[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#295948: Bug#295949: kernel-source-2.6.8: [CAN-2005-0449] skb_checksum_help DoS

On Fri, Feb 18, 2005 at 12:17:47PM +0100, Djoume SALVETTI wrote:
> Package: kernel-source-2.6.8
> Severity: normal
> 
> 
> Good day,
> 
> >From CAN-2005-0449 :
> 
> | The netfilter/iptables module in Linux before 2.6.8.1 allows remote
> | attackers to cause a denial of service (kernel crash) or bypass
> | firewall rules via crafted packets, which are not properly handled by
> | the skb_checksum_help function.

On Fri, Feb 18, 2005 at 12:24:28PM +0100, Djoume SALVETTI wrote:
> Package: kernel-source-2.6.10
> Severity: normal
> 
> 
> Good day,
> 
> >From CAN-2005-0449 :
> 
> | The netfilter/iptables module in Linux before 2.6.8.1 allows remote
> | attackers to cause a denial of service (kernel crash) or bypass
> | firewall rules via crafted packets, which are not properly handled by
> | the skb_checksum_help function.
> 
> More info is available here :
> http://oss.sgi.com/archives/netdev/2005-01/msg01036.html
> 
> I believe this CAN is bogus as 2.6.10 seems to be vulnerable.
> 
> A patch from Herbet Xu is available here :
> 
> http://oss.sgi.com/archives/netdev/2005-01/msg01072.html

This change is for CAN-2005-209 AFIK.
It has been added to SVN already.
CAN-2005-0449 is a different problem and
its patch seems to introduce an ABI change.


-- 
Horms
Reply to: