Linux kernel DoS risk under the spotlight

Full Version: Linux kernel DoS risk under the spotlight

GovernmentSecurity.org > System Security > Linux & Unix Systems

dissolutions

May 18 2003, 09:16 PM

Linux kernel DoS risk under the spotlight
By John Leyden
Posted: 16/05/2003 at 16:11 GMT

There is a potentially troublesome denial of service risk linked to a vuln in the Linux 2.4 kernel, concerning the cacheing of routing information.

A Red Hat advisory on the problem explains: "A remote attacker could send packets with carefully chosen, forged source addresses in such a way as to make every routing cache entry get hashed into the same hash chain. The result would be that the kernel would use a disproportionate amount of processor time to deal with new packets, resulting in a remote denial of service attack."

Red Hat has issued updated kernel packages.

An advisory by security outfit Secunia provides a list of other affected Linux distributions (too numerous to list here). An official patch or update for the Linux Kernel is yet to be made available, according to Secunia.

However workarounds are available and there's little evidence that the vulnerability has been maliciously exploited, at least for now. ®

http://www.theregister.co.uk/content/55/30748.html

GSecur

May 18 2003, 09:44 PM

Freekin pain in the butt, been downloading alot of patches lately, at least they have been releasing them quickly.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: Linux kernel DoS risk under the spotlight GovernmentSecurity.org > System Security > Linux & Unix Systems dissolutions May 18 2003, 09:16 PM Linux kernel DoS risk under the spotlight By John Leyden Posted: 16/05/2003 at 16:11 GMT There is a potentially troublesome denial of service risk linked to a vuln in the Linux 2.4 kernel, concerning the cacheing of routing information. A Red Hat advisory on the problem explains: "A remote attacker could send packets with carefully chosen, forged source addresses in such a way as to make every routing cache entry get hashed into the same hash chain. The result would be that the kernel would use a disproportionate amount of processor time to deal with new packets, resulting in a remote denial of service attack." Red Hat has issued updated kernel packages. An advisory by security outfit Secunia provides a list of other affected Linux distributions (too numerous to list here). An official patch or update for the Linux Kernel is yet to be made available, according to Secunia. However workarounds are available and there's little evidence that the vulnerability has been maliciously exploited, at least for now. ® http://www.theregister.co.uk/content/55/30748.html GSecur May 18 2003, 09:44 PM Freekin pain in the butt, been downloading alot of patches lately, at least they have been releasing them quickly. This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.