ipchains Ping -r DoS

1999-07-11T00:00:00
ID OSVDB:6105
Type osvdb
Reporter Andrej Todosic(atodosic@ubisoft.qc.ca)
Modified 1999-07-11T00:00:00

Description

Vulnerability Description

Ipchain in linux kernel 2.2.10 contains a flaw that may allow a remote denial of service. By sending a ping -r command to ipchain firewall, a remote attacker less than nine hops away from the host can cause a kernel panic if Network Address Translation (NAT) is enabled on the ipchains firewall, and will result in loss of availability.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Richard Bouska has released a patch to address this vulnerability.

Short Description

Ipchain in linux kernel 2.2.10 contains a flaw that may allow a remote denial of service. By sending a ping -r command to ipchain firewall, a remote attacker less than nine hops away from the host can cause a kernel panic if Network Address Translation (NAT) is enabled on the ipchains firewall, and will result in loss of availability.

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999-q3/0184.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999-q3/0187.html ISS X-Force ID: 7257 CVE-1999-1339