Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > FYI: 2.6 kernel flaw

Reply
Thread Tools

FYI: 2.6 kernel flaw

 
 
Gordon
Guest
Posts: n/a
 
      10-25-2004
On Mon, 25 Oct 2004 20:17:43 +1300, Dave - Dave.net.nz wrote:

> "USERS OF Linux running a 2.6 series kernel and using iptables for
> firewalling have been advised to upgrade to fix a bug which could be
> exploited remotely to cause a denial of service.
>
> The bug, discovered by Richard Hart, does not affect the 2.4 series
> kernel or the later version.


Why is that I have trouble understanding what I read at times?

> This means that a hacker
> could remotely crash the machine by using a specially designed IP packet.


FFS, if I wanted to hack a machine, what is the point of crashing it?
Takes all sorts I guess.
 
Reply With Quote
 
 
 
 
Dave - Dave.net.nz
Guest
Posts: n/a
 
      10-25-2004
http://www.theinquirer.net/?article=19253

"USERS OF Linux running a 2.6 series kernel and using iptables for
firewalling have been advised to upgrade to fix a bug which could be
exploited remotely to cause a denial of service.

The bug, discovered by Richard Hart, does not affect the 2.4 series
kernel or the later version. It is caused by an integer underflow
problem in the iptables firewall logging rules. This means that a hacker
could remotely crash the machine by using a specially designed IP packet.

Ironically, they can only do this if a firewall is enabled in the kernel.

A spokesSuSE said a workaround was to disable firewall logging of IP and
TCP options. It is better practice to upgrade your kernel to the latest
version. ”"



--
Dave.net.nz
reply addy is http://www.velocityreviews.com/forums/(E-Mail Removed)e
nice! http://www.dave.net.nz/images/link.jpg
 
Reply With Quote
 
 
 
 
Dave - Dave.net.nz
Guest
Posts: n/a
 
      10-25-2004
Gordon wrote:
> FFS, if I wanted to hack a machine, what is the point of crashing it?
> Takes all sorts I guess.


maybe just to ruin the linux users uptimes?

--
Dave.net.nz
reply addy is (E-Mail Removed)e
nice! http://www.dave.net.nz/images/link.jpg
 
Reply With Quote
 
Enkidu
Guest
Posts: n/a
 
      10-25-2004
On Mon, 25 Oct 2004 20:17:43 +1300, "Dave - Dave.net.nz"
<(E-Mail Removed)> wrote:
>
>Ironically, they can only do this if a firewall is enabled in the kernel.
>

What the heck does this mean? Compiled in? What if it is a module?
Does that make any difference.

Cheers,

Cliff
 
Reply With Quote
 
Dave - Dave.net.nz
Guest
Posts: n/a
 
      10-25-2004
Enkidu wrote:
>>Ironically, they can only do this if a firewall is enabled in the kernel.


> What the heck does this mean? Compiled in? What if it is a module?
> Does that make any difference.


**** knows, Im a n00b... running 2.6, but Im safe, I cant get wifi up so
my network is safe *snort*

--
Dave.net.nz
reply addy is (E-Mail Removed)e
nice! http://www.dave.net.nz/images/link.jpg
 
Reply With Quote
 
Waylon Kenning
Guest
Posts: n/a
 
      10-25-2004
It seems like Mon, 25 Oct 2004 19:33:55 +1300 was when Gordon
<(E-Mail Removed)> said Blah blah blah...

>> This means that a hacker
>> could remotely crash the machine by using a specially designed IP packet.

>
>FFS, if I wanted to hack a machine, what is the point of crashing it?
>Takes all sorts I guess.


Crashing a machine's a mighty big form of Denial of Service. Useful if
it happens to be a competitors website for instance.
--
Regards,
Waylon Kenning.

1st Year B.I.T. WelTec
 
Reply With Quote
 
Lawrence D'Oliveiro
Guest
Posts: n/a
 
      10-26-2004
In article <(E-Mail Removed)>,
Enkidu <(E-Mail Removed)> wrote:

>On Mon, 25 Oct 2004 20:17:43 +1300, "Dave - Dave.net.nz"
><(E-Mail Removed)> wrote:
>>
>>Ironically, they can only do this if a firewall is enabled in the kernel.
>>

>What the heck does this mean? Compiled in? What if it is a module?
>Does that make any difference.


I doubt it. "Firewall enabled in the kernel" would be referring to the
iptables functionality. After all, it did say "using iptables for
firewalling".
 
Reply With Quote
 
Lawrence DčOliveiro
Guest
Posts: n/a
 
      10-26-2004
In article <(E-Mail Removed)>,
Gordon <(E-Mail Removed)> wrote:

>On Mon, 25 Oct 2004 20:17:43 +1300, Dave - Dave.net.nz wrote:
>
>> "USERS OF Linux running a 2.6 series kernel and using iptables for
>> firewalling have been advised to upgrade to fix a bug which could be
>> exploited remotely to cause a denial of service.
>>
>> The bug, discovered by Richard Hart, does not affect the 2.4 series
>> kernel or the later version.

>
>Why is that I have trouble understanding what I read at times?


The part about "2.4 series" seems clear enough. "Later version" could
either mean it's fixed in a newer 2.6.x version, or perhaps (shiver) 2.7.
 
Reply With Quote
 
Bok
Guest
Posts: n/a
 
      10-27-2004
Enkidu wrote:
> On Mon, 25 Oct 2004 20:17:43 +1300, "Dave - Dave.net.nz"
>>Ironically, they can only do this if a firewall is enabled in the kernel.

> What the heck does this mean? Compiled in? What if it is a module?
> Does that make any difference.


The issue is in the iptables logging interface in the kernel. A
suggested workaround on a Suse advisory was to disable logging of IP and
TCP packets.

An iptables firewall comprises a user space module called "iptables"
that interacts with netfilter hooks in the kernel. If you have an
iptables fireall on your linux box, then lsmod will reveal a list of the
'ip tables' related modules.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Kernel#autoload ignores custom monkey patched Kernel#require Lars Gierth Ruby 6 03-20-2010 10:35 PM
ATI Driver Flaw Exposes Vista Kernel to Attackers Au79 Computer Support 0 08-11-2007 03:35 AM
Why "Kernel.puts" and not "Kernel.put"? shadytrees@gmail.com Ruby 3 04-08-2006 01:42 PM
kernel hangs after "UNCOMPRESSING KERNEL OK BOOTING KERNEL" yogesh C Programming 3 02-12-2006 11:19 AM
Outlook TNEF flaw could be much worse than WMF flaw Au79 Computer Support 0 01-13-2006 10:48 PM



Advertisments