| VID |
12059 |
| Severity |
30 |
| Port |
|
| Protocol |
TCP |
| Class |
Protocol |
| Detailed Description |
The target host seems to be vulnerable to an invalid TCP Options field within a TCP packet.
It has been reported that all Linux kernel 2.6 series are affected by a denial of service vulnerability in the iptables implementation. This flaw is due to a failure of iptables to handle certain TCP packet header values. An attacker can exploit this flaw to cause the iptables implementation to consume all CPU resources due to an infinite loop, denying service to legitimate users.
* References:
http://www.securityfocus.com/archive/1/367615
http://www.securiteam.com/unixfocus/5FP0415DFW.html
* Platforms Affected:
Linux kernel prior to 2.6.7 |
| Recommendation |
Upgrade to the latest kernel version (2.6.7 or later), available at http://www.kernel.org/
For Red Hat Fedora Linux:
Upgrade to the latest kernel package, as listed in Fedora Update Notification FEDORA-2004-202:kernel at http://www.securityfocus.com/advisories/6909
For SuSE Linux:
Upgrade to the latest kernel RPM package, as listed in SuSE Security Announcement SUSE-SA:2004:020 at http://www.suse.de/de/security/2004_20_kernel.html
For other distributions:
Contact your vendor for upgrade or patch information.
-- OR --
As a workaround, apply the patch, available at http://www.securityfocus.com/archive/1/367615 |
| Related URL |
CVE-2004-0626 (CVE) |
| Related URL |
10634 (SecurityFocus) |
| Related URL |
16554 (ISS) |
|
