Is there any update available to address CVE-2013-4470?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 5

Issue

  • Is there any update available to address CVE-2013-4470?
  • How do we tell if we are susceptible to CVE-2013-4470?

Resolution

  • This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5.

  • For Red Hat Enterprise Linux 6.5, this issue has been addressed with kernel errata RHSA-2013:1801-2 1 as described in our CVE database 2.

  • For Red Hat Enterprise Linux 6.4, this issue has been addressed with kernel errata RHSA-2014:0284-1 3.

  • For Red Hat Enterprise MRG 2.4, this issue has been addressed with kernel errata RHSA-2014:0100-1 4.

  • The exploit requires UDP Fragmentation Offload (UFO) to be enabled on an outgoing interface. So part of determining if you are susceptible will be determining if you have UDP Fragmentation Offload (UFO) enabled.

You can check udp-fragmentation-offload by running something similiar to this command:

# ethtool -k eth0 | grep udp-frag
udp-fragmentation-offload: off

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments