In association with heise online

15 March 2007, 13:28

Linux kernel updates close DoS security holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Linux kernel removes two vulnerabilities in the Netfilter module, which allowed a system to be brought down and certain filter rules to be circumvented. Thus a null pointer dereference in the module net/netfilter/nfnetlink_log.c leads to a kernel panic. All that is said then to be required to induce a crash is to send a modified packet to the system.

Kernel already had to remove a null pointer dereference in the function ipv6_getsockopt_sticky in the module net/ipv6/ipv6_sockglue.c. In this case too it had been possible to provoke a kernel panic. There are conflicting reports, however, on whether the vulnerability can, in addition to working locally, also be exploited remotely. For its part US-CERT assumes that the vulnerability can be triggered through a network.

The last mentioned hole at least has already been removed with new kernel packages by some Linux distributors. Switching off IPv6 will also do as a workaround. There is a how-to manual available for Suse at: Disabling IPv6 permanently; for Red Hat, please consult: "How do I disable the IPv6 protocol?".

A bug in the function ipv6_conntrack_in in the module net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c is moreover said to allow fragmented IPv6 to be made to appear as "established" to the Netfilter. This should make it possible to initiate a connection from outside, despite the rules not allowing for this.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit