A flaw has been discovered in 2.6 series Linux kernels that allows an attacker to send a malformed TCP packet, causing the affected kernel to possibly enter an infinite loop and hang the vulnerable machine.
Package | sys-kernel/aa-sources on all architectures |
---|---|
Affected versions | < 2.6.5-r5 |
Unaffected versions | >= 2.6.5-r5 < 2.6 |
Package | sys-kernel/ck-sources on all architectures |
---|---|
Affected versions | < 2.6.7-r2 |
Unaffected versions | >= 2.6.7-r2 < 2.6 |
Package | sys-kernel/development-sources on all architectures |
---|---|
Affected versions | < 2.6.8 |
Unaffected versions | >= 2.6.8 |
Package | sys-kernel/gentoo-dev-sources on all architectures |
---|---|
Affected versions | < 2.6.7-r7 |
Unaffected versions | >= 2.6.7-r7 |
Package | sys-kernel/hardened-dev-sources on all architectures |
---|---|
Affected versions | < 2.6.7-r1 |
Unaffected versions | >= 2.6.7-r1 |
Package | sys-kernel/hppa-dev-sources on all architectures |
---|---|
Affected versions | < 2.6.7_p1-r1 |
Unaffected versions | >= 2.6.7_p1-r1 |
Package | sys-kernel/mips-sources on all architectures |
---|---|
Affected versions | < 2.6.4-r4 |
Unaffected versions | >= 2.6.4-r4 < 2.6 |
Package | sys-kernel/mm-sources on all architectures |
---|---|
Affected versions | < 2.6.7-r4 |
Unaffected versions | >= 2.6.7-r4 < 2.6 |
Package | sys-kernel/pegasos-dev-sources on all architectures |
---|---|
Affected versions | < 2.6.7-r1 |
Unaffected versions | >= 2.6.7-r1 |
Package | sys-kernel/rsbac-dev-sources on all architectures |
---|---|
Affected versions | < 2.6.7-r1 |
Unaffected versions | >= 2.6.7-r1 |
Package | sys-kernel/uclinux-sources on all architectures |
---|---|
Affected versions | < 2.6.7_p0 |
Unaffected versions | >= 2.6.7_p0-r1 < 2.6 |
Package | sys-kernel/usermode-sources on all architectures |
---|---|
Affected versions | < 2.6.6-r2 |
Unaffected versions | >= 2.6.6-r2 < 2.6 |
Package | sys-kernel/win4lin-sources on all architectures |
---|---|
Affected versions | < 2.6.7-r1 |
Unaffected versions | >= 2.6.7-r1 < 2.6 |
Package | sys-kernel/xbox-sources on all architectures |
---|---|
Affected versions | < 2.6.7-r1 |
Unaffected versions | >= 2.6.7-r1 < 2.6 |
The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system.
An attacker can utilize an erroneous data type in the IPTables TCP option handling code, which lies in an iterator. By making a TCP packet with a header length larger than 127 bytes, a negative integer would be implied in the iterator.
By sending one malformed packet, the kernel could get stuck in a loop, consuming all of the CPU resources and rendering the machine useless, causing a Denial of Service. This vulnerability requires no local access.
If users do not use the netfilter functionality or do not use any ``--tcp-option'' rules they are not vulnerable to this exploit. Users that are may remove netfilter support from their kernel or may remove any ``--tcp-option'' rules they might be using. However, all users are urged to upgrade their kernels to patched versions.
Users are encouraged to upgrade to the latest available sources for their system:
# emerge sync # emerge -pv your-favorite-sources # emerge your-favorite-sources # # Follow usual procedure for compiling and installing a kernel. # # If you use genkernel, run genkernel as you would do normally.
Release date
July 14, 2004
Latest revision
October 10, 2004: 02
Severity
high
Exploitable
remote
Bugzilla entries