ipt_ULOG.c
From: Jaco Kroon
Date: Thu Sep 04 2003 - 15:41:10 EST
There is a problem in ipt_ULOG.c on older kernel versions (2.4.18
confirmed).
The problem is with shifting and not shifting of the nl groups. This
has already been fixed in later versions (Version 2.4.21 if I'm not
mistaken). It is also fixed in the 2.5 and 2.6 series of the kernel.
This problem can be used to execute a DOS attack on vulnerable servers.
Vulnerable servers are those that makes use of the ULOG target in
netfilter with groups other than 1 (this just happens to work correctly
since the group 1 also happens to shift into 1). The other groups
causes kernel memory corruption and in just about all my test cases to
total system failure. This can be triggered remotely by using hping to
send a packet that will be logged by the ULOG target.
Also, not sure whether IPv6 is affected (I don't use it yet, so ...)
Jaco
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/