Linux kernel using syn cookies could allow an attacker to bypass filtering (LinuxSyncookieBypassFilter)

Vuln ID: 7461
Risk Level: Medium risk vulnerability  Medium LinuxSyncookieBypassFilter
Platforms: Linux Kernel: 2.2.0, SCO Caldera OpenLinux: 2.3, RedHat Linux: 6.2, SUSE SuSE Linux: 6.3, SUSE SuSE Linux: 6.4, MandrakeSoft Mandrake Linux: 7.1, SCO Caldera OpenLinux eDesktop: 2.4, RedHat Linux: 7, MandrakeSoft Mandrake Linux: 7.2, SUSE SuSE Linux: 7.0, SCO Caldera OpenLinux eServer: 2.3.1, Conectiva Linux: 6.0, MandrakeSoft Mandrake Linux Corporate Server: 1.0.1, SUSE SuSE Linux: 7.1, SCO Caldera OpenLinux eBuilder for Ecential: 3.0, EngardeLinux Secure Community: 1.0.1, RedHat Linux: 7.1, MandrakeSoft Mandrake Linux: 8.0, Conectiva Linux: 5.0, Conectiva Linux: prg_graficos, Conectiva Linux: ecommerce, Conectiva Linux: 5.1, MandrakeSoft Mandrake Single Network Firewall: 7.2, SUSE SuSE Linux: 7.2, SCO Caldera OpenLinux Server: 3.1, SCO Caldera OpenLinux Workstation: 3.1, Conectiva Linux: 7.0, MandrakeSoft Mandrake Linux: 8.1, RedHat Linux: 7.2, HP Secure OS: 1.0, SUSE SuSE Linux: 7.3, Linux Kernel: 2.0, Linux Kernel: 2.4.0
Description:

A vulnerability in the Linux kernel filtering mechanism could allow a remote attacker to bypass firewall rules and access protected ports when syn cookie support is enabled. Syn cookies are used to protect a system against a syn flood denial of service attack. If syn cookies are enabled and being sent, an attacker does not have to send a SYN packet to initiate a connection, only an ACK packet that contains a valid response cookie is required. This allows an attacker to use brute force techniques to determine a valid cookie and gain access to protected ports on the system.

Remedy:

For SuSE Linux 6.3, 6.4, 7.0, 7.1, 7.2, and 7.3:
Upgrade to the appropriate Linux kernel package, by following the instructions listed in SuSE Security Announcement SuSE-SA:2001:039. See References.

For Conectiva Linux 5.0:
Upgrade to the latest Linux kernel package (2.2.19-25U50 or later), as listed in Conectiva Linux Security Announcement CLA-2001:432. See References.

For Conectiva Linux 5.1:
Upgrade to the latest Linux kernel package (2.2.19-25U51or later), as listed in Conectiva Linux Security Announcement CLA-2001:432. See References.

For Conectiva Linux 6.0:
Upgrade to the latest Linux kernel package (2.2.19-25U60 or later), as listed in Conectiva Linux Security Announcement CLA-2001:432. See References.

For Conectiva Linux 7.0:
Upgrade to the latest Linux kernel package (2.2.19-25U70 or later), as listed in Conectiva Linux Security Announcement CLA-2001:432. See References.

For Red Hat Linux 6.2:
Upgrade to the latest Linux kernel package (2.2.19-6.2.12 or later), as listed in Red Hat Linux Errata Advisory RHSA-2001:142-15. See References.

For Red Hat Linux 7.0:
Upgrade to the latest Linux kernel package (2.2.19-7.0.12 or later), as listed in Red Hat Linux Errata Advisory RHSA-2001:142-15. See References.

For Red Hat Linux 7.1:
Upgrade to the latest Linux kernel package (2.4.9-12 or later), as listed in Red Hat Linux Errata Advisory RHSA-2001:142-15. See References.

For Red Hat Linux 7.2:
Upgrade to the latest Linux kernel package (2.4.9-13 or later), as listed in Red Hat Linux Errata Advisory RHSA-2001:142-15. See References.

For EnGarde Secure Linux 1.0.1 (finestra):
Upgrade to the latest Linux kernel package (2.2.19-1.0.21 or later), as listed in EnGarde Secure Linux Security Advisory ESA-20011106-01. See References.

For Caldera OpenLinux 2.3:
Upgrade to the latest Linux kernel package (2.2.10-14 or later), as listed in Caldera International, Inc. Security Advisory CSSA-2001-038.0. See References.

For Caldera OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0:
Upgrade to the latest Linux kernel package (2.2.14-13S or later), as listed in Caldera International, Inc. Security Advisory CSSA-2001-038.0. See References.

For Caldera OpenLinux eDesktop 2.4:
Upgrade to the latest Linux kernel package (2.2.14-9 or later), as listed in Caldera International, Inc. Security Advisory CSSA-2001-038.0. See References.

For Caldera OpenLinux 3.1 Server:
Upgrade to the latest Linux kernel package (2.4.2-14S or later), as listed in Caldera International, Inc. Security Advisory CSSA-2001-038.0. See References.

For Caldera OpenLinux 3.1 Workstation:
Upgrade to the latest Linux kernel package (2.4.2-14D or later), as listed in Caldera International, Inc. Security Advisory CSSA-2001-038.0. See References.

For systems running HP Secure OS software for Linux Release 1.0:
Apply the appropriate patch for your system, as listed in Hewlett-Packard Company Security Bulletin HPSBTL0112-003. See References.

For Mandrake Linux 7.1, 7.2, Corporate Server 1.0.1, and Single Network Firewall 7.2:
Upgrade to the latest Linux kernel package (2.2.19-6.3mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2001:082-1 : kernel. See References.

For Mandrake Linux 8.0 and 8.1:
Upgrade to the latest Linux kernel22 package (2.2.19-20.1mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2001:082-1 : kernel. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Additional Information: Service Release 3.09
References:

Conectiva Linux Announcement CLSA-2001:432
kernel
http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000432

RHSA-2001:142-15
kernel 2.2 and 2.4: syncookie vulnerability
http://rhn.redhat.com/errata/RHSA-2001-142.html

SuSE Security Announcement SuSE-SA:2001:039
kernel (update)
http://www.suse.com/de/security/2001_039_kernel2_txt.html

EnGarde Secure Linux Security Advisory ESA-20011106-01
Syncookie vulnerability
http://archives.neohapsis.com/archives/bugtraq/2001-11/0032.html

Caldera International, Inc. Security Advisory CSSA-2001-038.0
Linux - syncookies firewall breaking problem
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2001-038.0.txt

Hewlett-Packard Company Security Bulletin HPSBTL0112-003
Security vulnerabilities in the kernel
http://online.securityfocus.com/advisories/3713

MandrakeSoft Security Advisory MDKSA-2001:079-2
kernel
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2001:079-2

MandrakeSoft Security Advisory MDKSA-2001:082-1
kernel22
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2001:082-1

ISS X-Force
Linux kernel using syn cookies could allow an attacker to bypass filtering
http://www.iss.net/security_center/static/7461.php

CVE CVE-2001-0851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0851


X-Force Logo
Know Your Risks
Mitre.org CVE Logo
Common Vulnerabilties & Exposures