Vulnerabilities > CVE-2004-0816 - Integer Underflow (Wrap or Wraparound) vulnerability in Linux Kernel
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Integer underflow in the firewall logging rules for iptables in Linux before 2.6.8 allows remote attackers to cause a denial of service (application crash) via a malformed IP packet.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description | Linux Kernel 2.6.x IPTables Logging Rules Integer Underflow Vulnerability. CVE-2004-0816. Remote exploit for linux platform |
id | EDB-ID:24696 |
last seen | 2016-02-02 |
modified | 2004-11-21 |
published | 2004-11-21 |
reporter | Richard Hart |
source | https://www.exploit-db.com/download/24696/ |
title | Linux Kernel 2.6.x - IPTables Logging Rules Integer Underflow Vulnerability |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SA_2004_037.NASL description The remote host is missing the patch for the advisory SUSE-SA:2004:037 (kernel). An integer underflow problem in the iptables firewall logging rules can allow a remote attacker to crash the machine by using a handcrafted IP packet. This attack is only possible with firewalling enabled. We would like to thank Richard Hart for reporting the problem. This problem has already been fixed in the 2.6.8 upstream Linux kernel, this update contains a backport of the fix. Products running a 2.4 kernel are not affected. Mitre has assigned the CVE ID CVE-2004-0816 for this problem. Additionaly Martin Schwidefsky of IBM found an incorrectly handled privileged instruction which can lead to a local user gaining root user privileges. This only affects the SUSE Linux Enterprise Server 9 on the S/390 platform and has been assigned CVE ID CVE-2004-0887. Additionaly the following non-security bugs were fixed: - Two CD burning problems. - USB 2.0 stability problems under high load on SMP systems. - Several SUSE Linux Enterprise Server issues. (see the Maintenance Information Mail for more informations). last seen 2020-06-01 modified 2020-06-02 plugin id 15528 published 2004-10-21 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15528 title SUSE-SA:2004:037: kernel NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-022.NASL description A number of vulnerabilities are fixed in the 2.4 and 2.6 kernels with this advisory : - Multiple race conditions in the terminal layer of 2.4 and 2.6 kernels (prior to 2.6.9) can allow a local attacker to obtain portions of kernel data or allow remote attackers to cause a kernel panic by switching from console to PPP line discipline, then quickly sending data that is received during the switch (CVE-2004-0814) - Richard Hart found an integer underflow problem in the iptables firewall logging rules that can allow a remote attacker to crash the machine by using a specially crafted IP packet. This is only possible, however, if firewalling is enabled. The problem only affects 2.6 kernels and was fixed upstream in 2.6.8 (CVE-2004-0816) - Stefan Esser found several remote DoS confitions in the smbfs file system. This could be exploited by a hostile SMB server (or an attacker injecting packets into the network) to crash the client systems (CVE-2004-0883 and CVE-2004-0949) - Paul Starzetz and Georgi Guninski reported, independently, that bad argument handling and bad integer arithmetics in the IPv4 sendmsg handling of control messages could lead to a local attacker crashing the machine. The fixes were done by Herbert Xu (CVE-2004-1016) - Rob Landley discovered a race condition in the handling of /proc/.../cmdline where, under rare circumstances, a user could read the environment variables of another process that was still spawning leading to the potential disclosure of sensitive information such as passwords (CVE-2004-1058) - Paul Starzetz reported that the missing serialization in unix_dgram_recvmsg() which was added to kernel 2.4.28 can be used by a local attacker to gain elevated (root) privileges (CVE-2004-1068) - Ross Kendall Axe discovered a possible kernel panic (DoS) while sending AF_UNIX network packets if certain SELinux-related kernel options were enabled. By default the CONFIG_SECURITY_NETWORK and CONFIG_SECURITY_SELINUX options are not enabled (CVE-2004-1069) - Paul Starzetz of isec.pl discovered several issues with the error handling of the ELF loader routines in the kernel. The fixes were provided by Chris Wright (CVE-2004-1070, CVE-2004-1071, CVE-2004-1072, CVE-2004-1073) - It was discovered that hand-crafted a.out binaries could be used to trigger a local DoS condition in both the 2.4 and 2.6 kernels. The fixes were done by Chris Wright (CVE-2004-1074) - Paul Starzetz found bad handling in the IGMP code which could lead to a local attacker being able to crash the machine. The fix was done by Chris Wright (CVE-2004-1137) - Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall() and sys32_vm86_warning() functions that could be used to overwrite kernel memory with attacker-supplied code resulting in privilege escalation (CVE-2004-1151) - Paul Starzetz found locally exploitable flaws in the binary format loader last seen 2020-06-01 modified 2020-06-02 plugin id 16259 published 2005-01-26 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16259 title Mandrake Linux Security Advisory : kernel (MDKSA-2005:022)
Seebug
bulletinFamily exploit description No description provided by source. id SSV:8943 last seen 2017-11-19 modified 2008-07-07 published 2008-07-07 reporter Root source https://www.seebug.org/vuldb/ssvid-8943 title Linux Kernel 2.6.x Firewall Logging Rules Remote DoS Exploit bulletinFamily exploit description No description provided by source. id SSV:78390 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-78390 title Linux Kernel 2.6.x IPTables Logging Rules Integer Underflow Vulnerability
References
- http://secunia.com/advisories/11202/
- http://secunia.com/advisories/11202/
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
- http://www.novell.com/linux/security/advisories/2004_37_kernel.html
- http://www.novell.com/linux/security/advisories/2004_37_kernel.html
- http://www.securityfocus.com/bid/11488
- http://www.securityfocus.com/bid/11488
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17800
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17800