Bug#779201: kfreebsd-{8,9}: CVE-2015-1414: DoS via IGMP packet

To: team@security.debian.org
Cc: 779201@bugs.debian.org, 779202@bugs.debian.org, Steven Chamberlain <steven@pyro.eu.org>
Subject: Bug#779201: kfreebsd-{8,9}: CVE-2015-1414: DoS via IGMP packet
From: Christoph Egger <christoph@debian.org>
Date: Wed, 25 Feb 2015 14:27:47 +0100
Message-id: <[🔎] 87sidudsto.fsf@mitoraj.siccegge.de>
Reply-to: Christoph Egger <christoph@debian.org>, 779201@bugs.debian.org
In-reply-to: <[🔎] 20150225113739.61121.55795.reportbug@sid.kfreebsd-amd64.pyro.eu.org> (sfid-20150225_123937_065109_8A385946) (Steven Chamberlain's message of "Wed, 25 Feb 2015 11:37:39 +0000")
References: <[🔎] 20150225113739.61121.55795.reportbug@sid.kfreebsd-amd64.pyro.eu.org>

Hi!

I would like to upload to stable security for this kernel crash / DoS
vulnerability. Patch for -8 is below, -9 is the same modulo version
numbers.

Steven Chamberlain <steven@pyro.eu.org> writes:
> A remote DoS was reported in FreeBSD's IGMP packet handling:
> https://www.freebsd.org/security/advisories/FreeBSD-SA-15:04.igmp.asc
>
> This affects all our kfreebsd-8, -9, -10 and -11 packages.
>
> I don't know yet if this can be exploited over the public Internet
> or only on a local network segment.
>
> As a mitigation, the PF firewall can probably be configured to block
> 'proto igmp' packets before the kernel processes them.  

  Christoph

diff -Nru kfreebsd-9-9.0/debian/changelog kfreebsd-9-9.0/debian/changelog
--- kfreebsd-9-9.0/debian/changelog	2015-02-25 13:44:41.000000000 +0100
+++ kfreebsd-9-9.0/debian/changelog	2015-02-25 14:13:10.000000000 +0100
@@ -1,3 +1,9 @@
+kfreebsd-9 (9.0-10+deb70.9) wheezy-security; urgency=medium
+
+  * Upstream patch for FreeBSD-SA-15:04.igmp / CVE-2015-1414 (Closes: #779201)
+
+ -- Christoph Egger <christoph@debian.org>  Wed, 25 Feb 2015 14:08:57 +0100
+
 kfreebsd-9 (9.0-10+deb70.8) wheezy-security; urgency=high
 
   * Team upload.
diff -Nru kfreebsd-9-9.0/debian/patches/series kfreebsd-9-9.0/debian/patches/series
--- kfreebsd-9-9.0/debian/patches/series	2015-02-25 13:44:41.000000000 +0100
+++ kfreebsd-9-9.0/debian/patches/series	2015-02-25 14:01:55.000000000 +0100
@@ -59,3 +59,4 @@
 950_no_stack_protector.diff
 999_config.diff
 999_firmware.diff
+svn279263-FreeBSD-SA-15:04.igmp
diff -Nru kfreebsd-9-9.0/debian/patches/svn279263-FreeBSD-SA-15:04.igmp kfreebsd-9-9.0/debian/patches/svn279263-FreeBSD-SA-15:04.igmp
--- kfreebsd-9-9.0/debian/patches/svn279263-FreeBSD-SA-15:04.igmp	1970-01-01 01:00:00.000000000 +0100
+++ kfreebsd-9-9.0/debian/patches/svn279263-FreeBSD-SA-15:04.igmp	2015-02-25 14:05:17.000000000 +0100
@@ -0,0 +1,15 @@
+Index: 9/sys/netinet/igmp.c
+===================================================================
+--- 9/sys/netinet/igmp.c	(revision 279262)
++++ 9/sys/netinet/igmp.c	(revision 279263)
+@@ -1533,8 +1533,8 @@
+ 		case IGMP_VERSION_3: {
+ 				struct igmpv3 *igmpv3;
+ 				uint16_t igmpv3len;
+-				uint16_t srclen;
+-				int nsrc;
++				uint16_t nsrc;
++				int srclen;
+ 
+ 				IGMPSTAT_INC(igps_rcv_v3_queries);
+ 				igmpv3 = (struct igmpv3 *)igmp;

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Bug#779201: kfreebsd-{8,9}: CVE-2015-1414: DoS via IGMP packet
  - From: Moritz Mühlenhoff <jmm@inutil.org>

References:
- Bug#779195: kfreebsd-10: CVE-2015-1414: DoS via IGMP packet
  - From: Steven Chamberlain <steven@pyro.eu.org>

Prev by Date: Processed: Re: cloning 779195, reassign -1 to src:kfreebsd-9, reassign -2 to src:kfreebsd-8
Next by Date: Bug#779201: kfreebsd-{8,9}: CVE-2015-1414: DoS via IGMP packet
Previous by thread: Bug#779195: kfreebsd-10: CVE-2015-1414: DoS via IGMP packet
Next by thread: Bug#779201: kfreebsd-{8,9}: CVE-2015-1414: DoS via IGMP packet
Index(es):
- Date
- Thread