[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

fallo de seguridad

Supongo que muchos lo habreis leido, pero ahi va...

"The recent release of the Linux 2.2.4 kernel fixed a remote denial of
service problem in the IP fragment handling code. If you are running a
Linux kernel between 2.1.89 and 2.2.3, it would probably be a good idea to
get the latest version. In case that isn't feasible for you, I've included
a patch in this post. The impact of this problem is that a remote attacker
can effectively disable a target's IP connectivity. However, for the
attack to succeed, the attacker will have to deliver several thousand
packets to the target, which can take up to several minutes. A quick
exploit and the patch are appended to the end of this post."

(evidentemente no incluyo el exploit)

"(...) The other component of the problem is that the call to allocate a
entry in the routing cache does a check to see if the hashtable that
comprises the cache is at a saturated state. If it is, it proceeds to do a
garbage collection. If the number of entries in the cache, after this
garbage collection, is still higher than the threshold, then dst_alloc()
will fail. So, if we generate enough stranded entries in the routing cache
(4096 in 2.2.3) via our malicious frags, then all further calls to
dst_alloc will fail."

Jose Mari Mor Fabregat			Debian Hamm
al000346@alumail.uji.es			2.0.36

Reply to: