` 

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Netfilter information leak
Advisory ID:       RHSA-2002:086-05
Issue date:        2002-05-08
Updated on:        2002-05-09
Product:           Red Hat Linux
Keywords:          netfilter iptables icmp nat
Cross references:  
Obsoletes:         
---------------------------------------------------------------------

1. Topic:

Netfilter ("iptables") can leak information about how port forwarding
is done in unfiltered ICMP packets.  The older "ipchains" code is not
affected.

This bug only affects users using the Network Address Translation
features of firewalls built with netfilter ("iptables").  Red Hat
Linux's firewall configuration tools use "ipchains," and those
configurations are not vulnerable to this bug.

2. Relevant releases/architectures:



3. Problem description:

Systems using the netfilter ("iptables") Network Address Translation
(NAT) capabilities are subject to the following bug:  When a NAT rule
applies to the first packet of a connection and that packet later
causes the system to generate an ICMP error message, the ICMP
error message is sent out with translated addresses included. This
address information incorrectly gives the IP address to which the
connection would have been forwarded if the ICMP error message was
not generated, which exposes information about the netfilter
configuration (which ports are being translated) and about the
network topology (which address the ports are being forwarded to).
Also, the incorrect ICMP packets may be dropped by other intervening
stateful firewalls as malformed packets.

ICMP error packets generated by the host being routed to are not
affected by this bug.

The firewall configuration generated by Red Hat Linux's firewall
configuration tools uses ipchains, not iptables; thus, default
configurations of Red Hat Linux are not affected by this bug.

4. Solution:

Unfortunately, this problem currently has no clean fix, but while
a clean fix is being worked on, there is a sufficient workaround:

Filter out untracked local icmp packets using the following command:
iptables -A OUTPUT -m state -p icmp --state INVALID -j DROP

5. Bug IDs fixed  (  for more info):



6. RPMs required:



7. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
 

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     About

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:

CARTSA-20020402  ( )
Thanks to Philippe Biondi <biondi@cartel-securite.fr>


Copyright(c) 2000, 2001, 2002 Red Hat, Inc.
`

RedHat: 'netfilter' Information leak vulnerability

This bug only affects users using the Network Address Translationfeatures of firewalls built with netfilter ("iptables")

Summary



Summary

Systems using the netfilter ("iptables") Network Address Translation(NAT) capabilities are subject to the following bug: When a NAT ruleapplies to the first packet of a connection and that packet latercauses the system to generate an ICMP error message, the ICMPerror message is sent out with translated addresses included. Thisaddress information incorrectly gives the IP address to which theconnection would have been forwarded if the ICMP error message wasnot generated, which exposes information about the netfilterconfiguration (which ports are being translated) and about thenetwork topology (which address the ports are being forwarded to).Also, the incorrect ICMP packets may be dropped by other interveningstateful firewalls as malformed packets.ICMP error packets generated by the host being routed to are notaffected by this bug.The firewall configuration generated by Red Hat Linux's firewallconfiguration tools uses ipchains, not iptables; thus, defaultconfigurations of Red Hat Linux are not affected by this bug.


Solution

Unfortunately, this problem currently has no clean fix, but while a clean fix is being worked on, there is a sufficient workaround:
Filter out untracked local icmp packets using the following command: iptables -A OUTPUT -m state -p icmp --state INVALID -j DROP
5. Bug IDs fixed ( for more info):


6. RPMs required:


7. Verification:
MD5 sum Package Name

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: About
You can verify each package with the following command: rpm --checksig
If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

References

CARTSA-20020402 ( ) Thanks to Philippe Biondi <biondi@cartel-securite.fr> Copyright(c) 2000, 2001, 2002 Red Hat, Inc. `

Package List


Severity
Advisory ID: RHSA-2002:086-05
Issued Date: : 2002-05-08
Updated on: 2002-05-09
Product: Red Hat Linux
Keywords: netfilter iptables icmp nat
Cross references:
Obsoletes:

Topic


Topic

Netfilter ("iptables") can leak information about how port forwarding

is done in unfiltered ICMP packets. The older "ipchains" code is not

affected.

This bug only affects users using the Network Address Translation

features of firewalls built with netfilter ("iptables"). Red Hat

Linux's firewall configuration tools use "ipchains," and those

configurations are not vulnerable to this bug.


 

Relevant Releases Architectures


Bugs Fixed


Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved