The Linux Kernel Archives Information for VU#24140
Linux kernel IP Masquerading "destination loose" (DLOOSE) configuration passes arbitrary UDP traffic
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Based on Linux kernel source code from The Linux Kernel Archives:
- Linux kernels 2.2.0-pre5 to 2.2.14 enable UDP DLOOSE IP Masquerade behavior by default.
- Linux kernels 2.2.15 to 2.2.20 disable UDP DLOOSE IP Masquerade behavior by default.
- Linux kernels 2.4 and above do not use UDP DLOOSE IP Masquerade behavior since the netfilter/iptables subsystem tracks UDP sessions individually.
If you have feedback, comments, or additional information about this vulnerability, please send us email.