Upstream information
Description
The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.NVD CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Novell/SUSE information
Note from the SUSE Security Team
While a fix was released for SUSE Linux Enterprise 11 SP1 via the 2.6.32.stable tree, the SUSE kernel engineering team is currently not considering a backport for older SUSE Linux Enterprise versions for this problem.Reasons are:
- The patches are tricky to backport and risk of unintended and undiscovered breakage is high.
- The currently used 24 bit strong MD4 hashing still covers all but extreme scenarios, where a potential attacker must be in gigabit ethernet reach in close proximity to the targeted machine. This is likely to remain the case during the SUSE Linux Enterprise 10 life time.
- Current usage of cryptographic protocols will make this attack ineffective.
- Non local attackers will likely be caught by the network ingres filtering that is strongly recommended these days.
- SUSE-SA:2011:046, published Tue, 13 Dec 2011 17:00:00 +0000
- SUSE-SU-2011:1319-1, published Tue, 13 Dec 2011 19:08:30 +0100 (CET)
- SUSE-SU-2011:1319-2, published Wed, 14 Dec 2011 08:08:27 +0100 (CET)
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SLE 11 SERVER Unsupported Extras |
| Builds SAT Patch Nr: 5495 |
| SLE 11 SP1 DEBUGINFO |
| sles11-sp1.ppc sle11-sp1-hae.ppc SAT Patch Nr: 5507 |
| SUSE Linux Enterprise High Availability Extension 11 SP1 |
| sles11-sp1.ppc sle11-sp1-hae.ppc SAT Patch Nr: 5507 |
| SUSE Linux Enterprise Server 11 SP1 |
| sles11-sp1.ppc sle11-sp1-hae.ppc SAT Patch Nr: 5507 |
| SLE 11 SP1 DEBUGINFO |
| sle11-sp1-hae.x86-64 sles11-sp1.x86-64 sled11-sp1.x86-64 sles11-sp1-vmware.x86-64 SAT Patch Nr: 5511 |
| SUSE Linux Enterprise High Availability Extension 11 SP1 |
| sle11-sp1-hae.x86-64 sles11-sp1.x86-64 sled11-sp1.x86-64 sles11-sp1-vmware.x86-64 SAT Patch Nr: 5511 |
| SUSE Linux Enterprise Desktop 11 SP1 |
| sle11-sp1-hae.x86-64 sles11-sp1.x86-64 sled11-sp1.x86-64 sles11-sp1-vmware.x86-64 SAT Patch Nr: 5511 |
| SUSE Linux Enterprise Server 11 SP1 for VMware |
| sle11-sp1-hae.x86-64 sles11-sp1.x86-64 sled11-sp1.x86-64 sles11-sp1-vmware.x86-64 SAT Patch Nr: 5511 |
| SUSE Linux Enterprise Server 11 SP1 |
| sle11-sp1-hae.x86-64 sles11-sp1.x86-64 sled11-sp1.x86-64 sles11-sp1-vmware.x86-64 SAT Patch Nr: 5511 |
| SLE 11 SERVER Unsupported Extras |
| Builds SAT Patch Nr: 5496 |
| SLE 11 SP1 DEBUGINFO |
| sle11-sp1-hae.ia64 sles11-sp1.ia64 SAT Patch Nr: 5494 |
| SUSE Linux Enterprise High Availability Extension 11 SP1 |
| sle11-sp1-hae.ia64 sles11-sp1.ia64 SAT Patch Nr: 5494 |
| SUSE Linux Enterprise Server 11 SP1 |
| sle11-sp1-hae.ia64 sles11-sp1.ia64 SAT Patch Nr: 5494 |
| SLE 11 SERVER Unsupported Extras |
| Builds SAT Patch Nr: 5497 |
| SLE 11 SP1 DEBUGINFO |
| sles11-sp1-vmware.x86 sle11-sp1-hae.x86 sles11-sp1.x86 sled11-sp1.x86 SAT Patch Nr: 5510 |
| SUSE Linux Enterprise High Availability Extension 11 SP1 |
| sles11-sp1-vmware.x86 sle11-sp1-hae.x86 sles11-sp1.x86 sled11-sp1.x86 SAT Patch Nr: 5510 |
| SUSE Linux Enterprise Desktop 11 SP1 |
| sles11-sp1-vmware.x86 sle11-sp1-hae.x86 sles11-sp1.x86 sled11-sp1.x86 SAT Patch Nr: 5510 |
| SUSE Linux Enterprise Server 11 SP1 for VMware |
| sles11-sp1-vmware.x86 sle11-sp1-hae.x86 sles11-sp1.x86 sled11-sp1.x86 SAT Patch Nr: 5510 |
| SUSE Linux Enterprise Server 11 SP1 |
| sles11-sp1-vmware.x86 sle11-sp1-hae.x86 sles11-sp1.x86 sled11-sp1.x86 SAT Patch Nr: 5510 |
| SUSE Linux Enterprise High Availability Extension 11 SP1 |
| sle11-sp1-hae.ppc sle11-sp1-hae.ia64 sles11-sp1.ppc sles11-sp1.s390x sles11-sp1.x86-64 sle11-sp1-hae.s390x sle11-sp1-hae.x86 sles11-sp1.ia64 sles11-sp1.x86 sle11-sp1-hae.x86-64 SAT Patch Nr: 5509 |
| SUSE Linux Enterprise Server 11 SP1 |
| sle11-sp1-hae.ppc sle11-sp1-hae.ia64 sles11-sp1.ppc sles11-sp1.s390x sles11-sp1.x86-64 sle11-sp1-hae.s390x sle11-sp1-hae.x86 sles11-sp1.ia64 sles11-sp1.x86 sle11-sp1-hae.x86-64 SAT Patch Nr: 5509 |
| SUSE Linux Enterprise Server 11 SP1 |
| sle11-sp1-hae.ppc sle11-sp1-hae.ia64 sles11-sp1.ppc sles11-sp1.s390x sles11-sp1.x86-64 sle11-sp1-hae.s390x sle11-sp1-hae.x86 sles11-sp1.ia64 sles11-sp1.x86 sle11-sp1-hae.x86-64 SAT Patch Nr: 5509 |
| SUSE Linux Enterprise Server 11 SP1 |
| sle11-sp1-hae.ppc sle11-sp1-hae.ia64 sles11-sp1.ppc sles11-sp1.s390x sles11-sp1.x86-64 sle11-sp1-hae.s390x sle11-sp1-hae.x86 sles11-sp1.ia64 sles11-sp1.x86 sle11-sp1-hae.x86-64 SAT Patch Nr: 5509 |
| SLE 11 SERVER Unsupported Extras |
| Builds SAT Patch Nr: 5503 |
| SLE 11 SERVER Unsupported Extras |
| Builds SAT Patch Nr: 5502 |
| SLE 11 SP1 DEBUGINFO |
| sles11-sp1.s390x sle11-sp1-hae.s390x SAT Patch Nr: 5493 |
| SUSE Linux Enterprise High Availability Extension 11 SP1 |
| sles11-sp1.s390x sle11-sp1-hae.s390x SAT Patch Nr: 5493 |
| SUSE Linux Enterprise Server 11 SP1 |
| sles11-sp1.s390x sle11-sp1-hae.s390x SAT Patch Nr: 5493 |