-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: Kernel handling of IP options can crash machine Advisory number: CSSA-1999:013.0 Issue date: 1999 June 04 Cross reference: ______________________________________________________________________________ 1. Problem Description All 2.2.x Linux kernels up to version 2.2.9 have a bug in the handling of IP options that can be used to remotely crash the machine. An IP packet can contain a variable amount of extra information following the standard 20-byte header. These are called IP options. When receiving an IP packet with bogus options, all 2.2 kernels erroneously release the network buffer twice, causing memory corruption. This eventually leads to a system crash. This problem has been publicly disclosed on the bugtraq mailing list, and an exploit has been made available. 2. Vulnerable Versions Systems: OpenLinux 2.2 Packages: all 2.2.x Linux kernels up to linux-kernel-binary-2.2.5-1.i386.rpm 3. Solutions Upgrade to the latest kernel RPMS linux-kernel-binary-2.2.5-2.i386.rpm 4. Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.2/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.2/current/SRPMS 5. Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -U linux-kernel-binary-2.2.5-2.i386.rpm start lilo, and reboot after upgrade /sbin/lilo /sbin/reboot 6. Verification 92fb578c5a06f1d06c2d6f581aa213fe README 89a277e6e14d65c4ac405b56f394117b RPMS/linux-kernel-binary-2.2.5-2.i386.rpm 370fd253c92a524aa3eb99e938174840 SRPMS/linux-2.2.5-2.src.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/news/security/index.html Additional documentation on this problem can be found in: http://www.geek-girl.com/bugtraq/1999_2/0604.html 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBN1uYren+9R4958LpAQEzvwQAhjgqpN4+rNwAjmqo30nDDw/JpmWf778Q 9hISjNcJ/CKShRvdmoT6JUaRW7r09mpfBse/iE1G0P4oGj249PcgYQcYQw4g1byD EdSxwsK9ejLpHSvySoHUCvJFwA61uYyopFBsZtlRMCmYoEfY36BzrswBCh5oG4+O mBMa8zNS+n4= =NIkT -----END PGP SIGNATURE-----