u53c2\u8003\u3011<\/strong><\/p>\n<p>1\uff09\u5b98\u65b9\u901a\u544a\uff1a<a href=\"https:\/\/github.com\/Netflix\/security-bulletins\/blob\/master\/advisories\/third-party\/2019-001.md\"><strong>https:\/\/github.com\/Netflix\/security-bulletins\/blob\/master\/advisories\/third-party\/2019-001.md<\/strong><\/a><\/p>\n<p>2\uff09\u793e\u533a\u53c2\u8003\uff1a<strong><a href=\"https:\/\/www.openwall.com\/lists\/oss-security\/2019\/06\/17\/5\">https:\/\/www.openwall.com\/lists\/oss-security\/2019\/06\/17\/5<\/a><\/strong><\/p>\n<p>3\uff09\u7ea2\u5e3d\u516c\u544a\uff1a<strong><a href=\"https:\/\/access.redhat.com\/security\/vulnerabilities\/tcpsack\">https:\/\/access.redhat.com\/security\/vulnerabilities\/tcpsack<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u8fd1\u65e5Linux \u5185\u6838\u88ab\u66dd\u5b58\u5728TCP \u201cSACK PANIC\u201d \u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08\u6f0f\u6d1e\u7f16\u53f7\uff1aCVE-2019-1 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,2],"tags":[337],"class_list":["post-2836","post","type-post","status-publish","format-standard","hentry","category-jiaocheng","category-wljs","tag-linux"],"_links":{"self":[{"href":"https:\/\/www.baishitou.cn\/wp-json\/wp\/v2\/posts\/2836","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.baishitou.cn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.baishitou.cn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.baishitou.cn\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.baishitou.cn\/wp-json\/wp\/v2\/comments?post=2836"}],"version-history":[{"count":0,"href":"https:\/\/www.baishitou.cn\/wp-json\/wp\/v2\/posts\/2836\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.baishitou.cn\/wp-json\/wp\/v2\/media?parent=2836"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.baishitou.cn\/wp-json\/wp\/v2\/categories?post=2836"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.baishitou.cn\/wp-json\/wp\/v2\/tags?post=2836"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}