Bug#295948: Bug#295949: kernel-source-2.6.8: [CAN-2005-0449] skb_checksum_help DoS
On Fri, Feb 18, 2005 at 12:17:47PM +0100, Djoume SALVETTI wrote:
> Package: kernel-source-2.6.8
> Severity: normal
>
>
> Good day,
>
> >From CAN-2005-0449 :
>
> | The netfilter/iptables module in Linux before 2.6.8.1 allows remote
> | attackers to cause a denial of service (kernel crash) or bypass
> | firewall rules via crafted packets, which are not properly handled by
> | the skb_checksum_help function.
On Fri, Feb 18, 2005 at 12:24:28PM +0100, Djoume SALVETTI wrote:
> Package: kernel-source-2.6.10
> Severity: normal
>
>
> Good day,
>
> >From CAN-2005-0449 :
>
> | The netfilter/iptables module in Linux before 2.6.8.1 allows remote
> | attackers to cause a denial of service (kernel crash) or bypass
> | firewall rules via crafted packets, which are not properly handled by
> | the skb_checksum_help function.
>
> More info is available here :
> http://oss.sgi.com/archives/netdev/2005-01/msg01036.html
>
> I believe this CAN is bogus as 2.6.10 seems to be vulnerable.
>
> A patch from Herbet Xu is available here :
>
> http://oss.sgi.com/archives/netdev/2005-01/msg01072.html
This change is for CAN-2005-209 AFIK.
It has been added to SVN already.
CAN-2005-0449 is a different problem and
its patch seems to introduce an ABI change.
--
Horms
Reply to: