HomeDeveloper

DoS Hole Found in Linux Kernel

Ryan Naraine
By Ryan Naraine

Security experts Thursday warned of a vulnerability in the Linux Kernel 2.4 branch, which can be exploited to cause denial-of-service
attacks.

The hole in the popular open-source operating system was detected in the way
the Linux Kernel handles caching of routing information.

“By flooding a Linux system with packets with spoofed source addresses,
the handling of the cache will consume large amounts of CPU power. This
could potentially bring a Linux system offline with a rate of only 400
packets per second by using carefully chosen source addresses that causes
hash collisions in the table,” according to an security advisory from
U.K.-based Secunia.

Secunia rated the flaw as “moderately critical” and cautioned that it
could be exploited to bring a Linux system offline with a rate of only 400
packets per second by using carefully chosen source addresses that causes
hash collisions in the table.

Red Hat , the Raleigh, NC, firm that dominates the
market for Linux, has issued updated kernel
packages to patch Red Hat Linux versions 7.1 through 9. Red Hat said
the security hole caused the kernel to use a disproportionate amount of
processor time to deal with new packets, resulting in a remote DoS
attack.

The Red Hat update also fixes certain non-security related issues.

A temporary workaround could be used to filter traffic using the
PREROUTING chain instead of the INPUT chain in iptables, as PREROUTING is
performed before the route cache. This would only require minor changes to
the filter rules. However, Secunia cautioned that a DoS could still succeed
if the system uses iptables (netfilter) to filter traffic. “This is even
possible with randomly chosen IP addresses that doesn’t cause a hash
collision, since it just requires a higher rate of packets,” the company
said.

In addition to Red Hat, vulnerable implementations of the Linux OS
include various products from SuSE, Mandrake, Slackware, Gentoo, Debian and
Conectiva.

The vulnerability comes in the midst of moves by three tech heavyweights
to put Linux under the
security microscope. The three firms — IBM Corp. ,
Oracle and Red Hat plan to work with the open-source
community to put Linux up for the Common Criteria certification process.

Common Criteria certification for Linux is seen as a crucial first step to win commercial approval for Linux among government clients. The U.S.
federal government CC approval for any IT product used in national security
systems.

Ryan Naraine
Ryan Naraine
Previous article
NetLedger Goes Online Down Under
Next article
Internet Anti-Gambling Bill Suffers Setback

Similar Posts

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

Advertisers

Advertise with TechnologyAdvice on InternetNews and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2021 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.