Vigil@nce: Linux kernel, denial of service via bonding
April 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can send network packets to an interface using a
"bonding", in order to stop the system.
– Severity: 1/4
– Creation date: 13/04/2011
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The "bonding" feature is used to group several network devices
(such as eth1 and eth2) in a same interface (bond0).
By default, the bonded interface has 16 queues. However, if a
network device has more than 16 queues, an attacker can send
several packets, in order to force the usage of more than 16
queues, which creates an integer overflow in the
bond_select_queue() function of the drivers/net/bonding/bond_main.c
file.
An attacker can therefore send network packets to an interface
using a "bonding", in order to stop the system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-bonding-10564