Vigil@nce: Linux kernel, denial of service via br_multicast mr
February 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can send an IGMP Membership Report packet to a bridge,
in order to stop the system.
– Severity: 1/4
– Creation date: 17/02/2011
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
A Linux bridge is used to connect several real of virtual
interfaces.
A multicast IGMP packet is used to control a group of computers.
An IGMP Membership Report packet indicates that a group exists on
a local network.
When the Linux bridge receives an IGMP Membership Report packet
sent by the local computer, an uninitialized memory structure is
corrupted in the br_multicast_add_group() function of the
net/bridge/br_multicast.c file.
An attacker can therefore send an IGMP Membership Report packet to
a bridge, in order to stop the system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-br-multicast-mr-10377