Gentoo 2509 Published by

An updated Linux Kernel is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200407-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Linux Kernel: Remote DoS vulnerability with IPTables TCP
Handling
Date: July 14, 2004
Bugs: #55694
ID: 200407-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A flaw has been discovered in 2.6 series Linux kernels that allows an attacker to send a malformed TCP packet, causing the affected kernel to possibly enter an infinite loop and hang the vulnerable machine.



Background
=========

The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system.

Affected packages
================

-------------------------------------------------------------------
Kernel / Unaffected / Remerge
-------------------------------------------------------------------
1 aa-sources ............... >= 2.6.5-r5 ...................... YES
2 ck-sources ............... >= 2.6.7-r2 ...................... YES
3 gentoo-dev-sources ....... >= 2.6.7-r7 ..........................
4 hardened-dev-sources ..... >= 2.6.7-r1 ..........................
5 hppa-dev-sources ....... >= 2.6.7_p1-r1 .........................
6 mips-sources ............ *>= 2.6.4-r4 ..........................
.......................... >= 2.6.7-r1 ..........................
7 mm-sources ............... >= 2.6.7-r4 ...................... YES
8 pegasos-dev-sources ...... >= 2.6.7-r1 ..........................
9 rsbac-dev-sources ........ >= 2.6.7-r1 ..........................
10 uclinux-sources ........ >= 2.6.7_p0-r1 .........................
11 usermode-sources ......... >= 2.6.6-r2 ..........................
12 win4lin-sources .......... >= 2.6.7-r1 ..........................
13 xbox-sources ............. >= 2.6.7-r1 ..........................
14 development-sources ...... Vulnerable! ..........................
-------------------------------------------------------------------
NOTE: Some kernels are still vulnerable. Users should migrate to another kernel if one is available or seek another solution such as patching their existing kernel.
-------------------------------------------------------------------
NOTE: Packages marked with "Remerge" as "YES" require a re-merge even though Portage does not indicate a newer version!
-------------------------------------------------------------------
14 affected packages on all of their supported architectures.
-------------------------------------------------------------------

Description
==========

An attacker can utilize an erroneous data type in the IPTables TCP option handling code, which lies in an iterator. By making a TCP packet with a header length larger than 127 bytes, a negative integer would be implied in the iterator.

Impact
=====

By sending one malformed packet, the kernel could get stuck in a loop, consuming all of the CPU resources and rendering the machine useless, causing a Denial of Service. This vulnerability requires no local access.

Workaround
=========

If users do not use the netfilter functionality or do not use any ``--tcp-option'' rules they are not vulnerable to this exploit. Users that are may remove netfilter support from their kernel or may remove any ``--tcp-option'' rules they might be using. However, all users are urged to upgrade their kernels to patched versions.

Resolution
=========

Users are encouraged to upgrade to the latest available sources for their system:

# emerge sync
# emerge -pv your-favorite-sources
# emerge your-favorite-sources

# # Follow usual procedure for compiling and installing a kernel.
# # If you use genkernel, run genkernel as you would do normally.

Availability
===========

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200407-12.xml

Concerns?
========

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License
======

Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0