FYI: 2.6 kernel flaw

Discussion in 'NZ Computing' started by Gordon, Oct 25, 2004.

  1. Gordon

    Gordon Guest

    On Mon, 25 Oct 2004 20:17:43 +1300, Dave - Dave.net.nz wrote:

    > "USERS OF Linux running a 2.6 series kernel and using iptables for
    > firewalling have been advised to upgrade to fix a bug which could be
    > exploited remotely to cause a denial of service.
    >
    > The bug, discovered by Richard Hart, does not affect the 2.4 series
    > kernel or the later version.


    Why is that I have trouble understanding what I read at times?

    > This means that a hacker
    > could remotely crash the machine by using a specially designed IP packet.


    FFS, if I wanted to hack a machine, what is the point of crashing it?
    Takes all sorts I guess.
    Gordon, Oct 25, 2004
    #1
    1. Advertising

  2. http://www.theinquirer.net/?article=19253

    "USERS OF Linux running a 2.6 series kernel and using iptables for
    firewalling have been advised to upgrade to fix a bug which could be
    exploited remotely to cause a denial of service.

    The bug, discovered by Richard Hart, does not affect the 2.4 series
    kernel or the later version. It is caused by an integer underflow
    problem in the iptables firewall logging rules. This means that a hacker
    could remotely crash the machine by using a specially designed IP packet.

    Ironically, they can only do this if a firewall is enabled in the kernel.

    A spokesSuSE said a workaround was to disable firewall logging of IP and
    TCP options. It is better practice to upgrade your kernel to the latest
    version. µ"



    --
    Dave.net.nz
    reply addy is e
    nice! http://www.dave.net.nz/images/link.jpg
    Dave - Dave.net.nz, Oct 25, 2004
    #2
    1. Advertising

  3. Gordon wrote:
    > FFS, if I wanted to hack a machine, what is the point of crashing it?
    > Takes all sorts I guess.


    maybe just to ruin the linux users uptimes?

    --
    Dave.net.nz
    reply addy is e
    nice! http://www.dave.net.nz/images/link.jpg
    Dave - Dave.net.nz, Oct 25, 2004
    #3
  4. Gordon

    Enkidu Guest

    On Mon, 25 Oct 2004 20:17:43 +1300, "Dave - Dave.net.nz"
    <> wrote:
    >
    >Ironically, they can only do this if a firewall is enabled in the kernel.
    >

    What the heck does this mean? Compiled in? What if it is a module?
    Does that make any difference.

    Cheers,

    Cliff
    Enkidu, Oct 25, 2004
    #4
  5. Enkidu wrote:
    >>Ironically, they can only do this if a firewall is enabled in the kernel.


    > What the heck does this mean? Compiled in? What if it is a module?
    > Does that make any difference.


    **** knows, Im a n00b... running 2.6, but Im safe, I cant get wifi up so
    my network is safe *snort*

    --
    Dave.net.nz
    reply addy is e
    nice! http://www.dave.net.nz/images/link.jpg
    Dave - Dave.net.nz, Oct 25, 2004
    #5
  6. It seems like Mon, 25 Oct 2004 19:33:55 +1300 was when Gordon
    <> said Blah blah blah...

    >> This means that a hacker
    >> could remotely crash the machine by using a specially designed IP packet.

    >
    >FFS, if I wanted to hack a machine, what is the point of crashing it?
    >Takes all sorts I guess.


    Crashing a machine's a mighty big form of Denial of Service. Useful if
    it happens to be a competitors website for instance.
    --
    Regards,
    Waylon Kenning.

    1st Year B.I.T. WelTec
    Waylon Kenning, Oct 25, 2004
    #6
  7. In article <>,
    Enkidu <> wrote:

    >On Mon, 25 Oct 2004 20:17:43 +1300, "Dave - Dave.net.nz"
    ><> wrote:
    >>
    >>Ironically, they can only do this if a firewall is enabled in the kernel.
    >>

    >What the heck does this mean? Compiled in? What if it is a module?
    >Does that make any difference.


    I doubt it. "Firewall enabled in the kernel" would be referring to the
    iptables functionality. After all, it did say "using iptables for
    firewalling".
    Lawrence D'Oliveiro, Oct 26, 2004
    #7
  8. In article <>,
    Gordon <> wrote:

    >On Mon, 25 Oct 2004 20:17:43 +1300, Dave - Dave.net.nz wrote:
    >
    >> "USERS OF Linux running a 2.6 series kernel and using iptables for
    >> firewalling have been advised to upgrade to fix a bug which could be
    >> exploited remotely to cause a denial of service.
    >>
    >> The bug, discovered by Richard Hart, does not affect the 2.4 series
    >> kernel or the later version.

    >
    >Why is that I have trouble understanding what I read at times?


    The part about "2.4 series" seems clear enough. "Later version" could
    either mean it's fixed in a newer 2.6.x version, or perhaps (shiver) 2.7.
    Lawrence D¹Oliveiro, Oct 26, 2004
    #8
  9. Gordon

    Bok Guest

    Enkidu wrote:
    > On Mon, 25 Oct 2004 20:17:43 +1300, "Dave - Dave.net.nz"
    >>Ironically, they can only do this if a firewall is enabled in the kernel.

    > What the heck does this mean? Compiled in? What if it is a module?
    > Does that make any difference.


    The issue is in the iptables logging interface in the kernel. A
    suggested workaround on a Suse advisory was to disable logging of IP and
    TCP packets.

    An iptables firewall comprises a user space module called "iptables"
    that interacts with netfilter hooks in the kernel. If you have an
    iptables fireall on your linux box, then lsmod will reveal a list of the
    'ip tables' related modules.
    Bok, Oct 27, 2004
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mcploppy ©

    FYI: MICROSOFT WARNS OF CRITICAL WINDOWS FLAW

    Mcploppy ©, Jul 24, 2003, in forum: Computer Support
    Replies:
    21
    Views:
    738
  2. Diane
    Replies:
    3
    Views:
    1,841
    Ron Martell
    Jan 23, 2004
  3. Au79
    Replies:
    0
    Views:
    468
  4. Replies:
    15
    Views:
    657
    SgtMinor
    Jul 15, 2007
  5. Au79
    Replies:
    0
    Views:
    496
Loading...

Share This Page