The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Linux kernel: denial of service via ip_options

Synthesis of the vulnerability 

A local attacker can create a multi-threaded program to manage IP options on a socket, in order to stop the system.
Impacted software: Debian, Linux, RHEL, ESX.
Severity of this computer vulnerability: 1/4.
Creation date: 03/09/2012.
Références of this announce: BID-55359, CERTA-2013-AVI-657, CVE-2012-3552, DSA-2668-1, ESX410-201312001, ESX410-201312401-SG, ESX410-201312403-SG, RHSA-2012:1304-01, RHSA-2012:1540-01, VIGILANCE-VUL-11914, VMSA-2013-0007.1, VMSA-2013-0015.

Description of the vulnerability 

An IPv4 packet can contain options.

The kernel stores these IP options in the structure ip_options (inet->opt).

The ip_make_skb() function calls ip_setup_cork(), which copies inet->opt. However, if another thread changed IP options associated to the socket, the first thread can dereference a freed pointer.

A local attacker can therefore create a multi-threaded program to manage IP options on a socket, in order to stop the system.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability announce impacts software or systems such as Debian, Linux, RHEL, ESX.

Our Vigil@nce team determined that the severity of this cybersecurity bulletin is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this threat alert.

Solutions for this threat 

Linux kernel: patch for ip_options.
A patch is available in information sources.

Debian: new linux-2.6 packages.
New packages are available:
  linux-2.6 2.6.32-48squeeze3

RHEL 5: new kernel packages.
New packages are available:
  kernel-2.6.18-308.24.1

RHEL 6: new kernel packages (26/09/2012).
New packages are available:
  kernel-2.6.32-279.9.1.el6

VMware ESX 4.1: patch ESX410-201312001.
A patch is available:
  ESX410-201312001.zip
  http://kb.vmware.com/kb/2061209
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides software vulnerability patches. The technology watch team tracks security threats targeting the computer system.