iproute local Denial of Service vulnerability — GLSA 200404-10

The iproute package allows local users to cause a denial of service.

Affected packages

Package 	sys-apps/iproute on all architectures
Affected versions 	<= 20010824-r4
Unaffected versions 	>= 20010824-r5

Background

iproute is a set of tools for managing linux network routing and advanced features.

Description

It has been reported that iproute can accept spoofed messages on the kernel netlink interface from local users. This could lead to a local Denial of Service condition.

Impact

Local users could cause a Denial of Service.

Workaround

A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.

Resolution

All iproute users should upgrade to version 20010824-r5 or later:

 # emerge sync

 # emerge -pv ">=sys-apps/iproute-20010824-r5";
 # emerge ">=sys-apps/iproute-20010824-r5";
 

References

    CAN-2003-0856