Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 71586

Summary: An integer underflow problem in the iptables firewall logging rules.
Product: Gentoo Security Reporter: George L. Emigh <ab4bd>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.suse.de/de/security/2004_37_kernel.html
Whiteboard:
Package list:
Runtime testing required: ---

Description George L. Emigh 2004-11-17 12:52:26 UTC
An integer underflow problem in the iptables firewall logging rules can allow a remote attacker to crash the machine by using a handcrafted IP packet. This attack is only possible with firewalling enabled.

While connected to remote machine via ssh, the ssh session would periodically lock up (hang) after much testing I solved the problem by using the suggested workaround:

"If you are using a firewall, a workaround is to disable firewall logging of IP and TCP options."

This should be addressed, as the logging is prefferred.

See http://www.suse.de/de/security/2004_37_kernel.html for more details

George


Reproducible: Always
Steps to Reproduce:
1. enable logging in iptables scripts
2.
3.

Actual Results:  
hung tcp sessions 

Expected Results:  
perfection
Comment 1 George L. Emigh 2004-11-17 12:54:44 UTC
Guess I forgot to mention that it was gentoo-dev-sources-2.6.9-r4

George
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-11-17 13:00:16 UTC


*** This bug has been marked as a duplicate of 68375 ***

*** This bug has been marked as a duplicate of 68375 ***