Bug 4511

Summary: IPChains Security Hole
Product: [Retired] Red Hat Linux Reporter: pjmattal
Component: kernelAssignee: Cristian Gafton <gafton>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: high    
Version: 6.0Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description pjmattal 1999-08-13 14:41:59 UTC 
There is a recent security hole in the ipchains IP
forwarding mechanism that can allow arbitrary packets
through the ipchains filters if a fragment overlap tactic is
used to rewrite the address in the header. A "fragrouter"
exploit has been written which makes it particularly easy
for hackers to exploit this hole.

The patch has been incorporated into the Linux 2.2.11 kernel
as blessed/released by Linus on August 9, 1999. This kernel
(or, marginally, a patched version of the 2.2.5 kernel)
should be packaged and released ASAP!

For more information, visit:

http://www.securityfocus.com/vdb/bottom.html?vid=543