The Linux Kernel Archives Information for VU#24140

Linux kernel IP Masquerading "destination loose" (DLOOSE) configuration passes arbitrary UDP traffic

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Based on Linux kernel source code from The Linux Kernel Archives:

  • Linux kernels 2.2.0-pre5 to 2.2.14 enable UDP DLOOSE IP Masquerade behavior by default.
  • Linux kernels 2.2.15 to 2.2.20 disable UDP DLOOSE IP Masquerade behavior by default.
  • Linux kernels 2.4 and above do not use UDP DLOOSE IP Masquerade behavior since the netfilter/iptables subsystem tracks UDP sessions individually.

If you have feedback, comments, or additional information about this vulnerability, please send us email.