Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/metadata/glsa/glsa-200407-12.xml
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa/glsa-200407-12.xml')
-rw-r--r--metadata/glsa/glsa-200407-12.xml132
1 files changed, 132 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-200407-12.xml b/metadata/glsa/glsa-200407-12.xml
new file mode 100644
index 000000000000..0eb420899056
--- /dev/null
+++ b/metadata/glsa/glsa-200407-12.xml
@@ -0,0 +1,132 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-12">
+ <title>Linux Kernel: Remote DoS vulnerability with IPTables TCP Handling</title>
+ <synopsis>
+ A flaw has been discovered in 2.6 series Linux kernels that allows an
+ attacker to send a malformed TCP packet, causing the affected kernel to
+ possibly enter an infinite loop and hang the vulnerable machine.
+ </synopsis>
+ <product type="ebuild">Kernel</product>
+ <announced>2004-07-14</announced>
+ <revised count="02">2004-10-10</revised>
+ <bug>55694</bug>
+ <access>remote</access>
+ <affected>
+ <package name="sys-kernel/aa-sources" auto="no" arch="*">
+ <unaffected range="ge">2.6.5-r5</unaffected>
+ <unaffected range="lt">2.6</unaffected>
+ <vulnerable range="lt">2.6.5-r5</vulnerable>
+ </package>
+ <package name="sys-kernel/ck-sources" auto="no" arch="*">
+ <unaffected range="ge">2.6.7-r2</unaffected>
+ <unaffected range="lt">2.6</unaffected>
+ <vulnerable range="lt">2.6.7-r2</vulnerable>
+ </package>
+ <package name="sys-kernel/development-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.6.8</unaffected>
+ <vulnerable range="lt">2.6.8</vulnerable>
+ </package>
+ <package name="sys-kernel/gentoo-dev-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.6.7-r7</unaffected>
+ <vulnerable range="lt">2.6.7-r7</vulnerable>
+ </package>
+ <package name="sys-kernel/hardened-dev-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.6.7-r1</unaffected>
+ <vulnerable range="lt">2.6.7-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/hppa-dev-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.6.7_p1-r1</unaffected>
+ <vulnerable range="lt">2.6.7_p1-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/mips-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.6.4-r4</unaffected>
+ <unaffected range="lt">2.6</unaffected>
+ <vulnerable range="lt">2.6.4-r4</vulnerable>
+ </package>
+ <package name="sys-kernel/mm-sources" auto="no" arch="*">
+ <unaffected range="ge">2.6.7-r4</unaffected>
+ <unaffected range="lt">2.6</unaffected>
+ <vulnerable range="lt">2.6.7-r4</vulnerable>
+ </package>
+ <package name="sys-kernel/pegasos-dev-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.6.7-r1</unaffected>
+ <vulnerable range="lt">2.6.7-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/rsbac-dev-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.6.7-r1</unaffected>
+ <vulnerable range="lt">2.6.7-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/uclinux-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.6.7_p0-r1</unaffected>
+ <unaffected range="lt">2.6</unaffected>
+ <vulnerable range="lt">2.6.7_p0</vulnerable>
+ </package>
+ <package name="sys-kernel/usermode-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.6.6-r2</unaffected>
+ <unaffected range="lt">2.6</unaffected>
+ <vulnerable range="lt">2.6.6-r2</vulnerable>
+ </package>
+ <package name="sys-kernel/win4lin-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.6.7-r1</unaffected>
+ <unaffected range="lt">2.6</unaffected>
+ <vulnerable range="lt">2.6.7-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/xbox-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.6.7-r1</unaffected>
+ <unaffected range="lt">2.6</unaffected>
+ <vulnerable range="lt">2.6.7-r1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ The Linux kernel is responsible for managing the core aspects of a
+ GNU/Linux system, providing an interface for core system applications as
+ well as providing the essential structure and capability to access hardware
+ that is needed for a running system.
+ </p>
+ </background>
+ <description>
+ <p>
+ An attacker can utilize an erroneous data type in the IPTables TCP option
+ handling code, which lies in an iterator. By making a TCP packet with a
+ header length larger than 127 bytes, a negative integer would be implied in
+ the iterator.
+ </p>
+ </description>
+ <impact type="high">
+ <p>
+ By sending one malformed packet, the kernel could get stuck in a loop,
+ consuming all of the CPU resources and rendering the machine useless,
+ causing a Denial of Service. This vulnerability requires no local access.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ If users do not use the netfilter functionality or do not use any
+ ``--tcp-option'' rules they are not vulnerable to this exploit. Users that
+ are may remove netfilter support from their kernel or may remove any
+ ``--tcp-option'' rules they might be using. However, all users are urged to
+ upgrade their kernels to patched versions.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ Users are encouraged to upgrade to the latest available sources for their
+ system:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv your-favorite-sources
+ # emerge your-favorite-sources
+
+ # # Follow usual procedure for compiling and installing a kernel.
+ # # If you use genkernel, run genkernel as you would do normally.</code>
+ </resolution>
+ <references>
+ <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0626">CAN-2004-0626</uri>
+ </references>
+ <metadata tag="submitter">
+ plasmaroo
+ </metadata>
+</glsa>