Title: Linux Kernel IP ID Information Disclosure Weakness

Severity: MODERATE

Description:

The Linux kernel is designed to set the 'ip_id' field of IP packets to zero when the Don't-Fragment (DF) bit is set. Since the 'ip_id' field is used to reassemble fragmented packets, packets that forbid fragmentation don't need this field to be set to a useful value. Some network operating systems always set the 'ip_id' field, regardless of the DF bit status, and this can lead to exploiting affected computers to perform stealth scans. Scans using 'ip_id' fields are typically called idle scans.

The Linux kernel is susceptible to a remote information-disclosure weakness. This issue is due to an implementation flaw of a zero 'ip_id' information-disclosure countermeasure.

This issue presents itself when affected kernels reply to TCP SYN packets with the ACK flag set. The reply packets include non-zero 'ip_id' values.

This issue allows remote attackers to use affected computers in stealth network port and trust scans.

The Linux kernel 2.6 series, as well as some kernels in the 2.4 series, are affected by this weakness.

Affected Products:

Avaya Converged Communications Server 2.0.0
Avaya Messaging Storage Server MM3.0
Avaya S8300
Avaya S8300 CM 3.1
Avaya S8300 R2.0.0
Avaya S8300 R2.0.1
Avaya S8500
Avaya S8500 CM 3.1
Avaya S8500 R2.0.0
Avaya S8500 R2.0.1
Avaya S8700 CM 3.1
Avaya S8700 R2.0.0
Avaya S8700 R2.0.1
Avaya S8710 CM 3.1
Avaya S8710 R2.0.0
Avaya S8710 R2.0.1
Debian Linux 3.1.0
Debian Linux 3.1.0 alpha
Debian Linux 3.1.0 amd64
Debian Linux 3.1.0 arm
Debian Linux 3.1.0 hppa
Debian Linux 3.1.0 ia-32
Debian Linux 3.1.0 ia-64
Debian Linux 3.1.0 m68k
Debian Linux 3.1.0 mips
Debian Linux 3.1.0 mipsel
Debian Linux 3.1.0 ppc
Debian Linux 3.1.0 s/390
Debian Linux 3.1.0 sparc
Linux kernel 2.4.19
Linux kernel 2.4.21
Linux kernel 2.4.27
Linux kernel 2.6.0
Linux kernel 2.6.0 -test1
Linux kernel 2.6.0 -test10
Linux kernel 2.6.0 -test11
Linux kernel 2.6.0 -test2
Linux kernel 2.6.0 -test3
Linux kernel 2.6.0 -test4
Linux kernel 2.6.0 -test5
Linux kernel 2.6.0 -test6
Linux kernel 2.6.0 -test7
Linux kernel 2.6.0 -test8
Linux kernel 2.6.0 -test9
Linux kernel 2.6.0 -test9-CVS
Linux kernel 2.6.0 .10
Linux kernel 2.6.1
Linux kernel 2.6.1 -rc1
Linux kernel 2.6.1 -rc2
Linux kernel 2.6.10
Linux kernel 2.6.10 rc2
Linux kernel 2.6.11
Linux kernel 2.6.11 -rc2
Linux kernel 2.6.11 -rc3
Linux kernel 2.6.11 -rc4
Linux kernel 2.6.11 .11
Linux kernel 2.6.11 .12
Linux kernel 2.6.11 .5
Linux kernel 2.6.11 .6
Linux kernel 2.6.11 .7
Linux kernel 2.6.11 .8
Linux kernel 2.6.12 -rc1
Linux kernel 2.6.12 -rc4
Linux kernel 2.6.12 -rc5
Linux kernel 2.6.12 .1
Linux kernel 2.6.12 .2
Linux kernel 2.6.12 .3
Linux kernel 2.6.12 .4
Linux kernel 2.6.12 .5
Linux kernel 2.6.12 .6
Linux kernel 2.6.13
Linux kernel 2.6.13 -rc1
Linux kernel 2.6.13 -rc4
Linux kernel 2.6.13 -rc6
Linux kernel 2.6.13 -rc7
Linux kernel 2.6.13 .1
Linux kernel 2.6.13 .2
Linux kernel 2.6.13 .3
Linux kernel 2.6.13 .4
Linux kernel 2.6.14
Linux kernel 2.6.14 -rc1
Linux kernel 2.6.14 -rc2
Linux kernel 2.6.14 -rc3
Linux kernel 2.6.14 -rc4
Linux kernel 2.6.14 .1
Linux kernel 2.6.14 .2
Linux kernel 2.6.14 .3
Linux kernel 2.6.14.4
Linux kernel 2.6.14.5
Linux kernel 2.6.15
Linux kernel 2.6.15 -rc1
Linux kernel 2.6.15 -rc2
Linux kernel 2.6.15 -rc3
Linux kernel 2.6.15 .4
Linux kernel 2.6.15.1
Linux kernel 2.6.15.2
Linux kernel 2.6.15.3
Linux kernel 2.6.15.5
Linux kernel 2.6.15.6
Linux kernel 2.6.16 -rc1
Linux kernel 2.6.2
Linux kernel 2.6.3
Linux kernel 2.6.4
Linux kernel 2.6.5
Linux kernel 2.6.6
Linux kernel 2.6.6 rc1
Linux kernel 2.6.7
Linux kernel 2.6.7 rc1
Linux kernel 2.6.8
Linux kernel 2.6.8 rc1
Linux kernel 2.6.8 rc2
Linux kernel 2.6.8 rc3
Linux kernel 2.6.9
MandrakeSoft Corporate Server 3.0.0
MandrakeSoft Corporate Server 3.0.0 x86_64
MandrakeSoft Linux Mandrake 2006.0.0
MandrakeSoft Linux Mandrake 2006.0.0 x86_64
MandrakeSoft Multi Network Firewall 2.0.0
RedHat Desktop 3.0.0
RedHat Desktop 4.0.0
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 4
RedHat Fedora Core2
RedHat Fedora Core3
RedHat Fedora Core4
S.u.S.E. Linux Enterprise Server 8
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server for S/390 9.0.0
S.u.S.E. Linux Personal 10.0.0 OSS
S.u.S.E. Linux Personal 9.1.0
S.u.S.E. Linux Personal 9.1.0 x86_64
S.u.S.E. Linux Personal 9.2.0
S.u.S.E. Linux Personal 9.2.0 x86_64
S.u.S.E. Linux Personal 9.3.0
S.u.S.E. Linux Personal 9.3.0 x86_64
S.u.S.E. Linux Professional 10.0.0
S.u.S.E. Linux Professional 10.0.0 OSS
S.u.S.E. Linux Professional 9.1.0
S.u.S.E. Linux Professional 9.1.0 x86_64
S.u.S.E. Linux Professional 9.2.0
S.u.S.E. Linux Professional 9.2.0 x86_64
S.u.S.E. Linux Professional 9.3.0
S.u.S.E. Linux Professional 9.3.0 x86_64
S.u.S.E. Novell Linux Desktop 1.0.0
S.u.S.E. UnitedLinux 1.0.0
Trustix Secure Enterprise Linux 2.0.0
Trustix Secure Linux 2.2.0
Trustix Secure Linux 3.0.0
Ubuntu Ubuntu Linux 4.1.0 ia32
Ubuntu Ubuntu Linux 4.1.0 ia64
Ubuntu Ubuntu Linux 4.1.0 ppc
Ubuntu Ubuntu Linux 5.0.0 4 amd64
Ubuntu Ubuntu Linux 5.0.0 4 i386
Ubuntu Ubuntu Linux 5.0.0 4 powerpc
Ubuntu Ubuntu Linux 5.10.0 amd64
Ubuntu Ubuntu Linux 5.10.0 i386
Ubuntu Ubuntu Linux 5.10.0 powerpc

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.

J-Security Center

Title: Linux Kernel IP ID Information Disclosure Weakness

Severity: MODERATE

Description:

Affected Products:

References: