Advertisement

Remotely exploitable kernel bug

Started by June 30, 2004 04:00 PM
4 comments, last by SwSh 20 years, 4 months ago
This one is worth worrying about... IFF you use the iptables firewall. Anybody running a linux server, however, be advised.... (now I've got two kernel bugs on my system, oh well, maybe I'll get around to compiling a new kernel next week)
Hooray.

What the hell is up with these massive vulnerabilities lately? This is the second biggie this month (that I'm aware of anyway).
Advertisement
Yeah, they're in the kernel, but they're not biggies.

Both are jsut DoS attacks. and bot hare barely anything for desktop users to be concerned about.

All those servers that are running firewalls need to be concerned about this one, however.
But that's exactly it. I mean, how many people who run linux DON'T use it as a server in any way? I think this likely effects more people than you may think. Many people use iptables as their firewall, anyway even if they only use their machine as a desktop machine.
Quote:
It's (the bug) disclosed only when using iptables with
rules matching TCP options (i.e. --tcp-option).


How many people use --tcp-option with iptables? I've certainly created several firewalls and never had a need to use it.

So in terms of "remotely exploitable", in this case, it's a DoS which only affects kernels on machines used as firewalls, and then only if they have an obscure rule type set up.

So the probability of it actually being exploited "in the wild" I'd say is close to none.

Mark
According to some iptables related sites the --tcp-option can be used to detect port scanners (see here). Googling around shows that there are quite a lot of pre-made firewall scripts/wizards that use this kind of protection.
Don't ask me how it works exacly, I dunno. Besides, I use OpenBSD as my firewall so I don't have to worry. :p

This topic is closed to new replies.

Advertisement