Linux Kernel Panic Problem Solved

Wednesday, January 18, 2012 @ 02:01 PM gHale


Linux kernels 3.0.17, 3.1.9 and 3.2.1 fix a problem with the handling of Internet Group Management Protocol (IGMP) packets introduced with updates in Linux 2.6.36. An IGMPv3 protocol packet processed soon after the processing of an IGMPv2 packet could lead to a system crash caused by a kernel panic.

IGMP allows computers in a network to find multicast routers, for instance to receive video streams. During a multicast session, video streams do not go through the network separately to each recipient but transfer collectively to specific groups. IGMP serves for managing these groups and is a component of the IPv4 protocol suite.

RELATED STORIES
True SLOB: Linux Kernel Cracking
Wireshark Closes Security Holes
OAS HMI Holes Fixed
Snort to Boost SCADA Security
Siemens Default Password Issues

Simon McVittie late last week reported on his software development blog he found strange crashes of his Linux notebook in the Debian bug database. Debian developer Ben Hutchings found the problem was from a division by 0 that can occur with IGMP packets that have a Maximum Response Time of 0.

As a result, Linux systems running a kernel version from 2.6.36 or later, up until the patched versions, can quite easily crash remotely using certain IGMP packets if a program has registered to receive multicast packets from the network. Typical examples for such programs include the avahi mDNS server or media players, such as VLC, that support RTP.

Active attacks should technically only be possible within local networks, because IGMP broadcasts usually do not route beyond network boundaries. However, Hutchings said particular unicast packets may serve for attacks via the Internet unless a firewall blocks them.

Since a fix is now out there, distributors can offer updated kernel packages that no longer contain the vulnerability.



Leave a Reply

You must be logged in to post a comment.