Home page logo
/

bugtraq logo Bugtraq mailing list archives

Security Update: [CSSA-2001-38.0] Linux - syncookies firewall breaking problem
From: Support Info <supinfo () caldera com>
Date: Tue, 6 Nov 2001 09:18:50 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
                   Caldera International, Inc.  Security Advisory

Subject:                Linux - syncookies firewall breaking problem
Advisory number:        CSSA-2001-038.0
Issue date:             2001, November 05
Cross reference:
______________________________________________________________________________


1. Problem Description

   The Linux kernel implements a method called 'syn cookies' to avoid
   denial of service attacks by using a stateless connection setup.

   There is also a common form of firewalls, which are based on SYN
   filtering to block only incoming TCP connections, but let outgoing
   connections pass.

   Unfortunately the syncookies design allows a remote attacker to
   bypass SYN filtering firewalls in case there is one open port which
   the attacker can flood.

   The Linux 2.2 and 2.4 kernels had the syncookies state as a systemwide
   global, so it was enabled for all sockets at once in case of flood to
   an open port, allowing a remote attacker to gain access to firewalled
   ports, effectively bypassing the firewall.

   Even though the attack requires a very large number of IP packets,
   it is not unthinkable for a determined attacker to exploit this problem.


2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux 2.3                 All packages previous to      
                                 linux-2.2.10-14 
   
   OpenLinux eServer 2.3.1       All packages previous to      
   and OpenLinux eBuilder        linux-2.2.14-13S
   
   OpenLinux eDesktop 2.4        All packages previous to      
                                 linux-2.2.14-9            
   
   OpenLinux Server 3.1          All packages previous to      
                                 linux-2.4.2-14S 
   
   OpenLinux Workstation 3.1     All packages previous to      
                                 linux-2.4.2-14D 
   


3. Solution

   Workaround

     Disable syncookies by doing:

        echo -n 0 > /proc/sys/net/ipv4/tcp_syncookies

   The proper solution is to upgrade to the latest packages.

4. OpenLinux 2.3

    4.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/SRPMS

   4.2 Verification

       f112b7346070972c44770b562df912db  linux-kernel-binary-2.2.10-14.i386.rpm
       7a8d2803e68227576998b9c12fb90976  linux-kernel-doc-2.2.10-14.i386.rpm
       8c9a3a28c69d03efb6e325e1f83eca9a  linux-kernel-include-2.2.10-14.i386.rpm
       29020f946a358838cde15d54ee6a294c  linux-source-alpha-2.2.10-14.i386.rpm
       0a841ec165ee97425afb8d86f74a2eb4  linux-source-arm-2.2.10-14.i386.rpm
       dead286ad1491ceccabde12fd24eab88  linux-source-common-2.2.10-14.i386.rpm
       b8e37b6be024ceb02dbcff7e9191e067  linux-source-i386-2.2.10-14.i386.rpm
       9789e6ea513b88f8dbdf4fd58405c69f  linux-source-m68k-2.2.10-14.i386.rpm
       14ae8aa4e6e075b1ce891048b4eb25ed  linux-source-mips-2.2.10-14.i386.rpm
       d85b4cc17890c262a776bef9c100aa07  linux-source-ppc-2.2.10-14.i386.rpm
       9a4398514eea89a9cae7bd28038b7d6b  linux-source-sparc-2.2.10-14.i386.rpm
       5f0c0e296f83cc1a0ed8e8f2b03087ba  linux-source-sparc64-2.2.10-14.i386.rpm
       25901d75de5b22e8eda388895a261564  pcmcia-cs-3.0.14-5.i386.rpm
       dfe1a96017b6a43949d740a5a2f17369  linux-2.2.10-14.src.rpm
       f07c67c7eeb6778d2b7320591bbecd14  pcmcia-cs-3.0.14-5.src.rpm
       

   4.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:


         /sbin/modprobe loop
         rpm -Fvh --force linux-kernel-binary-2.2.10-14.i386.rpm \
              linux-kernel-doc-2.2.10-14.i386.rpm \
              linux-kernel-include-2.2.10-14.i386.rpm \
              linux-source-alpha-2.2.10-14.i386.rpm \
              linux-source-arm-2.2.10-14.i386.rpm \
              linux-source-common-2.2.10-14.i386.rpm \
              linux-source-i386-2.2.10-14.i386.rpm \
              linux-source-m68k-2.2.10-14.i386.rpm \
              linux-source-mips-2.2.10-14.i386.rpm \
              linux-source-ppc-2.2.10-14.i386.rpm \
              linux-source-sparc-2.2.10-14.i386.rpm \
              linux-source-sparc64-2.2.10-14.i386.rpm \
              pcmcia-cs-3.0.14-5.i386.rpm
         

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

    5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

       e2f0150caeb4d7318716d05d5d4cb32e  linux-kernel-binary-2.2.14-13S.i386.rpm
       9c0940b9a84ff72c8a40e8a10add3d4b  linux-kernel-doc-2.2.14-13S.i386.rpm
       8cdfa9651a5e75d04a095696d4681663  linux-kernel-include-2.2.14-13S.i386.rpm
       db564909d2065c238271ae63c9ffd49a  linux-source-alpha-2.2.14-13S.i386.rpm
       4f80288d523347ec39e9cc38e7230f50  linux-source-arm-2.2.14-13S.i386.rpm
       9c915c6026e86680299522da3e053e72  linux-source-common-2.2.14-13S.i386.rpm
       c7f9415335c293a9878b18abb5ed1864  linux-source-i386-2.2.14-13S.i386.rpm
       3218946ecbd2b98c6661770757fa4e8d  linux-source-m68k-2.2.14-13S.i386.rpm
       6ab8925bdf73efe2b014ebcd3c2188bc  linux-source-mips-2.2.14-13S.i386.rpm
       035a4e5970bf0dc709c301daf751bc67  linux-source-ppc-2.2.14-13S.i386.rpm
       d611132b945774cb4b3a0e57ef323f1b  linux-source-sparc-2.2.14-13S.i386.rpm
       3b4048225724cab325a247d66bac2afe  linux-source-sparc64-2.2.14-13S.i386.rpm
       d653ecbe3fa48e87f6c6ebbce81d8345  pcmcia-cs-3.1.4-5.i386.rpm
       222e40903ce9f4fa823485984764369e  linux-2.2.14-13S.src.rpm
       d78e703763fe9828627006706d65292e  pcmcia-cs-3.1.4-5.src.rpm
       

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         /sbin/modprobe loop
         rpm -Fvh linux-kernel-binary-2.2.14-13S.i386.rpm \
              linux-kernel-doc-2.2.14-13S.i386.rpm \
              linux-kernel-include-2.2.14-13S.i386.rpm \
              linux-source-alpha-2.2.14-13S.i386.rpm \
              linux-source-arm-2.2.14-13S.i386.rpm \
              linux-source-common-2.2.14-13S.i386.rpm \
              linux-source-i386-2.2.14-13S.i386.rpm \
              linux-source-m68k-2.2.14-13S.i386.rpm \
              linux-source-mips-2.2.14-13S.i386.rpm \
              linux-source-ppc-2.2.14-13S.i386.rpm \
              linux-source-sparc-2.2.14-13S.i386.rpm \
              linux-source-sparc64-2.2.14-13S.i386.rpm \
              pcmcia-cs-3.1.4-5.i386.rpm
         

6. OpenLinux eDesktop 2.4

    6.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/SRPMS

   6.2 Verification

       3274fe3fbb7b302d6d0bee7186820fef  hwprobe-20000214-6.i386.rpm
       064ebec44665beb14eaa85ad4ecfc838  iBCS-2.1-12.i386.rpm
       d87d3c6f0cb937a0e51e68c6984b2c62  iBCS-extras-2.1-12.i386.rpm
       7fd4443b17bc58f072572548b3c54886  iBCS-module-2.1_2.2.14-12.i386.rpm
       4366e46e2ff02f9dadde291a483f1cf2  linux-kernel-binary-2.2.14-9.i386.rpm
       d54b1d4e4ad58022d5298e8c5359dad9  linux-kernel-doc-2.2.14-9.i386.rpm
       320d182140b90c771993b031c66f2d4a  linux-kernel-include-2.2.14-9.i386.rpm
       ad69ebbc9d8ee30de552e81f5c3b3cdf  linux-source-alpha-2.2.14-9.i386.rpm
       3f5434fc2fe4486e258a5981cd65dc36  linux-source-arm-2.2.14-9.i386.rpm
       a8fc5f92bf99b27674772966f390ce1d  linux-source-common-2.2.14-9.i386.rpm
       6fd8bde1cd3caf58195f6be09983a9cf  linux-source-i386-2.2.14-9.i386.rpm
       997e6d546da8149c8a9b4e78932a3ab5  linux-source-m68k-2.2.14-9.i386.rpm
       27dcf591ef399c3b1a02011900cf92e3  linux-source-mips-2.2.14-9.i386.rpm
       ce4998917dcded5161b954672b9e7728  linux-source-ppc-2.2.14-9.i386.rpm
       7b258bc6c66ac6d9305bc71e41ecd24c  linux-source-sparc-2.2.14-9.i386.rpm
       fb5d48c243c3b10067f59f58f6f922f4  linux-source-sparc64-2.2.14-9.i386.rpm
       d4fbca082ccb49d9a9ed26b2e4868767  pcmcia-cs-3.1.8-5.i386.rpm
       b5465215f5dbe5c430e684a9899af9f7  hwprobe-20000214-6.src.rpm
       ccbfc2eab5d5111866abcba90e551116  iBCS-2.1-12.src.rpm
       ada8415ed350c5013bf29fc84931741b  linux-2.2.14-9.src.rpm
       14b4fb11304a0083ee44edd27dba4543  pcmcia-cs-3.1.8-5.src.rpm
       

   6.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         /sbin/modprobe loop
         rpm -Fvh hwprobe-20000214-6.i386.rpm iBCS-2.1-12.i386.rpm \
              iBCS-extras-2.1-12.i386.rpm \
              iBCS-module-2.1_2.2.14-12.i386.rpm \
              linux-kernel-binary-2.2.14-9.i386.rpm \
              linux-kernel-doc-2.2.14-9.i386.rpm \
              linux-kernel-include-2.2.14-9.i386.rpm \
              linux-source-alpha-2.2.14-9.i386.rpm \
              linux-source-arm-2.2.14-9.i386.rpm \
              linux-source-common-2.2.14-9.i386.rpm \
              linux-source-i386-2.2.14-9.i386.rpm \
              linux-source-m68k-2.2.14-9.i386.rpm \
              linux-source-mips-2.2.14-9.i386.rpm \
              linux-source-ppc-2.2.14-9.i386.rpm \
              linux-source-sparc-2.2.14-9.i386.rpm \
              linux-source-sparc64-2.2.14-9.i386.rpm \
              pcmcia-cs-3.1.8-5.i386.rpm
         

7. OpenLinux 3.1 Server

    7.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

   7.2 Verification

       87b5f36b72bb16e6e834c59233106b37  linux-kernel-binary-2.4.2-14S.i386.rpm
       5188757fbd1cbcc307d53c0bbbba6aed  linux-kernel-include-2.4.2-14S.i386.rpm
       4723ba116d77e1afaaab9108d4f67392  linux-source-alpha-2.4.2-14S.i386.rpm
       8d5b667a2238e549d01523a9028d0def  linux-source-arm-2.4.2-14S.i386.rpm
       7b1040fce5eb2c13069f12e0f98f459f  linux-source-common-2.4.2-14S.i386.rpm
       d4d72adbd977c3cd736d6d292fa96f66  linux-source-i386-2.4.2-14S.i386.rpm
       e13ee045818e08ea58ebac07e3a7683b  linux-source-ia64-2.4.2-14S.i386.rpm
       63f8af9364b41a5ed8529922b2b86085  linux-source-m68k-2.4.2-14S.i386.rpm
       1efcb66cef3cfb73267bc383192977e5  linux-source-mips-2.4.2-14S.i386.rpm
       eb531f7e844276dadcfb64a61e14d91b  linux-source-ppc-2.4.2-14S.i386.rpm
       bdbb2c789f16563881f1bb24384a1e13  linux-source-s390-2.4.2-14S.i386.rpm
       afab346de67d5298b680d9f3f585df85  linux-source-sparc-2.4.2-14S.i386.rpm
       4365699de967a365b09f92f683447b90  linux-source-superH-2.4.2-14S.i386.rpm
       38226719588775988ffdd5db0adacb10  linux-2.4.2-14S.src.rpm
       

   7.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         /sbin/modprobe loop
         rpm -Fvh linux-kernel-binary-2.4.2-14S.i386.rpm \
              linux-kernel-include-2.4.2-14S.i386.rpm \
              linux-source-alpha-2.4.2-14S.i386.rpm \
              linux-source-arm-2.4.2-14S.i386.rpm \
              linux-source-common-2.4.2-14S.i386.rpm \
              linux-source-i386-2.4.2-14S.i386.rpm \
              linux-source-ia64-2.4.2-14S.i386.rpm \
              linux-source-m68k-2.4.2-14S.i386.rpm \
              linux-source-mips-2.4.2-14S.i386.rpm \
              linux-source-ppc-2.4.2-14S.i386.rpm \
              linux-source-s390-2.4.2-14S.i386.rpm \
              linux-source-sparc-2.4.2-14S.i386.rpm \
              linux-source-superH-2.4.2-14S.i386.rpm
         
         /sbin/depmod -a

8. OpenLinux 3.1 Workstation

    8.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

   8.2 Verification

       b170636148d3d057237913b3870d916f  linux-kernel-binary-2.4.2-14D.i386.rpm
       a1f3dd1fe8ac717999a8fc963227c40e  linux-kernel-include-2.4.2-14D.i386.rpm
       b033e7f2b3bea97b65b636cc5ab67de9  linux-source-alpha-2.4.2-14D.i386.rpm
       c8fd9e36df0d6008fad4c3beb31e3bdb  linux-source-arm-2.4.2-14D.i386.rpm
       452b0df69c68d10f3bdac57c08e9cf17  linux-source-common-2.4.2-14D.i386.rpm
       d7e8c4157df7a7b9bb0116f673c67b1d  linux-source-i386-2.4.2-14D.i386.rpm
       25911c50aa631b48712da3b877eb4c72  linux-source-ia64-2.4.2-14D.i386.rpm
       3ea9d607e08b15ff646d45100754c05f  linux-source-m68k-2.4.2-14D.i386.rpm
       339be8f2e0fd2eafefb41c256acf0412  linux-source-mips-2.4.2-14D.i386.rpm
       47ce33f13fde399aa62b0d20b677150b  linux-source-ppc-2.4.2-14D.i386.rpm
       9a3f948f6e104bb7bbc8c2105b218bcf  linux-source-s390-2.4.2-14D.i386.rpm
       fa3416e60a2af27c529a72cf446885ed  linux-source-sparc-2.4.2-14D.i386.rpm
       07f6fc32a1002845413fc77bdd7c61f0  linux-source-superH-2.4.2-14D.i386.rpm
       1d13bd90b32d5fa065b0afa2484df0f2  linux-2.4.2-14D.src.rpm
       

   8.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         /sbin/modprobe loop
         rpm -Fvh linux-kernel-binary-2.4.2-14D.i386.rpm \
              linux-kernel-include-2.4.2-14D.i386.rpm \
              linux-source-alpha-2.4.2-14D.i386.rpm \
              linux-source-arm-2.4.2-14D.i386.rpm \
              linux-source-common-2.4.2-14D.i386.rpm \
              linux-source-i386-2.4.2-14D.i386.rpm \
              linux-source-ia64-2.4.2-14D.i386.rpm \
              linux-source-m68k-2.4.2-14D.i386.rpm \
              linux-source-mips-2.4.2-14D.i386.rpm \
              linux-source-ppc-2.4.2-14D.i386.rpm \
              linux-source-s390-2.4.2-14D.i386.rpm \
              linux-source-sparc-2.4.2-14D.i386.rpm \
              linux-source-superH-2.4.2-14D.i386.rpm
         
         /sbin/depmod -a


9. References

   This and other Caldera security resources are located at:

   http://www.caldera.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 10835.


10. Disclaimer

   Caldera International, Inc. is not responsible for the misuse of
   any of the information we provide on this website and/or through our
   security advisories. Our advisories are a service to our customers
   intended to promote secure installation and use of Caldera OpenLinux.

11. Acknowledgements

   Caldera International Inc. wants to thank Andi Kleen of SuSE for
   spotting and sending a patch and David Miller for refining it.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE75qM/18sy83A/qfwRAmQWAJ9+1yMqGz7TmiV5qO1bvgYpQjASuQCgtP6q
+bK2B7diVD8AM78+qv5yYkI=
=8D+y
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • Security Update: [CSSA-2001-38.0] Linux - syncookies firewall breaking problem Support Info (Nov 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]