Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8

To: Paul TBBle Hampson <Paul.Hampson@anu.edu.au>
Cc: Moritz Muehlenhoff <jmm@inutil.org>, 309308@bugs.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org
Subject: Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
From: Horms <horms@debian.org>
Date: Thu, 11 Aug 2005 18:57:55 +0900
Message-id: <[🔎] 20050811095754.GG14427@verge.net.au>
Reply-to: Horms <horms@debian.org>, 309308@bugs.debian.org
In-reply-to: <[🔎] 20050811094549.GA19121@keitarou.queanbeyan.bubblesworth.net>
References: <[🔎] 20050811014254.GA15047@keitarou.queanbeyan.bubblesworth.net> <[🔎] 20050811042418.GJ1378@verge.net.au> <[🔎] 20050811090417.GA5735@informatik.uni-bremen.de> <[🔎] 20050811094549.GA19121@keitarou.queanbeyan.bubblesworth.net>

On Thu, Aug 11, 2005 at 07:46:12PM +1000, Paul TBBle Hampson wrote:
> On Thu, Aug 11, 2005 at 11:04:17AM +0200, Moritz Muehlenhoff wrote:
> > Horms wrote:
> > >> below patch has been slurped into the Debian patches for 2.6.8, but the
> > >> error posted looks like the same error I suffered when hitting this bug.
> > >> 
> > >> Patch from http://lists.osdl.org/pipermail/bridge/2004-September/000638.html
> > >> 
> > >> Cut and paste from the web archive, so spacing etc. may be boned.
> > >> But it's a typo-only fix anyway, so easy enough to recreate.
> >> 
> >> Thanks I have added this to SVN. 
> >> 
> >> Is this considered a security bug and if so does it have a CAN number?
> 
> > There is no public CVE assignment for this issue. If's it easily reproducable
> > for non-root, it might account as a local DoS vulnerability.
> 
> mii-tool's IOCTL is only allowed by root.
> 
> The remote DoS comes from the fact that snmpd will call this IOCTL when it
> gets a request for the interface statistics.
> 
> So it's exploitable via SNMP if the exploiter has access to the SNMP tree
> in question. (Which is not the default, if I recall correctly?)
> 
> However, this means that cricket will bone the machine during the boot process,
> or soon after.

I think thats a strong enough reason to tag it as a security fix,
and thus include it in a kernel security update.

-- 
Horms

Reply to:

Follow-Ups:
- Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
  - From: Moritz Muehlenhoff <jmm@inutil.org>

References:
- Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
  - From: Paul TBBle Hampson <Paul.Hampson@anu.edu.au>
- Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
  - From: Horms <horms@debian.org>
- Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
  - From: Paul TBBle Hampson <Paul.Hampson@anu.edu.au>

Prev by Date: Re: Bug#322205: udev: vol_id crashes on usb storage device
Next by Date: Re: Bug#322205: udev: vol_id crashes on usb storage device
Previous by thread: Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
Next by thread: Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
Index(es):
- Date
- Thread