DoS Hole Found in Linux Kernel

Security experts Thursday warned of a vulnerability in the Linux Kernel 2.4 branch, which can be exploited to cause denial-of-service attacks.

The hole in the popular open-source operating system was detected in the way the Linux Kernel handles caching of routing information.

“By flooding a Linux system with packets with spoofed source addresses, the handling of the cache will consume large amounts of CPU power. This could potentially bring a Linux system offline with a rate of only 400 packets per second by using carefully chosen source addresses that causes hash collisions in the table,” according to an security advisory from U.K.-based Secunia, which rated the flaw as “moderately critical.”

Red Hat, the Raleigh, NC, firm that dominates the market for Linux, has issued updated kernel packages to patch Red Hat Linux versions 7.1 through 9. Red Hat said the security hole caused the kernel to use a disproportionate amount of processor time to deal with new packets, resulting in a remote DoS attack.

The Red Hat update also fixes certain non-security related issues.

A temporary workaround could be used to filter traffic using the PREROUTING chain instead of the INPUT chain in iptables, as PREROUTING is performed before the route cache. This would only require minor changes to the filter rules. However, Secunia cautioned that a DoS could still succeed if the system uses iptables (netfilter) to filter traffic. “This is even possible with randomly chosen IP addresses that doesn’t cause a hash collision, since it just requires a higher rate of packets,” the company said.

In addition to Red Hat, vulnerable implementations of the Linux OS include various products from SuSE, Mandrake, Slackware, Gentoo, Debian and Conectiva.

The vulnerability comes in the midst of moves by three tech heavyweights to put Linux under the security microscope. The three firms — IBM Corp., Oracle and Red Hat plan to work with the open-source community to put Linux up for the Common Criteria certification process.

Common Criteria certification for Linux is seen as a crucial first step to win commercial approval for Linux among government clients. The U.S. federal government CC approval for any IT product used in national security systems.