` 

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          kernel 2.2 and 2.4: syncookie vulnerability
Advisory ID:       RHSA-2001:142-15
Issue date:        2001-10-26
Updated on:        2001-11-02
Product:           Red Hat Linux
Keywords:          syncookie security kernel
Cross references:  
Obsoletes:         
---------------------------------------------------------------------

1. Topic:

Syncookies are used to protect a system against certain Denial Of Service
(DOS) attacks. A flaw in this mechanism has been found which can be used to
circumvent certain types of firewall configurations.

Note: syncookies are not enabled in the default installation of Red Hat
Linux but many server administrators do enable syncookies.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - alpha, i386, i586, i686, sparc, sparc64

Red Hat Linux 7.0 - alpha, i386, i586, i686

Red Hat Linux 7.1 - alpha, i386, i586, i686, ia64

Red Hat Linux 7.2 - athlon, i386, i586, i686

3. Problem description:

Syncookies, while not enabled in default installations of Red Hat Linux,
are used to protect an Internet server against a certain type of DoS
attack--the so called "synflood"--by using a cryptographic challenge
protocol which ensures legitimate users can keep using the server. Under an
attack, the TCP/IP layer will, instead of just accepting new connections,
send back the challenge and only accept the connections in the
second phase ("syn ack") of the TCP/IP handshake (where the other party
returns the challenge value). The DoS attack, which consists of sending as
many first phase ("syn") packets as possible will be neutralized because
system resources are only used as part of the second phase.

Certain firewall configurations only filter the first phase ("syn") packets
to prevent connections to specific services. These systems are vulnerable
when an attacker can both force a system into flood protection state (by
starting a synflood attack on a non-firewalled port) and guess the
cryptographic challenge of a firewalled port. 

While the cryptographic hash used is strong, the number of bits available
is restricted by the TCP protocol header design. With a high speed link and
a lot of time, an attacker can eventually succeed in faking a valid cookie
and making a connection that a syn only firewall rule might have
prohibited.

The updated kernels have a modified synflood protection algorithm that now
uses a per port "under attack" state so that ports with only a first-phase
firewall rule will not use the "under attack" regime even when other,
non-firewalled, ports are under attack.


In addition, these packages fix a remote denial of service attack against
the TUX web server.  This attack can only succeed if the TUX web server
has been explicitly enabled; it is disabled by default.  Thanks to
Aidan O'Rawe for finding this bug.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied. 

The procedure for upgrading the kernel is documented at:
 
Support

Please read the directions for your architecture carefully before
proceeding with the kernel upgrade.

Please note that this update is also available via Red Hat Network.  Many
people find this to be an easier way to apply updates.  To use Red Hat
Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. Note that you need to select the kernel
explicitly on default configurations of up2date.

5. Bug IDs fixed  (  for more info):

55067 - Installer kernel won't boot on P60: machine check exception
55097 - bad: xconfig fails, good: config & menuconfig works
54829 - new linux-2.4.9-6 kernel fails to xconfig
54851 - Incorrect change to parameters for kallsyms_address_to_symbol()
54868 - NFS sever file lock is broken in 2.4.9-6
55082 - acenic driver on Kernel 2.4.9-6enterprise not loading on Netfinity 5500

6. RPMs required:

Red Hat Linux 6.2:

SRPMS: 
 

alpha: 
  
  
  
  
  
  
  
  
 

i386: 
  
  
  
  
  
  
  
  
 

i586: 
  
 

i686: 
  
  
 

sparc: 
  
  
  
  
  
  
  
 

sparc64: 
  
  
  
 

Red Hat Linux 7.0:

SRPMS: 
 

alpha: 
  
  
  
  
  
  
  
 

i386: 
  
  
  
  
  
  
  
 

i586: 
  
 

i686: 
  
  
 

Red Hat Linux 7.1:

SRPMS: 
 

alpha: 
  
  
  
  
  
 

i386: 
  
  
  
  
 

i586: 
  
 

i686: 
  
  
 

ia64: 
  
  
  
  
 

Red Hat Linux 7.2:

SRPMS: 
 

athlon: 
  
 

i386: 
  
  
  
  
 

i586: 
  
 

i686: 
  
  
  
 



7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
336b94fecfb1d8743fb8902aabd8f405 6.2/en/os/SRPMS/kernel-2.2.19-6.2.12.src.rpm
c0e980e0c7f37c25f75075d82c3674b2 6.2/en/os/alpha/kernel-2.2.19-6.2.12.alpha.rpm
b260e315fcb69fa6b79e324d354e71ed 6.2/en/os/alpha/kernel-BOOT-2.2.19-6.2.12.alpha.rpm
e35b617712c1ce4c40814d967c93d7c1 6.2/en/os/alpha/kernel-doc-2.2.19-6.2.12.alpha.rpm
4be86c30547a8970176c0aa8dfb05f0e 6.2/en/os/alpha/kernel-enterprise-2.2.19-6.2.12.alpha.rpm
5a8f6c029fb342b71b72d0bd23411db0 6.2/en/os/alpha/kernel-headers-2.2.19-6.2.12.alpha.rpm
caf0190338a4afdf6d561e52cbd31226 6.2/en/os/alpha/kernel-jensen-2.2.19-6.2.12.alpha.rpm
be7d0438c8adccd0e3f22ce5c2d7d9b9 6.2/en/os/alpha/kernel-smp-2.2.19-6.2.12.alpha.rpm
40cf8a3f621ed079cdea63dbb53dc0fe 6.2/en/os/alpha/kernel-source-2.2.19-6.2.12.alpha.rpm
b5852172767c173aae77596a5566345a 6.2/en/os/alpha/kernel-utils-2.2.19-6.2.12.alpha.rpm
383a93775aa5403b878e3e94f759a0c9 6.2/en/os/i386/kernel-2.2.19-6.2.12.i386.rpm
012c67e0d39b114cd27d333af6c979cd 6.2/en/os/i386/kernel-BOOT-2.2.19-6.2.12.i386.rpm
f02db047a97df18b419656d740be9d87 6.2/en/os/i386/kernel-doc-2.2.19-6.2.12.i386.rpm
2d662967b7aa5d33abef8708e22cfcbc 6.2/en/os/i386/kernel-headers-2.2.19-6.2.12.i386.rpm
6a94d332832e44ef9e3ab8bc6e1e91a8 6.2/en/os/i386/kernel-ibcs-2.2.19-6.2.12.i386.rpm
58b9fe2f012ff261b5c6fca00f6a6c05 6.2/en/os/i386/kernel-pcmcia-cs-2.2.19-6.2.12.i386.rpm
d79b9ac16f0d7b9b522a0196fc025a2e 6.2/en/os/i386/kernel-smp-2.2.19-6.2.12.i386.rpm
12ae3d6af2df1139417daa75e1c63fa4 6.2/en/os/i386/kernel-source-2.2.19-6.2.12.i386.rpm
1c68d1fd6fe55b1941b08c1853da9eef 6.2/en/os/i386/kernel-utils-2.2.19-6.2.12.i386.rpm
3f211cda6505a310b242ada7027dc9b4 6.2/en/os/i586/kernel-2.2.19-6.2.12.i586.rpm
3e407af75a556f2ce612e833938d8cd5 6.2/en/os/i586/kernel-smp-2.2.19-6.2.12.i586.rpm
27fae43d1b9e04c1151a3a164d889bcc 6.2/en/os/i686/kernel-2.2.19-6.2.12.i686.rpm
e03ec095d621c895d71c9d1af2307d16 6.2/en/os/i686/kernel-enterprise-2.2.19-6.2.12.i686.rpm
43491809de3902d31dfcced1fd44ee6e 6.2/en/os/i686/kernel-smp-2.2.19-6.2.12.i686.rpm
74f893ae177202357b6939e6a6397040 6.2/en/os/sparc/kernel-2.2.19-6.2.12.sparc.rpm
2f1f0934d8e50accc56e373116f530c1 6.2/en/os/sparc/kernel-BOOT-2.2.19-6.2.12.sparc.rpm
99521c034bc1da83db872a8dacf01a17 6.2/en/os/sparc/kernel-doc-2.2.19-6.2.12.sparc.rpm
cc8eddb94e0b738eb5cb88c457c98c5a 6.2/en/os/sparc/kernel-enterprise-2.2.19-6.2.12.sparc.rpm
e71f79f363d05a0c5984d056f94e625c 6.2/en/os/sparc/kernel-headers-2.2.19-6.2.12.sparc.rpm
76f045b1db4c1c4a55f3ac3469b1aa5d 6.2/en/os/sparc/kernel-smp-2.2.19-6.2.12.sparc.rpm
1c0fd18816732994aa27ed66b3849a07 6.2/en/os/sparc/kernel-source-2.2.19-6.2.12.sparc.rpm
bc948575895e457bfab2b76232e0ab02 6.2/en/os/sparc/kernel-utils-2.2.19-6.2.12.sparc.rpm
59ae3629df5fff111a391f4059d2a2e0 6.2/en/os/sparc64/kernel-2.2.19-6.2.12.sparc64.rpm
649ed74d4fb44dc07092fb8fa355eb00 6.2/en/os/sparc64/kernel-BOOT-2.2.19-6.2.12.sparc64.rpm
8605f9f4e9426057e1fb9527892c4efe 6.2/en/os/sparc64/kernel-enterprise-2.2.19-6.2.12.sparc64.rpm
42a0a7f05d2ffcaffc613bf0aaf20cdc 6.2/en/os/sparc64/kernel-smp-2.2.19-6.2.12.sparc64.rpm
b3257f305e0e1a4a6241f5a56cb90ea6 7.0/en/os/SRPMS/kernel-2.2.19-7.0.12.src.rpm
60af98ffd100f6f2343e5c3f6202260a 7.0/en/os/alpha/kernel-2.2.19-7.0.12.alpha.rpm
ef9dbafbbb181645a766179f8d7b021a 7.0/en/os/alpha/kernel-BOOT-2.2.19-7.0.12.alpha.rpm
bd7b487a990644fe8e240149faadbd78 7.0/en/os/alpha/kernel-doc-2.2.19-7.0.12.alpha.rpm
cfbe56baab4def543cff73a9d6018c5f 7.0/en/os/alpha/kernel-enterprise-2.2.19-7.0.12.alpha.rpm
741880c2a27aff4359e155e3620a4702 7.0/en/os/alpha/kernel-jensen-2.2.19-7.0.12.alpha.rpm
512f8f58420952c905ce26167cb631cc 7.0/en/os/alpha/kernel-smp-2.2.19-7.0.12.alpha.rpm
3dc97d8591136be3383da02adb5052fc 7.0/en/os/alpha/kernel-source-2.2.19-7.0.12.alpha.rpm
6ff20a89aec3b5726254664faa92026a 7.0/en/os/alpha/kernel-utils-2.2.19-7.0.12.alpha.rpm
5ef8fbb28e1eb8bee232020c7e0e11ba 7.0/en/os/i386/kernel-2.2.19-7.0.12.i386.rpm
a57b7ac9873e3a072688333daa25910a 7.0/en/os/i386/kernel-BOOT-2.2.19-7.0.12.i386.rpm
1c61150fdbfe5926ce10b6e3708321d8 7.0/en/os/i386/kernel-doc-2.2.19-7.0.12.i386.rpm
ef5ecb3401a6ec8adb3f0d9f192a96de 7.0/en/os/i386/kernel-ibcs-2.2.19-7.0.12.i386.rpm
2443b3e1812195b7f3d15dd4e1c42693 7.0/en/os/i386/kernel-pcmcia-cs-2.2.19-7.0.12.i386.rpm
7e7d5d5132e025810c5e3056b5611142 7.0/en/os/i386/kernel-smp-2.2.19-7.0.12.i386.rpm
777fc255bfe49b27c471077774ffc09a 7.0/en/os/i386/kernel-source-2.2.19-7.0.12.i386.rpm
0b7e54c77d268a85ee248403f009bab2 7.0/en/os/i386/kernel-utils-2.2.19-7.0.12.i386.rpm
4f7be1253b62b8cc010537528f68120e 7.0/en/os/i586/kernel-2.2.19-7.0.12.i586.rpm
6ce10ee753a30a1d86542670cac6f6a5 7.0/en/os/i586/kernel-smp-2.2.19-7.0.12.i586.rpm
9efeccc6f69f8816fab5bbcd041224a1 7.0/en/os/i686/kernel-2.2.19-7.0.12.i686.rpm
f3cbc795777dd18a186e9fb9bbf15808 7.0/en/os/i686/kernel-enterprise-2.2.19-7.0.12.i686.rpm
05d175e6ff7f8687d3ef1091c8b67e7f 7.0/en/os/i686/kernel-smp-2.2.19-7.0.12.i686.rpm
bda764eb797d34d0c5ad251a4d95bf58 7.1/en/os/SRPMS/kernel-2.4.9-12.src.rpm
747b17fb92f8bcf5749842533652a80e 7.1/en/os/alpha/kernel-2.4.9-12.alpha.rpm
2f18e5f8e504bfcbbaac7a900465f1f7 7.1/en/os/alpha/kernel-BOOT-2.4.9-12.alpha.rpm
dc284b572198a939711ab5472479ff1d 7.1/en/os/alpha/kernel-doc-2.4.9-12.alpha.rpm
8f82b85b9eabd04ca705b87ea748d022 7.1/en/os/alpha/kernel-headers-2.4.9-12.alpha.rpm
1328a1c08c2ffa968407b9cbcd92ee6a 7.1/en/os/alpha/kernel-smp-2.4.9-12.alpha.rpm
b34bed11c436d563af83fa890eda9ec8 7.1/en/os/alpha/kernel-source-2.4.9-12.alpha.rpm
3aacd852f52a8b4dfd8cd91b17303375 7.1/en/os/i386/kernel-2.4.9-12.i386.rpm
c047388577512f0e04340dd7256bc720 7.1/en/os/i386/kernel-BOOT-2.4.9-12.i386.rpm
9f05e1cd67aaff2bbb58179bf7e4c7fd 7.1/en/os/i386/kernel-doc-2.4.9-12.i386.rpm
cc47a2568943ba7d3a8619297b46a420 7.1/en/os/i386/kernel-headers-2.4.9-12.i386.rpm
0fd276dbe3688fecf7b1d1ae685375f8 7.1/en/os/i386/kernel-source-2.4.9-12.i386.rpm
a2b9faa10219c22ace1fccf1d7fcb955 7.1/en/os/i586/kernel-2.4.9-12.i586.rpm
fa5cfcc16f4ea4ba9abab0361e45a6bb 7.1/en/os/i586/kernel-smp-2.4.9-12.i586.rpm
942efbd3eb389167579a435b1e6e5ec9 7.1/en/os/i686/kernel-2.4.9-12.i686.rpm
dddbf9b73335a8bd2193243ccaa42d53 7.1/en/os/i686/kernel-enterprise-2.4.9-12.i686.rpm
63543d58ec2cb3beb3fa75ab7f01efb5 7.1/en/os/i686/kernel-smp-2.4.9-12.i686.rpm
f0ce8588ae1983d291ea41e8bce682f5 7.1/en/os/ia64/kernel-2.4.9-12.ia64.rpm
b1f2f5eb150558579ecaa68d241d40d5 7.1/en/os/ia64/kernel-doc-2.4.9-12.ia64.rpm
01ddc6910d0a7ed5350c7e0e971e05fa 7.1/en/os/ia64/kernel-headers-2.4.9-12.ia64.rpm
17e769def69090ff7b6d17a596049eb5 7.1/en/os/ia64/kernel-smp-2.4.9-12.ia64.rpm
e80751d12cb444f84b49c22de3edf6d7 7.1/en/os/ia64/kernel-source-2.4.9-12.ia64.rpm
910e9b11dac35236f94c413b63728b8b 7.2/en/os/SRPMS/kernel-2.4.9-13.src.rpm
eee399a250faeaa6a6127ae685c8dceb 7.2/en/os/athlon/kernel-2.4.9-13.athlon.rpm
c44229a144bf37caf062bd55a4444f3d 7.2/en/os/athlon/kernel-smp-2.4.9-13.athlon.rpm
47b590b479c4e3b63171fc3ba4c4457f 7.2/en/os/i386/kernel-2.4.9-13.i386.rpm
f2827ea8c551c81a7e1fb02a2786fc2f 7.2/en/os/i386/kernel-BOOT-2.4.9-13.i386.rpm
9af0476874b6ec7e3e521a70fe7a5a6d 7.2/en/os/i386/kernel-doc-2.4.9-13.i386.rpm
b937212e08ac5d8fddcf6c9ea350f658 7.2/en/os/i386/kernel-headers-2.4.9-13.i386.rpm
866b59aab640cfa58b2aa9c9be90f624 7.2/en/os/i386/kernel-source-2.4.9-13.i386.rpm
de2da25e720aced27a1e7508d0f24b4b 7.2/en/os/i586/kernel-2.4.9-13.i586.rpm
de92c000f9a94d566abc05c1bfd5c81a 7.2/en/os/i586/kernel-smp-2.4.9-13.i586.rpm
44fcbb6aa0d54b74ad30c219692f0e63 7.2/en/os/i686/kernel-2.4.9-13.i686.rpm
c86f496432efc1bef1939b992ca6d3f4 7.2/en/os/i686/kernel-debug-2.4.9-13.i686.rpm
d898d5125d1067b822b647119613c3c3 7.2/en/os/i686/kernel-enterprise-2.4.9-13.i686.rpm
6f8cfc7fc6383ec7c7d7586c8f6b02f7 7.2/en/os/i686/kernel-smp-2.4.9-13.i686.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     About

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:
 
yp


Copyright(c) 2000, 2001 Red Hat, Inc.
`

RedHat: 'kernel' syncookie vulnerability

A flaw in this mechanism has been found which can be used tocircumvent certain types of firewall configurations.

Summary



Summary

Syncookies, while not enabled in default installations of Red Hat Linux,are used to protect an Internet server against a certain type of DoSattack--the so called "synflood"--by using a cryptographic challengeprotocol which ensures legitimate users can keep using the server. Under anattack, the TCP/IP layer will, instead of just accepting new connections,send back the challenge and only accept the connections in thesecond phase ("syn ack") of the TCP/IP handshake (where the other partyreturns the challenge value). The DoS attack, which consists of sending asmany first phase ("syn") packets as possible will be neutralized becausesystem resources are only used as part of the second phase.Certain firewall configurations only filter the first phase ("syn") packetsto prevent connections to specific services. These systems are vulnerablewhen an attacker can both force a system into flood protection state (bystarting a synflood attack on a non-firewalled port) and guess thecryptographic challenge of a firewalled port. While the cryptographic hash used is strong, the number of bits availableis restricted by the TCP protocol header design. With a high speed link anda lot of time, an attacker can eventually succeed in faking a valid cookieand making a connection that a syn only firewall rule might haveprohibited.The updated kernels have a modified synflood protection algorithm that nowuses a per port "under attack" state so that ports with only a first-phasefirewall rule will not use the "under attack" regime even when other,non-firewalled, ports are under attack.In addition, these packages fix a remote denial of service attack againstthe TUX web server. This attack can only succeed if the TUX web serverhas been explicitly enabled; it is disabled by default. Thanks toAidan O'Rawe for finding this bug.


Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
The procedure for upgrading the kernel is documented at:
Support
Please read the directions for your architecture carefully before proceeding with the kernel upgrade.
Please note that this update is also available via Red Hat Network. Many people find this to be an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Note that you need to select the kernel explicitly on default configurations of up2date.
5. Bug IDs fixed ( for more info):
55067 - Installer kernel won't boot on P60: machine check exception 55097 - bad: xconfig fails, good: config & menuconfig works 54829 - new linux-2.4.9-6 kernel fails to xconfig 54851 - Incorrect change to parameters for kallsyms_address_to_symbol() 54868 - NFS sever file lock is broken in 2.4.9-6 55082 - acenic driver on Kernel 2.4.9-6enterprise not loading on Netfinity 5500
6. RPMs required:
Red Hat Linux 6.2:
SRPMS:

alpha:









i386:









i586:


i686:



sparc:








sparc64:




Red Hat Linux 7.0:
SRPMS:

alpha:








i386:








i586:


i686:



Red Hat Linux 7.1:
SRPMS:

alpha:






i386:





i586:


i686:



ia64:





Red Hat Linux 7.2:
SRPMS:

athlon:


i386:





i586:


i686:






7. Verification:
MD5 sum Package Name 336b94fecfb1d8743fb8902aabd8f405 6.2/en/os/SRPMS/kernel-2.2.19-6.2.12.src.rpm c0e980e0c7f37c25f75075d82c3674b2 6.2/en/os/alpha/kernel-2.2.19-6.2.12.alpha.rpm b260e315fcb69fa6b79e324d354e71ed 6.2/en/os/alpha/kernel-BOOT-2.2.19-6.2.12.alpha.rpm e35b617712c1ce4c40814d967c93d7c1 6.2/en/os/alpha/kernel-doc-2.2.19-6.2.12.alpha.rpm 4be86c30547a8970176c0aa8dfb05f0e 6.2/en/os/alpha/kernel-enterprise-2.2.19-6.2.12.alpha.rpm 5a8f6c029fb342b71b72d0bd23411db0 6.2/en/os/alpha/kernel-headers-2.2.19-6.2.12.alpha.rpm caf0190338a4afdf6d561e52cbd31226 6.2/en/os/alpha/kernel-jensen-2.2.19-6.2.12.alpha.rpm be7d0438c8adccd0e3f22ce5c2d7d9b9 6.2/en/os/alpha/kernel-smp-2.2.19-6.2.12.alpha.rpm 40cf8a3f621ed079cdea63dbb53dc0fe 6.2/en/os/alpha/kernel-source-2.2.19-6.2.12.alpha.rpm b5852172767c173aae77596a5566345a 6.2/en/os/alpha/kernel-utils-2.2.19-6.2.12.alpha.rpm 383a93775aa5403b878e3e94f759a0c9 6.2/en/os/i386/kernel-2.2.19-6.2.12.i386.rpm 012c67e0d39b114cd27d333af6c979cd 6.2/en/os/i386/kernel-BOOT-2.2.19-6.2.12.i386.rpm f02db047a97df18b419656d740be9d87 6.2/en/os/i386/kernel-doc-2.2.19-6.2.12.i386.rpm 2d662967b7aa5d33abef8708e22cfcbc 6.2/en/os/i386/kernel-headers-2.2.19-6.2.12.i386.rpm 6a94d332832e44ef9e3ab8bc6e1e91a8 6.2/en/os/i386/kernel-ibcs-2.2.19-6.2.12.i386.rpm 58b9fe2f012ff261b5c6fca00f6a6c05 6.2/en/os/i386/kernel-pcmcia-cs-2.2.19-6.2.12.i386.rpm d79b9ac16f0d7b9b522a0196fc025a2e 6.2/en/os/i386/kernel-smp-2.2.19-6.2.12.i386.rpm 12ae3d6af2df1139417daa75e1c63fa4 6.2/en/os/i386/kernel-source-2.2.19-6.2.12.i386.rpm 1c68d1fd6fe55b1941b08c1853da9eef 6.2/en/os/i386/kernel-utils-2.2.19-6.2.12.i386.rpm 3f211cda6505a310b242ada7027dc9b4 6.2/en/os/i586/kernel-2.2.19-6.2.12.i586.rpm 3e407af75a556f2ce612e833938d8cd5 6.2/en/os/i586/kernel-smp-2.2.19-6.2.12.i586.rpm 27fae43d1b9e04c1151a3a164d889bcc 6.2/en/os/i686/kernel-2.2.19-6.2.12.i686.rpm e03ec095d621c895d71c9d1af2307d16 6.2/en/os/i686/kernel-enterprise-2.2.19-6.2.12.i686.rpm 43491809de3902d31dfcced1fd44ee6e 6.2/en/os/i686/kernel-smp-2.2.19-6.2.12.i686.rpm 74f893ae177202357b6939e6a6397040 6.2/en/os/sparc/kernel-2.2.19-6.2.12.sparc.rpm 2f1f0934d8e50accc56e373116f530c1 6.2/en/os/sparc/kernel-BOOT-2.2.19-6.2.12.sparc.rpm 99521c034bc1da83db872a8dacf01a17 6.2/en/os/sparc/kernel-doc-2.2.19-6.2.12.sparc.rpm cc8eddb94e0b738eb5cb88c457c98c5a 6.2/en/os/sparc/kernel-enterprise-2.2.19-6.2.12.sparc.rpm e71f79f363d05a0c5984d056f94e625c 6.2/en/os/sparc/kernel-headers-2.2.19-6.2.12.sparc.rpm 76f045b1db4c1c4a55f3ac3469b1aa5d 6.2/en/os/sparc/kernel-smp-2.2.19-6.2.12.sparc.rpm 1c0fd18816732994aa27ed66b3849a07 6.2/en/os/sparc/kernel-source-2.2.19-6.2.12.sparc.rpm bc948575895e457bfab2b76232e0ab02 6.2/en/os/sparc/kernel-utils-2.2.19-6.2.12.sparc.rpm 59ae3629df5fff111a391f4059d2a2e0 6.2/en/os/sparc64/kernel-2.2.19-6.2.12.sparc64.rpm 649ed74d4fb44dc07092fb8fa355eb00 6.2/en/os/sparc64/kernel-BOOT-2.2.19-6.2.12.sparc64.rpm 8605f9f4e9426057e1fb9527892c4efe 6.2/en/os/sparc64/kernel-enterprise-2.2.19-6.2.12.sparc64.rpm 42a0a7f05d2ffcaffc613bf0aaf20cdc 6.2/en/os/sparc64/kernel-smp-2.2.19-6.2.12.sparc64.rpm b3257f305e0e1a4a6241f5a56cb90ea6 7.0/en/os/SRPMS/kernel-2.2.19-7.0.12.src.rpm 60af98ffd100f6f2343e5c3f6202260a 7.0/en/os/alpha/kernel-2.2.19-7.0.12.alpha.rpm ef9dbafbbb181645a766179f8d7b021a 7.0/en/os/alpha/kernel-BOOT-2.2.19-7.0.12.alpha.rpm bd7b487a990644fe8e240149faadbd78 7.0/en/os/alpha/kernel-doc-2.2.19-7.0.12.alpha.rpm cfbe56baab4def543cff73a9d6018c5f 7.0/en/os/alpha/kernel-enterprise-2.2.19-7.0.12.alpha.rpm 741880c2a27aff4359e155e3620a4702 7.0/en/os/alpha/kernel-jensen-2.2.19-7.0.12.alpha.rpm 512f8f58420952c905ce26167cb631cc 7.0/en/os/alpha/kernel-smp-2.2.19-7.0.12.alpha.rpm 3dc97d8591136be3383da02adb5052fc 7.0/en/os/alpha/kernel-source-2.2.19-7.0.12.alpha.rpm 6ff20a89aec3b5726254664faa92026a 7.0/en/os/alpha/kernel-utils-2.2.19-7.0.12.alpha.rpm 5ef8fbb28e1eb8bee232020c7e0e11ba 7.0/en/os/i386/kernel-2.2.19-7.0.12.i386.rpm a57b7ac9873e3a072688333daa25910a 7.0/en/os/i386/kernel-BOOT-2.2.19-7.0.12.i386.rpm 1c61150fdbfe5926ce10b6e3708321d8 7.0/en/os/i386/kernel-doc-2.2.19-7.0.12.i386.rpm ef5ecb3401a6ec8adb3f0d9f192a96de 7.0/en/os/i386/kernel-ibcs-2.2.19-7.0.12.i386.rpm 2443b3e1812195b7f3d15dd4e1c42693 7.0/en/os/i386/kernel-pcmcia-cs-2.2.19-7.0.12.i386.rpm 7e7d5d5132e025810c5e3056b5611142 7.0/en/os/i386/kernel-smp-2.2.19-7.0.12.i386.rpm 777fc255bfe49b27c471077774ffc09a 7.0/en/os/i386/kernel-source-2.2.19-7.0.12.i386.rpm 0b7e54c77d268a85ee248403f009bab2 7.0/en/os/i386/kernel-utils-2.2.19-7.0.12.i386.rpm 4f7be1253b62b8cc010537528f68120e 7.0/en/os/i586/kernel-2.2.19-7.0.12.i586.rpm 6ce10ee753a30a1d86542670cac6f6a5 7.0/en/os/i586/kernel-smp-2.2.19-7.0.12.i586.rpm 9efeccc6f69f8816fab5bbcd041224a1 7.0/en/os/i686/kernel-2.2.19-7.0.12.i686.rpm f3cbc795777dd18a186e9fb9bbf15808 7.0/en/os/i686/kernel-enterprise-2.2.19-7.0.12.i686.rpm 05d175e6ff7f8687d3ef1091c8b67e7f 7.0/en/os/i686/kernel-smp-2.2.19-7.0.12.i686.rpm bda764eb797d34d0c5ad251a4d95bf58 7.1/en/os/SRPMS/kernel-2.4.9-12.src.rpm 747b17fb92f8bcf5749842533652a80e 7.1/en/os/alpha/kernel-2.4.9-12.alpha.rpm 2f18e5f8e504bfcbbaac7a900465f1f7 7.1/en/os/alpha/kernel-BOOT-2.4.9-12.alpha.rpm dc284b572198a939711ab5472479ff1d 7.1/en/os/alpha/kernel-doc-2.4.9-12.alpha.rpm 8f82b85b9eabd04ca705b87ea748d022 7.1/en/os/alpha/kernel-headers-2.4.9-12.alpha.rpm 1328a1c08c2ffa968407b9cbcd92ee6a 7.1/en/os/alpha/kernel-smp-2.4.9-12.alpha.rpm b34bed11c436d563af83fa890eda9ec8 7.1/en/os/alpha/kernel-source-2.4.9-12.alpha.rpm 3aacd852f52a8b4dfd8cd91b17303375 7.1/en/os/i386/kernel-2.4.9-12.i386.rpm c047388577512f0e04340dd7256bc720 7.1/en/os/i386/kernel-BOOT-2.4.9-12.i386.rpm 9f05e1cd67aaff2bbb58179bf7e4c7fd 7.1/en/os/i386/kernel-doc-2.4.9-12.i386.rpm cc47a2568943ba7d3a8619297b46a420 7.1/en/os/i386/kernel-headers-2.4.9-12.i386.rpm 0fd276dbe3688fecf7b1d1ae685375f8 7.1/en/os/i386/kernel-source-2.4.9-12.i386.rpm a2b9faa10219c22ace1fccf1d7fcb955 7.1/en/os/i586/kernel-2.4.9-12.i586.rpm fa5cfcc16f4ea4ba9abab0361e45a6bb 7.1/en/os/i586/kernel-smp-2.4.9-12.i586.rpm 942efbd3eb389167579a435b1e6e5ec9 7.1/en/os/i686/kernel-2.4.9-12.i686.rpm dddbf9b73335a8bd2193243ccaa42d53 7.1/en/os/i686/kernel-enterprise-2.4.9-12.i686.rpm 63543d58ec2cb3beb3fa75ab7f01efb5 7.1/en/os/i686/kernel-smp-2.4.9-12.i686.rpm f0ce8588ae1983d291ea41e8bce682f5 7.1/en/os/ia64/kernel-2.4.9-12.ia64.rpm b1f2f5eb150558579ecaa68d241d40d5 7.1/en/os/ia64/kernel-doc-2.4.9-12.ia64.rpm 01ddc6910d0a7ed5350c7e0e971e05fa 7.1/en/os/ia64/kernel-headers-2.4.9-12.ia64.rpm 17e769def69090ff7b6d17a596049eb5 7.1/en/os/ia64/kernel-smp-2.4.9-12.ia64.rpm e80751d12cb444f84b49c22de3edf6d7 7.1/en/os/ia64/kernel-source-2.4.9-12.ia64.rpm 910e9b11dac35236f94c413b63728b8b 7.2/en/os/SRPMS/kernel-2.4.9-13.src.rpm eee399a250faeaa6a6127ae685c8dceb 7.2/en/os/athlon/kernel-2.4.9-13.athlon.rpm c44229a144bf37caf062bd55a4444f3d 7.2/en/os/athlon/kernel-smp-2.4.9-13.athlon.rpm 47b590b479c4e3b63171fc3ba4c4457f 7.2/en/os/i386/kernel-2.4.9-13.i386.rpm f2827ea8c551c81a7e1fb02a2786fc2f 7.2/en/os/i386/kernel-BOOT-2.4.9-13.i386.rpm 9af0476874b6ec7e3e521a70fe7a5a6d 7.2/en/os/i386/kernel-doc-2.4.9-13.i386.rpm b937212e08ac5d8fddcf6c9ea350f658 7.2/en/os/i386/kernel-headers-2.4.9-13.i386.rpm 866b59aab640cfa58b2aa9c9be90f624 7.2/en/os/i386/kernel-source-2.4.9-13.i386.rpm de2da25e720aced27a1e7508d0f24b4b 7.2/en/os/i586/kernel-2.4.9-13.i586.rpm de92c000f9a94d566abc05c1bfd5c81a 7.2/en/os/i586/kernel-smp-2.4.9-13.i586.rpm 44fcbb6aa0d54b74ad30c219692f0e63 7.2/en/os/i686/kernel-2.4.9-13.i686.rpm c86f496432efc1bef1939b992ca6d3f4 7.2/en/os/i686/kernel-debug-2.4.9-13.i686.rpm d898d5125d1067b822b647119613c3c3 7.2/en/os/i686/kernel-enterprise-2.4.9-13.i686.rpm 6f8cfc7fc6383ec7c7d7586c8f6b02f7 7.2/en/os/i686/kernel-smp-2.4.9-13.i686.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: About
You can verify each package with the following command: rpm --checksig
If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

References

yp Copyright(c) 2000, 2001 Red Hat, Inc. `

Package List


Severity
Advisory ID: RHSA-2001:142-15
Issued Date: : 2001-10-26
Updated on: 2001-11-02
Product: Red Hat Linux
Keywords: syncookie security kernel
Cross references:
Obsoletes:

Topic


Topic

Syncookies are used to protect a system against certain Denial Of Service

(DOS) attacks. A flaw in this mechanism has been found which can be used to

circumvent certain types of firewall configurations.

Note: syncookies are not enabled in the default installation of Red Hat

Linux but many server administrators do enable syncookies.


 

Relevant Releases Architectures

Red Hat Linux 6.2 - alpha, i386, i586, i686, sparc, sparc64

Red Hat Linux 7.0 - alpha, i386, i586, i686

Red Hat Linux 7.1 - alpha, i386, i586, i686, ia64

Red Hat Linux 7.2 - athlon, i386, i586, i686


Bugs Fixed


Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved