1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200407-12 / Kernel |
| Release Date | July 14, 2004 |
| Latest Revision | October 10, 2004: 02 |
| Impact | high |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| sys-kernel/aa-sources | < 2.6.5-r5 | >= 2.6.5-r5, < 2.6* | All supported architectures |
| sys-kernel/ck-sources | < 2.6.7-r2 | >= 2.6.7-r2, < 2.6* | All supported architectures |
| sys-kernel/development-sources | < 2.6.8 | >= 2.6.8 | All supported architectures |
| sys-kernel/gentoo-dev-sources | < 2.6.7-r7 | >= 2.6.7-r7 | All supported architectures |
| sys-kernel/hardened-dev-sources | < 2.6.7-r1 | >= 2.6.7-r1 | All supported architectures |
| sys-kernel/hppa-dev-sources | < 2.6.7_p1-r1 | >= 2.6.7_p1-r1 | All supported architectures |
| sys-kernel/mips-sources | < 2.6.4-r4 | >= 2.6.4-r4, < 2.6 | All supported architectures |
| sys-kernel/mm-sources | < 2.6.7-r4 | >= 2.6.7-r4, < 2.6* | All supported architectures |
| sys-kernel/pegasos-dev-sources | < 2.6.7-r1 | >= 2.6.7-r1 | All supported architectures |
| sys-kernel/rsbac-dev-sources | < 2.6.7-r1 | >= 2.6.7-r1 | All supported architectures |
| sys-kernel/uclinux-sources | < 2.6.7_p0 | >= 2.6.7_p0-r1, < 2.6 | All supported architectures |
| sys-kernel/usermode-sources | < 2.6.6-r2 | >= 2.6.6-r2, < 2.6 | All supported architectures |
| sys-kernel/win4lin-sources | < 2.6.7-r1 | >= 2.6.7-r1, < 2.6 | All supported architectures |
| sys-kernel/xbox-sources | < 2.6.7-r1 | >= 2.6.7-r1, < 2.6 | All supported architectures |
Warning: *: Needs to be manually updated |
Related bugreports: #55694
A flaw has been discovered in 2.6 series Linux kernels that allows an attacker to send a malformed TCP packet, causing the affected kernel to possibly enter an infinite loop and hang the vulnerable machine.
The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system.
An attacker can utilize an erroneous data type in the IPTables TCP option handling code, which lies in an iterator. By making a TCP packet with a header length larger than 127 bytes, a negative integer would be implied in the iterator.
By sending one malformed packet, the kernel could get stuck in a loop, consuming all of the CPU resources and rendering the machine useless, causing a Denial of Service. This vulnerability requires no local access.
If users do not use the netfilter functionality or do not use any ``--tcp-option'' rules they are not vulnerable to this exploit. Users that are may remove netfilter support from their kernel or may remove any ``--tcp-option'' rules they might be using. However, all users are urged to upgrade their kernels to patched versions.
Users are encouraged to upgrade to the latest available sources for their system:
Code Listing 3.1: Resolution |
# emerge sync # emerge -pv your-favorite-sources # emerge your-favorite-sources # # Follow usual procedure for compiling and installing a kernel. # # If you use genkernel, run genkernel as you would do normally. |