Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Linux users running a 2.6 series kernel and using iptables for firewalling have been advised to upgrade to fix a bug which could be exploited remotely to cause a denial of service.
The bug, discovered by Richard Hart, does not affect the 2.4 series kernel.
It is caused by an integer underflow problem in the iptables firewall logging rules and can allow a remote attacker to crash the machine by using a handcrafted IP packet.
The attack is only possible if firewalling is enabled in the kernel.
An advisory from Linux company SUSE said a workaround was to disable firewall logging of IP and TCP options.
However, a kernel update was recommended, the advisory said.
So does that mean that if iptables is loaded as a module (i.e. not built in to the kernel), you aren't vulnerable?
You are vulnerable.
It apparently is about the part of the Netfilter framework code that logs (IP and TCP) protocol options.
Therefore it does not matter if it is built in into the kernel or loaded as module.
Upgrading the kernel is your only option.
The workaround is to disable all logging of IP and TCP options (see SuSE advisory).
Distribution: Fedora, Debian, OpenSuSE and Android
Posts: 1,820
Rep:
Running YOU will likely fix the issue, if SuSE has released a patch for it. Check the SuSE site for what security patches they are putting out or instructions related to the vulnerability.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.