[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [coley@mitre.org: CAN-2005-2802 split into separate CANs]

horms@verge.net.au writes:

> On Sat, Sep 10, 2005 at 01:14:49AM +0200, Moritz Muehlenhoff wrote:
>> Hi Horms,
>> can you please
>> a) correct the changelog in SVN
>
> Done.
>
>> b) check whether CAN-2005-2873 is fixed as well
>
> That bug does seem to be present in 2.4.27, 2.6.8, 2.6.12, 2.6.13
> and Linus' current git tree. The comment at
> http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/
> seems to imply that the fix has been held off until post 2.6.14, but
> I do not know why. I have CCed Juergen, hopefully he can comment.

Dave Miller didn't like the usage of xtime.tv_sec (via get_seconds()),
as it can be changed from the outside which may cause problems.  So,
in short, I have to find a better fix (although I'm perfectly happy
with the old fix for my systems).


        Juergen

Quoting the rest for the sake of clarity:

> Also, is the a reason this correspondence can't go to debian-kernel?
>
>>
>> Cheers,
>> Moritz
>>
>> ----- Forwarded message from "Steven M. Christey" <coley@mitre.org>
>>       -----
>>
>> Date: Fri, 9 Sep 2005 14:21:46 -0400 (EDT)
>> From: "Steven M. Christey" <coley@mitre.org>
>> Subject: CAN-2005-2802 split into separate CANs
>>
>>
>> Hello,
>>
>> Based on some clarifying information from Juergen Kreileder, it
>> became clear that CAN-2005-2802, as I wrote it, actually combined
>> two distinct issues, only one of which was initially fixed.  As a
>> result, it needs to be REJECTed and split into two other separate
>> candidates, namely CAN-2005-2872 and CAN-2005-2873.  See details
>> below.
>>
>> - Steve
>>
>>
>> ======================================================
>> Candidate: CAN-2005-2802
>> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2802
>>
>> ** REJECT **
>>
>> DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CAN-2005-2872,
>> CAN-2005-2873.  Reason: this candidate's description originally
>> combined two separate issues.  Notyes: All CVE users should consult
>> CAN-2005-2872 and CAN-2005-2873 to determine the appropriate
>> identifier for the issue.
>>
>>
>> ====================================================== Candidate:
>> CAN-2005-2872 URL:
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2872
>> Reference:
>> CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322237
>> Reference:
>> CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/lsm-2.6.git;a=commit;h=bcfff0b471a60df350338bcd727fc9b8a6aa54b2
>>
>> The ipt_recent kernel module (ipt_recent.c) in Linux kernel before
>> 2.6.12, when running on 64-bit processors such as AMD64, allows
>> remote attackers to cause a denial of service (kernel panic) via
>> certain attacks such as SSH brute force, which leads to memset
>> calls using a length based on the u_int32_t type, acting on an
>> array of unsigned long elements, a different vulnerability than
>> CAN-2005-2873.
>>
>>
>> ====================================================== Candidate:
>> CAN-2005-2873 URL:
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2873
>> Reference:
>> MISC:http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/
>>
>> The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12
>> and earlier does not properly perform certain time tests when the
>> jiffies value is greater than LONG_MAX, which can cause ipt_recent
>> netfilter rules to block too early, a different vulnerability than
>> CAN-2005-2872.
>>
>>
>>
>>
>> ----- End forwarded message -----

-- 
Juergen Kreileder, Blackdown Java-Linux Team
http://blog.blackdown.de/
Reply to: