Linux developers fix a homemade network problem

Linux kernels 3.0.17, 3.1.9 and 3.2.1 fix a problem with the handling of IGMP packets that was introduced with updates in Linux 2.6.36. An IGMPv3 protocol packet being processed soon after the processing of an IGMPv2 packet could lead to a system crash caused by a kernel panic.

On 6 January, Simon McVittie reported strange crashes of his Linux notebook in the Debian bug database. Debian developer Ben Hutchings found that the problem was caused by a division by 0 that can occur with IGMP packets that have a Maximum Response Time of 0. As a result, Linux systems running a kernel version from 2.6.36 or later, up until the patched versions, can quite easily be crashed remotely using certain IGMP packets if a program has registered to receive multicast packets from the network. Typical examples for such programs include the avahi mDNS server or media players, such as VLC, that support RTP.

Active attacks should technically only be possible within local networks, because IGMP broadcasts are usually not routed beyond network boundaries. However, Hutchings points out that particular unicast packets may serve for attacks via the internet unless they are blocked by a firewall. As a fix has now been released, distributors should soon offer updated kernel packages that no longer contain the vulnerability.

The Internet Group Management Protocol allows computers in a network to find multicast routers, for instance to receive video streams. During a multicast session, video streams are not sent through the network separately to each recipient but are transferred collectively to specific groups. IGMP serves for managing these groups and is a component of the IPv4 protocol suite.

(djwm)