Linux kernel IPv6 UDP fragment offload bug (CVE-2013-4387)

Discussion in 'Tomato Firmware' started by koitsu, Dec 16, 2013.

  1. koitsu

    koitsu Network Guru Member

    Friend of mine pasted me this this morning:

    A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload (UFO) feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-4387, Important)

    Sites seem to indicate this is as old as September 2013.

    First two URLs indicates 2.6.x is impacted, though other CVE sites don't indicate that.

    https://security-tracker.debian.org/tracker/CVE-2013-4387
    http://www.redhat.com/archives/enterprise-watch-list/2013-November/msg00028.html
    http://www.cvedetails.com/cve/CVE-2013-4387/
    https://bugzilla.redhat.com/show_bug.cgi?id=1011927
    https://access.redhat.com/security/cve/CVE-2013-4387

    With all the recent focus here on IPv6, I thought I'd submit a forum RFC (request for comments).
     
  2. Victek

    Victek Network Guru Member

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice