Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Linux kernel, denial of service via VLAN Priority

December 2011 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

A network attacker can send a VLAN packet with a priority, in
order to generate an error in netif_receive_skb(), which stops the
kernel.

 Severity: 2/4
 Creation date: 22/11/2011

IMPACTED PRODUCTS

 Red Hat Enterprise Linux

DESCRIPTION OF THE VULNERABILITY

The 802.1Q VLAN header contains 4 bytes:
 2 bytes : TPID (Tag Protocol Identifier) : EtherType 0x8100
 3 bits : PCP (Priority Code Point) : priority level
 1 bit : CFI (Canonical Format Indicator) : compatibility with
Token Ring
 12 bits : VID (VLAN Identifier)

When the kernel receives a packet with a non zero PCP, and a zero
VID, the netif_receive_skb() function uses an invalid SKB (Socket
Kernel Buffer).

A network attacker can therefore send a VLAN packet with a
priority, in order to generate an error in netif_receive_skb(),
which stops the kernel.

This vulnerability may only impact the RHEL 6 kernel, but this is
not confirmed.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-VLAN-Priority-11174


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts