Linux kernel using syn cookies could allow an attacker to bypass filtering

linux-syncookie-bypass-filter (7461) The risk level is classified as MediumMedium Risk

Description:

A vulnerability in the Linux kernel filtering mechanism could allow a remote attacker to bypass firewall rules and access protected ports when syn cookie support is enabled. Syn cookies are used to protect a system against a syn flood denial of service attack. If syn cookies are enabled and being sent, an attacker does not have to send a SYN packet to initiate a connection, only an ACK packet that contains a valid response cookie is required. This allows an attacker to use brute force techniques to determine a valid cookie and gain access to protected ports on the system.


Consequences:

Bypass Security

Remedy:

For SuSE Linux 6.3, 6.4, 7.0, 7.1, 7.2, and 7.3:
Upgrade to the appropriate Linux kernel package, by following the instructions listed in SuSE Security Announcement SuSE-SA:2001:039. See References.

For Conectiva Linux 5.0:
Upgrade to the latest Linux kernel package (2.2.19-25U50 or later), as listed in Conectiva Linux Security Announcement CLA-2001:432. See References.

For Conectiva Linux 5.1:
Upgrade to the latest Linux kernel package (2.2.19-25U51or later), as listed in Conectiva Linux Security Announcement CLA-2001:432. See References.

For Conectiva Linux 6.0:
Upgrade to the latest Linux kernel package (2.2.19-25U60 or later), as listed in Conectiva Linux Security Announcement CLA-2001:432. See References.

For Conectiva Linux 7.0:
Upgrade to the latest Linux kernel package (2.2.19-25U70 or later), as listed in Conectiva Linux Security Announcement CLA-2001:432. See References.

For Red Hat Linux 6.2:
Upgrade to the latest Linux kernel package (2.2.19-6.2.12 or later), as listed in Red Hat Linux Errata Advisory RHSA-2001:142-15. See References.

For Red Hat Linux 7.0:
Upgrade to the latest Linux kernel package (2.2.19-7.0.12 or later), as listed in Red Hat Linux Errata Advisory RHSA-2001:142-15. See References.

For Red Hat Linux 7.1:
Upgrade to the latest Linux kernel package (2.4.9-12 or later), as listed in Red Hat Linux Errata Advisory RHSA-2001:142-15. See References.

For Red Hat Linux 7.2:
Upgrade to the latest Linux kernel package (2.4.9-13 or later), as listed in Red Hat Linux Errata Advisory RHSA-2001:142-15. See References.

For EnGarde Secure Linux 1.0.1 (finestra):
Upgrade to the latest Linux kernel package (2.2.19-1.0.21 or later), as listed in EnGarde Secure Linux Security Advisory ESA-20011106-01. See References.

For Caldera OpenLinux 2.3:
Upgrade to the latest Linux kernel package (2.2.10-14 or later), as listed in Caldera International, Inc. Security Advisory CSSA-2001-038.0. See References.

For Caldera OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0:
Upgrade to the latest Linux kernel package (2.2.14-13S or later), as listed in Caldera International, Inc. Security Advisory CSSA-2001-038.0. See References.

For Caldera OpenLinux eDesktop 2.4:
Upgrade to the latest Linux kernel package (2.2.14-9 or later), as listed in Caldera International, Inc. Security Advisory CSSA-2001-038.0. See References.

For Caldera OpenLinux 3.1 Server:
Upgrade to the latest Linux kernel package (2.4.2-14S or later), as listed in Caldera International, Inc. Security Advisory CSSA-2001-038.0. See References.

For Caldera OpenLinux 3.1 Workstation:
Upgrade to the latest Linux kernel package (2.4.2-14D or later), as listed in Caldera International, Inc. Security Advisory CSSA-2001-038.0. See References.

For systems running HP Secure OS software for Linux Release 1.0:
Apply the appropriate patch for your system, as listed in Hewlett-Packard Company Security Bulletin HPSBTL0112-003. See References.

For Mandrake Linux 7.1, 7.2, Corporate Server 1.0.1, and Single Network Firewall 7.2:
Upgrade to the latest Linux kernel package (2.2.19-6.3mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2001:082-1 : kernel. See References.

For Mandrake Linux 8.0 and 8.1:
Upgrade to the latest Linux kernel22 package (2.2.19-20.1mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2001:082-1 : kernel. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

Platforms Affected:

  • Conectiva Linux 5.0
  • Conectiva Linux 5.1
  • Conectiva Linux 6.0
  • Conectiva Linux 7.0
  • Conectiva Linux ecommerce
  • Conectiva Linux prg_graficos
  • EngardeLinux Secure Community 1.0.1
  • HP Secure OS 1.0
  • Linux Kernel 2.0
  • Linux Kernel 2.2.0
  • Linux Kernel 2.4.0
  • MandrakeSoft Mandrake Linux 7.1
  • MandrakeSoft Mandrake Linux 7.2
  • MandrakeSoft Mandrake Linux 8.0
  • MandrakeSoft Mandrake Linux 8.1
  • MandrakeSoft Mandrake Linux Corporate Server 1.0.1
  • MandrakeSoft Mandrake Single Network Firewall 7.2
  • RedHat Linux 6.2
  • RedHat Linux 7
  • RedHat Linux 7.1
  • RedHat Linux 7.2
  • SCO Caldera OpenLinux 2.3
  • SCO Caldera OpenLinux eBuilder for Ecential 3.0
  • SCO Caldera OpenLinux eDesktop 2.4
  • SCO Caldera OpenLinux eServer 2.3.1
  • SCO Caldera OpenLinux Server 3.1
  • SCO Caldera OpenLinux Workstation 3.1
  • SUSE SuSE Linux 6.3
  • SUSE SuSE Linux 6.4
  • SUSE SuSE Linux 7.0
  • SUSE SuSE Linux 7.1
  • SUSE SuSE Linux 7.2
  • SUSE SuSE Linux 7.3

Reported:

Nov 02, 2001

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page