diff options
Diffstat (limited to 'metadata/glsa/glsa-200407-12.xml')
-rw-r--r-- | metadata/glsa/glsa-200407-12.xml | 132 |
1 files changed, 132 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-200407-12.xml b/metadata/glsa/glsa-200407-12.xml new file mode 100644 index 000000000000..0eb420899056 --- /dev/null +++ b/metadata/glsa/glsa-200407-12.xml @@ -0,0 +1,132 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="200407-12"> + <title>Linux Kernel: Remote DoS vulnerability with IPTables TCP Handling</title> + <synopsis> + A flaw has been discovered in 2.6 series Linux kernels that allows an + attacker to send a malformed TCP packet, causing the affected kernel to + possibly enter an infinite loop and hang the vulnerable machine. + </synopsis> + <product type="ebuild">Kernel</product> + <announced>2004-07-14</announced> + <revised count="02">2004-10-10</revised> + <bug>55694</bug> + <access>remote</access> + <affected> + <package name="sys-kernel/aa-sources" auto="no" arch="*"> + <unaffected range="ge">2.6.5-r5</unaffected> + <unaffected range="lt">2.6</unaffected> + <vulnerable range="lt">2.6.5-r5</vulnerable> + </package> + <package name="sys-kernel/ck-sources" auto="no" arch="*"> + <unaffected range="ge">2.6.7-r2</unaffected> + <unaffected range="lt">2.6</unaffected> + <vulnerable range="lt">2.6.7-r2</vulnerable> + </package> + <package name="sys-kernel/development-sources" auto="yes" arch="*"> + <unaffected range="ge">2.6.8</unaffected> + <vulnerable range="lt">2.6.8</vulnerable> + </package> + <package name="sys-kernel/gentoo-dev-sources" auto="yes" arch="*"> + <unaffected range="ge">2.6.7-r7</unaffected> + <vulnerable range="lt">2.6.7-r7</vulnerable> + </package> + <package name="sys-kernel/hardened-dev-sources" auto="yes" arch="*"> + <unaffected range="ge">2.6.7-r1</unaffected> + <vulnerable range="lt">2.6.7-r1</vulnerable> + </package> + <package name="sys-kernel/hppa-dev-sources" auto="yes" arch="*"> + <unaffected range="ge">2.6.7_p1-r1</unaffected> + <vulnerable range="lt">2.6.7_p1-r1</vulnerable> + </package> + <package name="sys-kernel/mips-sources" auto="yes" arch="*"> + <unaffected range="ge">2.6.4-r4</unaffected> + <unaffected range="lt">2.6</unaffected> + <vulnerable range="lt">2.6.4-r4</vulnerable> + </package> + <package name="sys-kernel/mm-sources" auto="no" arch="*"> + <unaffected range="ge">2.6.7-r4</unaffected> + <unaffected range="lt">2.6</unaffected> + <vulnerable range="lt">2.6.7-r4</vulnerable> + </package> + <package name="sys-kernel/pegasos-dev-sources" auto="yes" arch="*"> + <unaffected range="ge">2.6.7-r1</unaffected> + <vulnerable range="lt">2.6.7-r1</vulnerable> + </package> + <package name="sys-kernel/rsbac-dev-sources" auto="yes" arch="*"> + <unaffected range="ge">2.6.7-r1</unaffected> + <vulnerable range="lt">2.6.7-r1</vulnerable> + </package> + <package name="sys-kernel/uclinux-sources" auto="yes" arch="*"> + <unaffected range="ge">2.6.7_p0-r1</unaffected> + <unaffected range="lt">2.6</unaffected> + <vulnerable range="lt">2.6.7_p0</vulnerable> + </package> + <package name="sys-kernel/usermode-sources" auto="yes" arch="*"> + <unaffected range="ge">2.6.6-r2</unaffected> + <unaffected range="lt">2.6</unaffected> + <vulnerable range="lt">2.6.6-r2</vulnerable> + </package> + <package name="sys-kernel/win4lin-sources" auto="yes" arch="*"> + <unaffected range="ge">2.6.7-r1</unaffected> + <unaffected range="lt">2.6</unaffected> + <vulnerable range="lt">2.6.7-r1</vulnerable> + </package> + <package name="sys-kernel/xbox-sources" auto="yes" arch="*"> + <unaffected range="ge">2.6.7-r1</unaffected> + <unaffected range="lt">2.6</unaffected> + <vulnerable range="lt">2.6.7-r1</vulnerable> + </package> + </affected> + <background> + <p> + The Linux kernel is responsible for managing the core aspects of a + GNU/Linux system, providing an interface for core system applications as + well as providing the essential structure and capability to access hardware + that is needed for a running system. + </p> + </background> + <description> + <p> + An attacker can utilize an erroneous data type in the IPTables TCP option + handling code, which lies in an iterator. By making a TCP packet with a + header length larger than 127 bytes, a negative integer would be implied in + the iterator. + </p> + </description> + <impact type="high"> + <p> + By sending one malformed packet, the kernel could get stuck in a loop, + consuming all of the CPU resources and rendering the machine useless, + causing a Denial of Service. This vulnerability requires no local access. + </p> + </impact> + <workaround> + <p> + If users do not use the netfilter functionality or do not use any + ``--tcp-option'' rules they are not vulnerable to this exploit. Users that + are may remove netfilter support from their kernel or may remove any + ``--tcp-option'' rules they might be using. However, all users are urged to + upgrade their kernels to patched versions. + </p> + </workaround> + <resolution> + <p> + Users are encouraged to upgrade to the latest available sources for their + system: + </p> + <code> + # emerge sync + # emerge -pv your-favorite-sources + # emerge your-favorite-sources + + # # Follow usual procedure for compiling and installing a kernel. + # # If you use genkernel, run genkernel as you would do normally.</code> + </resolution> + <references> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0626">CAN-2004-0626</uri> + </references> + <metadata tag="submitter"> + plasmaroo + </metadata> +</glsa> |