LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   2.6 DoS Vulnerability! (https://www.linuxquestions.org/questions/linux-security-4/2-6-dos-vulnerability-245871/)

/bin/bash 10-22-2004 04:34 AM
2.6 DoS Vulnerability!
 
Turn off iptables logging now until the fix (update to kernel >= 2.6.8) is made.

The story appeared on TheAge

Quote:
Linux users running a 2.6 series kernel and using iptables for firewalling have been advised to upgrade to fix a bug which could be exploited remotely to cause a denial of service.

The bug, discovered by Richard Hart, does not affect the 2.4 series kernel.

It is caused by an integer underflow problem in the iptables firewall logging rules and can allow a remote attacker to crash the machine by using a handcrafted IP packet.

The attack is only possible if firewalling is enabled in the kernel.

An advisory from Linux company SUSE said a workaround was to disable firewall logging of IP and TCP options.

However, a kernel update was recommended, the advisory said.

HERE is the security announcement from Suse.

Capt_Caveman 10-23-2004 11:33 AM
Additional advisory info: http://secunia.com/advisories/11202/

TruckStuff 10-23-2004 06:46 PM
Re: 2.6 DoS Vulnerability!
 
Quote:
Originally posted by /bin/bash
The attack is only possible if firewalling is enabled in the kernel.
So does that mean that if iptables is loaded as a module (i.e. not built in to the kernel), you aren't vulnerable?

unSpawn 10-24-2004 03:18 AM
So does that mean that if iptables is loaded as a module (i.e. not built in to the kernel), you aren't vulnerable?
You are vulnerable.

It apparently is about the part of the Netfilter framework code that logs (IP and TCP) protocol options.
Therefore it does not matter if it is built in into the kernel or loaded as module.

Upgrading the kernel is your only option.
The workaround is to disable all logging of IP and TCP options (see SuSE advisory).

TruckStuff 10-24-2004 01:42 PM
Another fun day spend upgrading kernels on multiple servers. :rolleyes:

qwijibow 10-25-2004 12:55 PM
Edit: oops... already been answered.. ignore me.

eech55 02-10-2005 10:26 AM
this is why i like freebsd:D

Capt_Caveman 02-13-2005 04:48 PM
Quote:
Originally posted by eech55
this is why i like freebsd:D
Why? Cause it didn't have a remote denial of service vulnerability last year involving packet handling?

ftp://ftp.freebsd.org/pub/FreeBSD/CE...-04:04.tcp.asc

Probably could have picked alot better things to flame about.

vhh 02-14-2005 07:27 AM
Sorry, Ignore me pls.

nanoprobe 04-10-2005 11:23 AM
Re: 2.6 DoS Vulnerability! slash Yast update
 
Running the Yast update on Suse solve this problems?

Automatically updating the kernel...

Pcghost 04-10-2005 02:34 PM
Running YOU will likely fix the issue, if SuSE has released a patch for it. Check the SuSE site for what security patches they are putting out or instructions related to the vulnerability.

Capt_Caveman 04-10-2005 10:33 PM
Moderator note: Merging this thread with the original. Please respond to it there rather than starting a new thread. Thanks.

Odins_Son 06-03-2005 06:45 PM
Quote:
Originally posted by Capt_Caveman
Why? Cause it didn't have a remote denial of service vulnerability last year involving packet handling?

ftp://ftp.freebsd.org/pub/FreeBSD/CE...-04:04.tcp.asc

Probably could have picked alot better things to flame about.

ha!


All times are GMT -5. The time now is 09:30 PM.