- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200407-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Linux Kernel: Remote DoS vulnerability with IPTables TCP Handling Date: July 14, 2004 Bugs: #55694 ID: 200407-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A flaw has been discovered in 2.6 series Linux kernels that allows an attacker to send a malformed TCP packet, causing the affected kernel to possibly enter an infinite loop and hang the vulnerable machine. Background ========== The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system. Affected packages ================= ------------------------------------------------------------------- Kernel / Unaffected / Remerge ------------------------------------------------------------------- 1 aa-sources ............... >= 2.6.5-r5 ...................... YES 2 ck-sources ............... >= 2.6.7-r2 ...................... YES 3 gentoo-dev-sources ....... >= 2.6.7-r7 .......................... 4 hardened-dev-sources ..... >= 2.6.7-r1 .......................... 5 hppa-dev-sources ....... >= 2.6.7_p1-r1 ......................... 6 mips-sources ............ *>= 2.6.4-r4 .......................... .......................... >= 2.6.7-r1 .......................... 7 mm-sources ............... >= 2.6.7-r4 ...................... YES 8 pegasos-dev-sources ...... >= 2.6.7-r1 .......................... 9 rsbac-dev-sources ........ >= 2.6.7-r1 .......................... 10 uclinux-sources ........ >= 2.6.7_p0-r1 ......................... 11 usermode-sources ......... >= 2.6.6-r2 .......................... 12 win4lin-sources .......... >= 2.6.7-r1 .......................... 13 xbox-sources ............. >= 2.6.7-r1 .......................... 14 development-sources ...... Vulnerable! .......................... ------------------------------------------------------------------- NOTE: Some kernels are still vulnerable. Users should migrate to another kernel if one is available or seek another solution such as patching their existing kernel. ------------------------------------------------------------------- NOTE: Packages marked with "Remerge" as "YES" require a re-merge even though Portage does not indicate a newer version! ------------------------------------------------------------------- 14 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== An attacker can utilize an erroneous data type in the IPTables TCP option handling code, which lies in an iterator. By making a TCP packet with a header length larger than 127 bytes, a negative integer would be implied in the iterator. Impact ====== By sending one malformed packet, the kernel could get stuck in a loop, consuming all of the CPU resources and rendering the machine useless, causing a Denial of Service. This vulnerability requires no local access. Workaround ========== If users do not use the netfilter functionality or do not use any ``--tcp-option'' rules they are not vulnerable to this exploit. Users that are may remove netfilter support from their kernel or may remove any ``--tcp-option'' rules they might be using. However, all users are urged to upgrade their kernels to patched versions. Resolution ========== Users are encouraged to upgrade to the latest available sources for their system: # emerge sync # emerge -pv your-favorite-sources # emerge your-favorite-sources # # Follow usual procedure for compiling and installing a kernel. # # If you use genkernel, run genkernel as you would do normally. Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200407-12.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@xxxxxxxxxx or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/1.0
Attachment:
signature.asc
Description: OpenPGP digital signature