From: Juan Hernandez <alucard@kanux.com>
To: netfilter@lists.netfilter.org
Subject: [Fwd: [SA11980] Linux Kernel Netfilter TCP Option Matching Denial of Service Vulnerability]
Date: Thu, 01 Jul 2004 12:54:13 -0400 [thread overview]
Message-ID: <40E441B5.9000809@kanux.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 111 bytes --]
I thought you guys would be interested in this since I haven't read
anything today in this mailing list
Juan
[-- Attachment #2: [SA11980] Linux Kernel Netfilter TCP Option Matching Denial of Service Vulnerability --]
[-- Type: message/rfc822, Size: 2776 bytes --]
From: Secunia Security Advisories <sec-adv@secunia.com>
To: hvjuan@kanux.com
Subject: [SA11980] Linux Kernel Netfilter TCP Option Matching Denial of Service Vulnerability
Date: Thu, 1 Jul 2004 15:17:27 +0200
Message-ID: <200407011317.i61DHRf1020304@secunia.com>
TITLE:
Linux Kernel Netfilter TCP Option Matching Denial of Service
Vulnerability
SECUNIA ADVISORY ID:
SA11980
VERIFY ADVISORY:
http://secunia.com/advisories/11980/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
From remote
OPERATING SYSTEM:
Linux Kernel 2.6.x
http://secunia.com/product/2719/
DESCRIPTION:
Adam Osuchowski and Tomasz Dubinski have reported a vulnerability in
the Linux kernel, which can be exploited by malicious people to cause
a DoS (Denial of Service).
The vulnerability is caused due to the use of an incorrect variable
type within the "tcp_find_option()" function of the netfilter
subsystem. This can be exploited by sending a specially crafted TCP
packet, which causes the kernel to enter an infinite loop and consume
all available CPU resources.
Successful exploitation requires that iptables is used with rules
matching TCP options ("--tcp-option").
SOLUTION:
Don't use any rules matching TCP options.
PROVIDED AND/OR DISCOVERED BY:
Adam Osuchowski and Tomasz Dubinski
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=hvjuan@kanux.com
----------------------------------------------------------------------
reply other threads:[~2004-07-01 16:54 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40E441B5.9000809@kanux.com \
--to=alucard@kanux.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox