The default configuration of the IP Masquerade feature of certain Linux 2.2 kernels may allow unsolicited inbound UDP packets to traverse a NAT gateway and reach a translated network.
As defined in RFC 1631, Network Address Translation (NAT) provides a means to translate a local networks' IP addresses in to globally unique addresses. NAT operates on the assumption that not all of the hosts on a local network need to communicate beyond the local network at the same time. Traditional NAT and Port Address Translation (NAPT or PAT) can map many local addresses to fewer global addresses (possibly just one address), thus reducing the overall need for unique global IPv4 addresses, improving portability, and providing some modest security through the use of RFC 1918 private address space that is not globally routed.
IP Masquerade is a kernel implementation of NAT on Linux. Based on code obtained from The Linux Kernel Archives, IP Masquerade is configured by default to handle UDP translations using "destination loose" (DLOOSE) behavior in kernel versions 2.2.0-pre5 through 2.2.14. This is indicated in ip_masq.c by the presence of the preprocessor directive
An attacker could send arbitrary UDP packets to a network behind a vulnerable NAT gateway.
The following information is based on Linux kernel code from The Linux Kernel Archives. Individual distributions may have different default configurations.
Upgrade to Linux kernel version 2.4 or above that incorporates netfilter/iptables.
Mandriva, Inc. Affected
SUSE Linux Affected
The Linux Kernel Archives Affected
Apple Computer, Inc. Not Affected
Hewlett-Packard Company Not Affected
Sun Microsystems, Inc. Not Affected
Berkeley Software Design, Inc. Unknown
Data General Unknown
Debian Linux Unknown
FreeBSD, Inc. Unknown
IBM Corporation Unknown
NEC Corporation Unknown
Red Hat, Inc. Unknown
Sequent Computer Systems, Inc. Unknown
Siemens Nixdorf Unknown
Sony Corporation Unknown
The SCO Group (SCO Linux) Unknown
The SCO Group (SCO Unix) Unknown
The CERT Coordination Center acknowledges H. D. Moore for reporting this issue.
This document was written by Art Manion.
|Date First Published:||2002-04-02|
|Date Last Updated:||2008-05-06 20:47 UTC|