Vulnerability Note VU#641765 – 14 Aug 2018
Linux kernel IP fragment re-assembly vulnerable to denial of service
Cyber security guy includes myself really tired last few days. Found Linux kernel IP fragment re-assembly vulnerability today. It causes denial of service. It looks that computer appliances vendor not confirm this vulnerability on their product yet.
If you are really concern. Please review below parameters. You can do it manually to remediate this issue. If it works, please thank you to ultraman.
echo 393216 > /proc/sys/net/ipv4/ipfrag_low_thresh echo 544288 > /proc/sys/net/ipv4/ipfrag_high_thresh sysctl -w net.ipv4.ipfrag_low_thresh=393216 sysctl -w net.ipv4.ipfrag_high_thresh=544288
CERT technical articles for reference – https://www.kb.cert.org/vuls/id/641765