Nasty Linux netfilter firewall security hole found

Advisories

Discover Firewalls News

Nasty Linux netfilter firewall security hole found

32.Lock Code Circular

How embarrassing! It turns out there was a security hole lurking in Linux's netfilter firewall program.

Behind almost all Linux firewalls tools such as iptables; its newer version, nftablesfirewalld; and ufw, is netfilter, which controls access to and from Linux's network stack. It's an essential Linux security program, so when a security hole is found in it, it's a big deal. 

Nick Gregory, a Sophos threat researcher, found this hole recently while checking netfilter for possible security problems. Gregory explains in great detail his bug hunt, and I recommend it for those who want insight into finding C errors. But, for those of you who just want to cut to the chase, here's the story.

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.