1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Linux kernel IPv6 UDP fragment offload bug (CVE-2013-4387)

Discussion in 'Tomato Firmware' started by koitsu, Dec 16, 2013.

  1. koitsu

    koitsu Network Guru Member

    Friend of mine pasted me this this morning:

    A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload (UFO) feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-4387, Important)

    Sites seem to indicate this is as old as September 2013.

    First two URLs indicates 2.6.x is impacted, though other CVE sites don't indicate that.

    https://security-tracker.debian.org/tracker/CVE-2013-4387
    http://www.redhat.com/archives/enterprise-watch-list/2013-November/msg00028.html
    http://www.cvedetails.com/cve/CVE-2013-4387/
    https://bugzilla.redhat.com/show_bug.cgi?id=1011927
    https://access.redhat.com/security/cve/CVE-2013-4387

    With all the recent focus here on IPv6, I thought I'd submit a forum RFC (request for comments).
     
  2. Victek

    Victek Network Guru Member

Share This Page