Linux Kernel: Remote DoS vulnerability with IPTables TCP Handling A flaw has been discovered in 2.6 series Linux kernels that allows an attacker to send a malformed TCP packet, causing the affected kernel to possibly enter an infinite loop and hang the vulnerable machine. Kernel 2004-07-14 2004-10-10 55694 remote 2.6.5-r5 2.6 2.6.5-r5 2.6.7-r2 2.6 2.6.7-r2 2.6.8 2.6.8 2.6.7-r7 2.6.7-r7 2.6.7-r1 2.6.7-r1 2.6.7_p1-r1 2.6.7_p1-r1 2.6.4-r4 2.6 2.6.4-r4 2.6.7-r4 2.6 2.6.7-r4 2.6.7-r1 2.6.7-r1 2.6.7-r1 2.6.7-r1 2.6.7_p0-r1 2.6 2.6.7_p0 2.6.6-r2 2.6 2.6.6-r2 2.6.7-r1 2.6 2.6.7-r1 2.6.7-r1 2.6 2.6.7-r1

The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system.

An attacker can utilize an erroneous data type in the IPTables TCP option handling code, which lies in an iterator. By making a TCP packet with a header length larger than 127 bytes, a negative integer would be implied in the iterator.

By sending one malformed packet, the kernel could get stuck in a loop, consuming all of the CPU resources and rendering the machine useless, causing a Denial of Service. This vulnerability requires no local access.

If users do not use the netfilter functionality or do not use any ``--tcp-option'' rules they are not vulnerable to this exploit. Users that are may remove netfilter support from their kernel or may remove any ``--tcp-option'' rules they might be using. However, all users are urged to upgrade their kernels to patched versions.

Users are encouraged to upgrade to the latest available sources for their system:

# emerge sync # emerge -pv your-favorite-sources # emerge your-favorite-sources # # Follow usual procedure for compiling and installing a kernel. # # If you use genkernel, run genkernel as you would do normally. CAN-2004-0626 plasmaroo