MediumThe Linux Kernel is vulnerable to a denial of service, caused by improper handling of TCP/IP fragment reassembly. A remote attacker could send specially-crafted packets that would cause a large number of hash table collisions, which would consume all available CPU resources.
For Red Hat Linux: Upgrade to the latest kernel packages, as listed below. Refer to RHSA-2003:187-25, RHSA-2003:190-25, RHSA-2003:195-06, and RHSA-2003:198-16 for more information. See References.
Red Hat 7.1, 7.2 and 7.3: 2.4.20-18.7 or later
Red Hat 8.0: 2.4.20-18.8 or later
Red Hat 9.0: 2.4.20-18.9 or later
Red Hat Enterprise Linux AS (v. 2.1) and Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor: 2.4.18-e37 or later
For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest kernel package (2.2.20-5woody2 or 2.2.20-5woody3 or later), as listed in DSA-336-1. See References.
For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest kernel powerpc package (2.4.18-1woody1 or later), as listed in DSA-312-1. See References.
For Debian GNU/Linux 3.0 (woody) containing the linux-kernel-2.4.17-s390 package:
Upgrade to the latest kernel package (0.0.20020816-0.woody.2 or later), as listed in DSA-442-1. See References.
For Turbolinux:
Upgrade to the latest kernel package, as listed below. Refer to Turbolinux Security Advisory TLSA-2003-41 for more information. See References.
Turbolinux: 2.4.18-13 or later
For Conectiva Linux 8:
Upgrade to the latest version of kernel (2.4.19-1U80_18cl or later), as listed in Conectiva Linux Security Announcement CLSA-2003:796. See References.
For Conectiva Linux 9:
Upgrade to the latest version of kernel (2.4.21-31301U90_4cl or later), as listed in Conectiva Linux Security Announcement CLSA-2003:702. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
RHSA-2003:187-25
Updated 2.4 kernel fixes vulnerabilities and driver bugs
https://rhn.redhat.com/errata/RHSA-2003-187.html
DSA-311-1
linux-kernel-2.4.18 -- several
http://www.debian.org/security/2003/dsa-311
DSA-312-1
kernel-patch-2.4.18-powerpc -- several
http://www.debian.org/security/2003/dsa-312
DSA-336-1
linux-kernel-2.2.20 -- several
http://www.debian.org/security/2003/dsa-336
DSA-332-1
linux-kernel-2.4.17 -- several
http://www.debian.org/security/2003/dsa-332
Turbolinux Security Advisory TLSA-2003-41
Multiple vulnerabilities in kernel
http://cc.turbolinux.com/security/TLSA-2003-41.txt
Conectiva Linux Security Announcement CLSA-2003:702
kernel
http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000701
RHSA-2003:190-25
Updated 2.4 kernel for pSeries and iSeries fixes vulnerabilities
https://rhn.redhat.com/errata/RHSA-2003-190.html
RHSA-2003:195-06
Updated kernel addresses security vulnerabilities
https://rhn.redhat.com/errata/RHSA-2003-195.html
RHSA-2003:198-16
Updated IA64 kernel packages fix security vulnerabilities
https://rhn.redhat.com/errata/RHSA-2003-198.html
Conectiva Linux Security Announcement CLSA-2003:796
kernel
http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000796
DSA-442-1
linux-kernel-2.4.17-s390 -- several vulnerabilities
http://www.debian.org/security/2004/dsa-442
ISS X-Force
Linux kernel hash table collision packets denial of service
http://www.iss.net/security_center/static/12160.php
CVE CVE-2003-0364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0364
