2.6 kernel iptables exploit
Darren Critchley
darrenc at telus.net
Mon Oct 25 15:12:25 UTC 2004
Taken from another list:
------- Included Stuff Follows -------
Linux kernel flaw found
Can lead to denial of service
By Nick Farrell: Monday 25 October 2004, 07:05
USERS OF Linux running a 2.6 series kernel and using
iptables for firewalling have been advised to upgrade to
fix a bug which could be exploited remotely to cause a
denial of service.
The bug, discovered by Richard Hart, does not affect the
2.4 series kernel or the later version. It is caused by
an integer underflow problem in the iptables firewall
logging rules. This means that a hacker could remotely
crash the machine by using a specially designed IP
packet.
Ironically, they can only do this if a firewall is
enabled in the kernel.
A spokesSuSE said a workaround was to disable firewall
logging of IP and TCP options. It is better practice to
upgrade your kernel to the latest version.
--------- Included Stuff Ends ---------
http://www.theinquirer.net/?article=19253
More information about the ubuntu-users
mailing list