CVE-2004-0626

Name of the Vulnerable Software and Affected Versions Linux kernel version 2.6

Description The issue allows remote attackers to cause a denial of service, specifically CPU consumption by an infinite loop, when using iptables and TCP options rules. This occurs due to a large option length that produces a negative integer after a casting operation to the char type in the tcp find option function of the netfilter subsystem.

Recommendations For Linux kernel version 2.6, consider applying configuration changes to restrict the use of TCP options rules with iptables to minimize the risk of exploitation. As a temporary workaround, restrict access to the netfilter subsystem until a patch is available.