Vulnerability Bulletins |
Denegación de servicio en la pila TCP/IP de Linux |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Denegación de Servicio |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software | Linux kernel 2.4.x |
Description |
|
Se ha descubierto una vulnerabilidad en la implementación route cache en Linux 2.4, y el módulo Netfilter IP conntrack, que permiten a atacantes remotos causar una denegación de servicio (consumo de CPU). Mediante paquetes con las direcciones de origen falsificadas, que causan un gran número de colisiones de tablas hash, un atacante remoto puede causar una denegación de servicio en el sistema. Aunque sólo Red Hat ha reconocido la vulnerabilidad hasta el momento, todas las distribuciones Linux están potencialmente afectadas por este fallo. Este aviso será actualizado consecuentemente. |
|
Solution |
|
Actualización de software: Red Hat: Aplique el parche concerniente a esta vulnerabilidad: http://updates.redhat.com Red Hat Linux 7.1 SRPMS: kernel-2.4.20-13.7.src.rpm athlon: kernel-2.4.20-13.7.athlon.rpm kernel-smp-2.4.20-13.7.athlon.rpm i386: kernel-2.4.20-13.7.i386.rpm kernel-BOOT-2.4.20-13.7.i386.rpm kernel-doc-2.4.20-13.7.i386.rpm kernel-source-2.4.20-13.7.i386.rpm i586: kernel-2.4.20-13.7.i586.rpm kernel-smp-2.4.20-13.7.i586.rpm i686: kernel-2.4.20-13.7.i686.rpm kernel-bigmem-2.4.20-13.7.i686.rpm kernel-smp-2.4.20-13.7.i686.rpm Red Hat Linux 7.2 SRPMS: kernel-2.4.20-13.7.src.rpm athlon: kernel-2.4.20-13.7.athlon.rpm kernel-smp-2.4.20-13.7.athlon.rpm i386: kernel-2.4.20-13.7.i386.rpm kernel-BOOT-2.4.20-13.7.i386.rpm kernel-doc-2.4.20-13.7.i386.rpm kernel-source-2.4.20-13.7.i386.rpm i586: kernel-2.4.20-13.7.i586.rpm kernel-smp-2.4.20-13.7.i586.rpm i686: kernel-2.4.20-13.7.i686.rpm kernel-bigmem-2.4.20-13.7.i686.rpm kernel-smp-2.4.20-13.7.i686.rpm Red Hat Linux 7.3 SRPMS: kernel-2.4.20-13.7.src.rpm athlon: kernel-2.4.20-13.7.athlon.rpm kernel-smp-2.4.20-13.7.athlon.rpm i386: kernel-2.4.20-13.7.i386.rpm kernel-BOOT-2.4.20-13.7.i386.rpm kernel-doc-2.4.20-13.7.i386.rpm kernel-source-2.4.20-13.7.i386.rpm i586: kernel-2.4.20-13.7.i586.rpm kernel-smp-2.4.20-13.7.i586.rpm i686: kernel-2.4.20-13.7.i686.rpm kernel-bigmem-2.4.20-13.7.i686.rpm kernel-smp-2.4.20-13.7.i686.rpm Red Hat Linux 8.0 SRPMS: kernel-2.4.20-13.8.src.rpm oprofile-0.4-44.8.1.src.rpm athlon: kernel-2.4.20-13.8.athlon.rpm kernel-smp-2.4.20-13.8.athlon.rpm i386: kernel-2.4.20-13.8.i386.rpm kernel-BOOT-2.4.20-13.8.i386.rpm kernel-doc-2.4.20-13.8.i386.rpm kernel-source-2.4.20-13.8.i386.rpm oprofile-0.4-44.8.1.i386.rpm i586: kernel-2.4.20-13.8.i586.rpm kernel-smp-2.4.20-13.8.i586.rpm i686: kernel-2.4.20-13.8.i686.rpm kernel-bigmem-2.4.20-13.8.i686.rpm kernel-smp-2.4.20-13.8.i686.rpm Red Hat Linux 9 SRPMS: kernel-2.4.20-13.9.src.rpm athlon: kernel-2.4.20-13.9.athlon.rpm kernel-smp-2.4.20-13.9.athlon.rpm i386: kernel-2.4.20-13.9.i386.rpm kernel-BOOT-2.4.20-13.9.i386.rpm kernel-doc-2.4.20-13.9.i386.rpm kernel-source-2.4.20-13.9.i386.rpm i586: kernel-2.4.20-13.9.i586.rpm kernel-smp-2.4.20-13.9.i586.rpm i686: kernel-2.4.20-13.9.i686.rpm kernel-bigmem-2.4.20-13.9.i686.rpm kernel-smp-2.4.20-13.9.i686.rpm |
|
Standar resources |
|
Property | Value |
CVE |
2003-0244 2003-0246 |
BID | |
Other resources |
|
Red Hat Security Advisory RHSA-2003:172-23 14/5/2003: https://rhn.redhat.com/errata/RHSA-2003-172.html |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2003-05-30 |