blob: 3dbe1d3a5c4a8454b56ec4c29bfb43119308c0d8 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
Candidate: CVE-2002-0704
References:
BUGTRAQ:20020508 [CARTSA-20020402] Linux Netfilter NAT/ICMP code information leak
REDHAT:RHSA-2002:086
MANDRAKE:MDKSA-2002:030
HP:HPSBTL0205-039
XF: linux-netfilter-information-leak(9043)
BID:4699
Description:
The Network Address Translation (NAT) capability for Netfilter ("iptables")
1.2.6a and earlier leaks translated IP addresses in ICMP error messages.
Notes:
There's a patch here:
http://www.securityfocus.com/bid/4699
But it doesn't appear to have gone upstream. It doesn't look like RedHat
or Mandrake fixed it either; instead, they suggest a workaround:
http://rhn.redhat.com/errata/RHSA-2002-086.html
http://archives.mandrivalinux.com/security-announce/2002-02/msg00025.html
.
dannf> We plan to "fix" this by recommending the workaround as well.
horms> I believe that this problem was fixed as part of the following
horms> patch that was incuded in 2.6.11
horms> http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=1e69ba3fa29b13fe5229d6e325aee91ae5abe298
horms> However I believe a related bug was introduced by the following
horms> patch, also included in 2.6.11
horms> http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=8d5f3377d48c74df38990688f09e773887ba4eb5
horms> This new bugs allows discloser of the IP address of intermedate
horms> hops between the NATing box and the NAT'd box.
horms> This is easily demonstrated using tcptraceroute
horms> 1 10.0.1.7 61.524 ms 93.081 ms 22.982 ms
horms> 2 192.168.1.254 72.099 ms 66.899 ms 67.599 ms
horms> 3 10.0.1.7 [open] 67.188 ms 105.974 ms 104.873 ms
horms> I also believe that pretty much all kernels disclose
horms> enough information to work out if DNAT is in use or not.
horms> I wrote a long mail about this to netfilter-devel and will
horms> put a link here when it shows up
horms> In the mean time: (Message-ID: <20060202113824.GA4399@verge.net.au>)
horms> Given this seems to be an ongoing suite of problems, with little
horms> hope of a final solution, I'm marking it as ignore for all
horms> woody and sarge kernels, many of which i have reproduced the
horms> problem on allong with upstream's 2.4 (~2.4.33-pre1)
Bugs:
upstream: released (2.6.11)
linux-2.6: N/A
2.6.8-sarge-security: ignored (2.6.8-16sarge5)
2.4.27-sarge-security: ignored (2.4.27-10sarge5)
2.6.18-etch-security: N/A
|