Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux 2.2 DoS Attack

Posted by justin++ on from the ooh-dats-bad dept.

A small bug in the Linux networking code has been found, and just as quickly patched. The bug affects all Linux 2.2 kernels, and can be fixed by removing "kfree_skb(skb);" from around line 455 of linux/net/ipv4/ip_options.c. Big thanks to Alan Cox on this one.

4 of 270 comments (clear)

  1. It's not a remote exploit! by Anonymous Coward · · Score: 5

    ARGH! It's a remote crash.. Most people would rather there be a remote crash then a remote exploit.. (RE in most people's minds means the attacker gets root)

    PLEASE update the post to indicate that this is a crash and not a root explot.. PLEASE!

  2. There's a little more info in the Bugtraq post. by roystgnr · · Score: 5

    From the archives at www.geek-girl.com


    Linux kernel 2.2.x vulnerability/exploit

    Piotr Wilkin (pwl@WOTAN.2SLO.WAW.PL)
    Tue, 1 Jun 1999 17:43:17 +0200

    Messages sorted by: [ date ][ thread ][ subject ][ author ]
    Next message: Salvatore Sanfilippo -antirez-: "whois_raw.cgi problem"
    Previous message: aleph1@UNDERGROUND.ORG: "New Allaire Security Bulletin (ASB99-09)"

    I'm sorry if this has been noticed before, but since I did't find anything
    in the archives, I post it here.
    There seems to be a bug in kernels 2.2.x (tested on 2.2.7 and 2.2.9), that
    causes them to panic when they are sent a large number of specific ICMP
    packages. I think the problem comes from the combination of the mangled
    header length (shorter or longer ihl's don't cause hangup) and the random
    ICMP packets (random type/subtype and source address) this program sends.
    Windows 9x and FreeBSD 3.0 seem to be unaffected.


    I think the most interesting thing is the date, though... I'm sure I'm making a timezone mistake here, but isn't that 8 hours ago? Is that faster or slower than the Linux teardrop fix?

    It's annoying to find out about a new DOS attack, but the resolution is all that you could hope for.

    It's a little less annoying that there don't seem to be any outstanding instant-crash attacks against Win98 to laugh about - they finally fixed the series of attacks that crashed 95 for 8 months straight, and I haven't seen anything since. Did Microsoft finally get their IP stack right?

  3. TOASTED PATCH! by Bilbo · · Score: 5

    Uh... before you apply this patch, notice that the "less-than" in the icmp line should actually be doubled (i.e., a left shift opperation)! The second less-than symbol got swallowed somewhere in the HTML conversion.

    --
    Your Servant, B. Baggins
  4. Re:Da patch... by maw · · Score: 5
    Justin said linux/net/ipv4/ip_options.c . This seems obvious to people who've been using Unix for years, but to newbies it apparently doesn't; I'll explain.

    linux/ means the directory where the Linux kernel sources live. Typically, when one refers to linux/ one means /usr/src/linux/ although this isn't a given. net/ means the dibdirectory called net/ ; ipv4/ means the subdirectory of net/ called ipv4/ ; ip_options.c is the file you want to edit. You want to open this file with your favorite text editor, preferably one that displays line numbers somewhere. (You can toggle whether emacs displays your current line number with M-x line-number-mode.) To comment out C code, you can use /* ... */ . Comments like these can't be nested. It's pretty easy to comment out large sections of code like this. (You'll fairly often see people using // for comments in C code, but it's a bad idea, and you shouldn't do it. Don't Be That Guy (tm)!)

    HTH

    --
    You're a suburbanite.