Vigil@nce: Linux kernel, denial of service via GRE/Tunnel
February 2010 by Vigil@nce
When the system starts, an attacker can send a tunneled packet, in
order to stop the system.
– Severity: 2/4
– Consequences: denial of service of computer
– Provenance: intranet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 18/02/2010
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The Linux kernel implements several tunnel types :
– GRE (Generic Routing Encapsulation) : net/ipv4/ip_gre.c
– IP in IP : net/ipv4/ipip.c
– IPv6 : net/ipv6/ip6_tunnel.c
– IPv6 : net/ipv6/sit.c
– IPv6 : net/ipv6/xfrm6_tunnel.c
When these protocols are compiled as kernel modules, and when a
packet is received before the module loading, an error occurs in
net_generic(), and stops the kernel.
When the system starts, an attacker can therefore send a tunneled
packet, in order to stop the system.
CHARACTERISTICS
– Identifiers: BID-38301, BID-38303, VIGILANCE-VUL-9461
– Url: http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-GRE-Tunnel-9461