Bug#295949: marked as done (kernel-source-2.6.8: [CAN-2005-0449] skb_checksum_help DoS)
Your message dated Thu, 6 Oct 2005 13:42:44 +0900
with message-id <20051006044244.GC19067@verge.net.au>
and subject line #295949: kernel-source-2.6.8: [CAN-2005-0449] skb_checksum_help DoS
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 19 Feb 2005 09:45:17 +0000
>From djoume@taket.org Sat Feb 19 01:45:17 2005
Return-path: <djoume@taket.org>
Received: from krepost.taket.org (localhost) [82.233.235.217]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D2RAr-0006vH-00; Sat, 19 Feb 2005 01:45:17 -0800
Received: from djoume by localhost with local (Exim 4.44)
id 1D268p-0001vR-8c; Fri, 18 Feb 2005 12:17:47 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Djoume SALVETTI <djoume@taket.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kernel-source-2.6.8: [CAN-2005-0449] skb_checksum_help DoS
X-Mailer: reportbug 3.7.1
Date: Fri, 18 Feb 2005 12:17:47 +0100
X-Debbugs-Cc: djoume@taket.org
Message-Id: <E1D268p-0001vR-8c@localhost>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-10.3 required=4.0 tests=BAYES_00,DATE_IN_PAST_12_24,
HAS_PACKAGE,X_DEBBUGS_CC autolearn=ham
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: kernel-source-2.6.8
Severity: normal
Good day,
>From CAN-2005-0449 :
| The netfilter/iptables module in Linux before 2.6.8.1 allows remote
| attackers to cause a denial of service (kernel crash) or bypass
| firewall rules via crafted packets, which are not properly handled by
| the skb_checksum_help function.
More info is available here :
http://oss.sgi.com/archives/netdev/2005-01/msg01036.html
I believe this CAN is bogus as 2.6.10 seems to be vulnerable.
A patch from Herbet Xu is available here :
http://oss.sgi.com/archives/netdev/2005-01/msg01072.html
Regards.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: powerpc (ppc)
Kernel: Linux 2.6.9-rfb-swsusp
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro (charmap=ISO-8859-15)
---------------------------------------
Received: (at 295949-done) by bugs.debian.org; 6 Oct 2005 05:11:26 +0000
>From horms@koto.vergenet.net Wed Oct 05 22:11:26 2005
Return-path: <horms@koto.vergenet.net>
Received: from koto.vergenet.net [210.128.90.7]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1ENO2Q-0004Ce-00; Wed, 05 Oct 2005 22:11:26 -0700
Received: by koto.vergenet.net (Postfix, from userid 7100)
id B2EA63402B; Thu, 6 Oct 2005 14:10:54 +0900 (JST)
Date: Thu, 6 Oct 2005 13:42:44 +0900
From: Horms <horms@debian.org>
To: 295949-done@bugs.debian.org
Subject: #295949: kernel-source-2.6.8: [CAN-2005-0449] skb_checksum_help DoS
Message-ID: <20051006044244.GC19067@verge.net.au>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Cluestick: seven
User-Agent: Mutt/1.5.11
Delivered-To: 295949-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
#295949: kernel-source-2.6.8: [CAN-2005-0449] skb_checksum_help DoS
Fixed in 2.6.8-14
--
Horms
Reply to: