Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 4511 - IPChains Security Hole
Summary: IPChains Security Hole
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: kernel
Version: 6.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Cristian Gafton
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 1999-08-13 14:41 UTC by pjmattal
Modified: 2008-08-01 16:22 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description pjmattal 1999-08-13 14:41:59 UTC
There is a recent security hole in the ipchains IP
forwarding mechanism that can allow arbitrary packets
through the ipchains filters if a fragment overlap tactic is
used to rewrite the address in the header. A "fragrouter"
exploit has been written which makes it particularly easy
for hackers to exploit this hole.

The patch has been incorporated into the Linux 2.2.11 kernel
as blessed/released by Linus on August 9, 1999. This kernel
(or, marginally, a patched version of the 2.2.5 kernel)
should be packaged and released ASAP!

For more information, visit:

Note You need to log in before you can comment on or make changes to this bug.