LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: 'netfilter' Information leak vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
RedHat Linux This bug only affects users using the Network Address Translationfeatures of firewalls built with netfilter ("iptables"). Red HatLinux's firewall configuration tools use "ipchains," and thoseconfigurations are not vulnerable to this bug.

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Netfilter information leak
Advisory ID:       RHSA-2002:086-05
Issue date:        2002-05-08
Updated on:        2002-05-09
Product:           Red Hat Linux
Keywords:          netfilter iptables icmp nat
Cross references:  
Obsoletes:         
---------------------------------------------------------------------

1. Topic:

Netfilter ("iptables") can leak information about how port forwarding
is done in unfiltered ICMP packets.  The older "ipchains" code is not
affected.

This bug only affects users using the Network Address Translation
features of firewalls built with netfilter ("iptables").  Red Hat
Linux's firewall configuration tools use "ipchains," and those
configurations are not vulnerable to this bug.

2. Relevant releases/architectures:



3. Problem description:

Systems using the netfilter ("iptables") Network Address Translation
(NAT) capabilities are subject to the following bug:  When a NAT rule
applies to the first packet of a connection and that packet later
causes the system to generate an ICMP error message, the ICMP
error message is sent out with translated addresses included. This
address information incorrectly gives the IP address to which the
connection would have been forwarded if the ICMP error message was
not generated, which exposes information about the netfilter
configuration (which ports are being translated) and about the
network topology (which address the ports are being forwarded to).
Also, the incorrect ICMP packets may be dropped by other intervening
stateful firewalls as malformed packets.

ICMP error packets generated by the host being routed to are not
affected by this bug.

The firewall configuration generated by Red Hat Linux's firewall
configuration tools uses ipchains, not iptables; thus, default
configurations of Red Hat Linux are not affected by this bug.

4. Solution:

Unfortunately, this problem currently has no clean fix, but while
a clean fix is being worked on, there is a sufficient workaround:

Filter out untracked local icmp packets using the following command:
iptables -A OUTPUT -m state -p icmp --state INVALID -j DROP

5. Bug IDs fixed  (http://bugzilla.Red Hat.com/bugzilla for more info):



6. RPMs required:



7. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
 

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     http://www.Red Hat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:

CARTSA-20020402  (http://www.cartel-securite.fr/)
Thanks to Philippe Biondi <biondi@cartel-securite.fr>


Copyright(c) 2000, 2001, 2002 Red Hat, Inc.


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
USB is now UEC (use with extreme caution)
iPhone Encryption and the Return of the Crypto Wars
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.