Vigil@nce - Linux kernel: bypassing of the kernel firewall
March 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can trigger an error in a packet filter translation in
the Linux kernel, in order to change some packet filtering rules.
– Impacted products: Fedora, Linux.
– Severity: 1/4.
– Creation date: 15/02/2016.
DESCRIPTION OF THE VULNERABILITY
The Linux kernel includes a packet filter with the BPF syntax
borrowed from BSD.
According to which filtering criteria are used, the filter
translation may require more than one pass. However, when the
second pass must modify a backward jump, the patch condition is
wrong, which creates a possibility to change the rule target
(accept or drop the packet).
An attacker can therefore trigger an error in a packet filter
translation in the Linux kernel, in order to change some packet
filtering rules.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Linux-kernel-bypassing-of-the-kernel-firewall-18942