1 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
2 |
Gentoo Linux Security Advisory GLSA 200407-12 |
3 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
4 |
http://security.gentoo.org/ |
5 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
6 |
|
7 |
Severity: High |
8 |
Title: Linux Kernel: Remote DoS vulnerability with IPTables TCP |
9 |
Handling |
10 |
Date: July 14, 2004 |
11 |
Bugs: #55694 |
12 |
ID: 200407-12 |
13 |
|
14 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
15 |
|
16 |
Synopsis |
17 |
======== |
18 |
|
19 |
A flaw has been discovered in 2.6 series Linux kernels that allows an |
20 |
attacker to send a malformed TCP packet, causing the affected kernel |
21 |
to possibly enter an infinite loop and hang the vulnerable machine. |
22 |
|
23 |
Background |
24 |
========== |
25 |
|
26 |
The Linux kernel is responsible for managing the core aspects of a |
27 |
GNU/Linux system, providing an interface for core system applications |
28 |
as well as providing the essential structure and capability to access |
29 |
hardware that is needed for a running system. |
30 |
|
31 |
Affected packages |
32 |
================= |
33 |
|
34 |
------------------------------------------------------------------- |
35 |
Kernel / Unaffected / Remerge |
36 |
------------------------------------------------------------------- |
37 |
1 aa-sources ............... >= 2.6.5-r5 ...................... YES |
38 |
2 ck-sources ............... >= 2.6.7-r2 ...................... YES |
39 |
3 gentoo-dev-sources ....... >= 2.6.7-r7 .......................... |
40 |
4 hardened-dev-sources ..... >= 2.6.7-r1 .......................... |
41 |
5 hppa-dev-sources ....... >= 2.6.7_p1-r1 ......................... |
42 |
6 mips-sources ............ *>= 2.6.4-r4 .......................... |
43 |
.......................... >= 2.6.7-r1 .......................... |
44 |
7 mm-sources ............... >= 2.6.7-r4 ...................... YES |
45 |
8 pegasos-dev-sources ...... >= 2.6.7-r1 .......................... |
46 |
9 rsbac-dev-sources ........ >= 2.6.7-r1 .......................... |
47 |
10 uclinux-sources ........ >= 2.6.7_p0-r1 ......................... |
48 |
11 usermode-sources ......... >= 2.6.6-r2 .......................... |
49 |
12 win4lin-sources .......... >= 2.6.7-r1 .......................... |
50 |
13 xbox-sources ............. >= 2.6.7-r1 .......................... |
51 |
14 development-sources ...... Vulnerable! .......................... |
52 |
------------------------------------------------------------------- |
53 |
NOTE: Some kernels are still vulnerable. Users should migrate to |
54 |
another kernel if one is available or seek another |
55 |
solution such as patching their existing kernel. |
56 |
------------------------------------------------------------------- |
57 |
NOTE: Packages marked with "Remerge" as "YES" require a re-merge |
58 |
even though Portage does not indicate a newer version! |
59 |
------------------------------------------------------------------- |
60 |
14 affected packages on all of their supported architectures. |
61 |
------------------------------------------------------------------- |
62 |
|
63 |
Description |
64 |
=========== |
65 |
|
66 |
An attacker can utilize an erroneous data type in the IPTables TCP |
67 |
option handling code, which lies in an iterator. By making a TCP packet |
68 |
with a header length larger than 127 bytes, a negative integer would be |
69 |
implied in the iterator. |
70 |
|
71 |
Impact |
72 |
====== |
73 |
|
74 |
By sending one malformed packet, the kernel could get stuck in a loop, |
75 |
consuming all of the CPU resources and rendering the machine useless, |
76 |
causing a Denial of Service. This vulnerability requires no local |
77 |
access. |
78 |
|
79 |
Workaround |
80 |
========== |
81 |
|
82 |
If users do not use the netfilter functionality or do not use any |
83 |
``--tcp-option'' rules they are not vulnerable to this exploit. Users |
84 |
that are may remove netfilter support from their kernel or may remove |
85 |
any ``--tcp-option'' rules they might be using. However, all users are |
86 |
urged to upgrade their kernels to patched versions. |
87 |
|
88 |
Resolution |
89 |
========== |
90 |
|
91 |
Users are encouraged to upgrade to the latest available sources for |
92 |
their system: |
93 |
|
94 |
# emerge sync |
95 |
# emerge -pv your-favorite-sources |
96 |
# emerge your-favorite-sources |
97 |
|
98 |
# # Follow usual procedure for compiling and installing a kernel. |
99 |
# # If you use genkernel, run genkernel as you would do normally. |
100 |
|
101 |
Availability |
102 |
============ |
103 |
|
104 |
This GLSA and any updates to it are available for viewing at |
105 |
the Gentoo Security Website: |
106 |
|
107 |
http://security.gentoo.org/glsa/glsa-200407-12.xml |
108 |
|
109 |
Concerns? |
110 |
========= |
111 |
|
112 |
Security is a primary focus of Gentoo Linux and ensuring the |
113 |
confidentiality and security of our users machines is of utmost |
114 |
importance to us. Any security concerns should be addressed to |
115 |
security@g.o or alternatively, you may file a bug at |
116 |
http://bugs.gentoo.org. |
117 |
|
118 |
License |
119 |
======= |
120 |
|
121 |
Copyright 2004 Gentoo Foundation, Inc; referenced text |
122 |
belongs to its owner(s). |
123 |
|
124 |
The contents of this document are licensed under the |
125 |
Creative Commons - Attribution / Share Alike license. |
126 |
|
127 |
http://creativecommons.org/licenses/by-sa/1.0 |