Bug#305655: marked as done (CAN-2004-0790: TCP connection DoS through ICMP_QUENCH messages)
Your message dated Thu, 19 May 2005 06:47:46 -0400
with message-id <E1DYiZ8-0006pl-00@newraff.debian.org>
and subject line Bug#305655: fixed in kernel-source-2.4.27 2.4.27-10
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 21 Apr 2005 08:19:01 +0000
>From muehlenhoff@univention.de Thu Apr 21 01:19:01 2005
Return-path: <muehlenhoff@univention.de>
Received: from moutng.kundenserver.de [212.227.126.173]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DOWtp-0000TH-00; Thu, 21 Apr 2005 01:19:01 -0700
Received: from [212.227.126.209] (helo=mrelayng.kundenserver.de)
by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
id 1DOWtn-0006TR-00
for submit@bugs.debian.org; Thu, 21 Apr 2005 10:18:59 +0200
Received: from [195.90.9.8] (helo=anton)
by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1)
id 1DOWtn-0003ri-00
for submit@bugs.debian.org; Thu, 21 Apr 2005 10:18:59 +0200
Received: by anton (Postfix, from userid 2028)
id 5E4E9B6EC9; Thu, 21 Apr 2005 10:18:59 +0200 (CEST)
Content-Type: multipart/mixed; boundary="===============1468266789=="
MIME-Version: 1.0
From: Moritz Muehlenhoff <muehlenhoff@univention.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CAN-2004-0790: TCP connection DoS through ICMP_QUENCH messages
X-Mailer: reportbug 2.26.1.1.200308291454
Date: Thu, 21 Apr 2005 10:18:59 +0200
Message-Id: <20050421081859.5E4E9B6EC9@anton>
X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:4ad79d65ac46f2345c6ef2e856c1d9ef
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
This is a multi-part MIME message sent by reportbug.
--===============1468266789==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Package: kernel-source-2.4.27
Version: 2.4.27-9 (not installed)
Severity: important
Tags: security patch
http://www.gont.com.ar/drafts/draft-gont-tcpm-icmp-attacks-03.txt describes
several attacks on TCP through ICMP. One of the described problems affects
kernel 2.4 as well. Patch is attached (it's the upstream patch from Dave
S. Miller), it applies to 2.6 and 2.4.
Cheers,
Moritz
-- System Information:
Debian Release: 3.0
Architecture: i386
Kernel: Linux anton 2.4.29-univention.1 #1 SMP Thu Jan 27 17:08:46 CET 2005 i686
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro
--===============1468266789==
Content-Type: text/x-c; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="/home/jmm/CAN-2004-0790.patch"
diff -Naru a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
--- a/net/ipv4/tcp_ipv4.c 2005-04-21 01:04:30 -07:00
+++ b/net/ipv4/tcp_ipv4.c 2005-04-21 01:04:30 -07:00
@@ -1025,11 +1025,7 @@
switch (type) {
case ICMP_SOURCE_QUENCH:
- /* This is deprecated, but if someone generated it,
- * we have no reasons to ignore it.
- */
- if (sk->lock.users == 0)
- tcp_enter_cwr(tp);
+ /* Just silently ignore these. */
goto out;
case ICMP_PARAMETERPROB:
err = EPROTO;
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2004/09/13 15:57:49-07:00 davem@nuts.davemloft.net
# [TCP]: Just silently ignore ICMP Source Quench messages.
#
# Recommended by draft-gont-tcpm-icmp-attacks-01.txt
#
# Signed-off-by: David S. Miller <davem@davemloft.net>
#
# net/ipv4/tcp_ipv4.c
# 2004/09/13 15:57:37-07:00 davem@nuts.davemloft.net +1 -5
# [TCP]: Just silently ignore ICMP Source Quench messages.
#
--===============1468266789==--
---------------------------------------
Received: (at 305655-close) by bugs.debian.org; 19 May 2005 10:50:33 +0000
>From katie@ftp-master.debian.org Thu May 19 03:50:33 2005
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DYibp-0006w5-00; Thu, 19 May 2005 03:50:33 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DYiZ8-0006pl-00; Thu, 19 May 2005 06:47:46 -0400
From: Simon Horman <horms@debian.org>
To: 305655-close@bugs.debian.org
X-Katie: $Revision: 1.55 $
Subject: Bug#305655: fixed in kernel-source-2.4.27 2.4.27-10
Message-Id: <E1DYiZ8-0006pl-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Thu, 19 May 2005 06:47:46 -0400
Delivered-To: 305655-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 2
Source: kernel-source-2.4.27
Source-Version: 2.4.27-10
We believe that the bug you reported is fixed in the latest version of
kernel-source-2.4.27, which is due to be installed in the Debian FTP archive:
kernel-doc-2.4.27_2.4.27-10_all.deb
to pool/main/k/kernel-source-2.4.27/kernel-doc-2.4.27_2.4.27-10_all.deb
kernel-patch-debian-2.4.27_2.4.27-10_all.deb
to pool/main/k/kernel-source-2.4.27/kernel-patch-debian-2.4.27_2.4.27-10_all.deb
kernel-source-2.4.27_2.4.27-10.diff.gz
to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10.diff.gz
kernel-source-2.4.27_2.4.27-10.dsc
to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10.dsc
kernel-source-2.4.27_2.4.27-10_all.deb
to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10_all.deb
kernel-tree-2.4.27_2.4.27-10_all.deb
to pool/main/k/kernel-source-2.4.27/kernel-tree-2.4.27_2.4.27-10_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 305655@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon Horman <horms@debian.org> (supplier of updated kernel-source-2.4.27 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 16 May 2005 14:48:47 +0900
Source: kernel-source-2.4.27
Binary: kernel-tree-2.4.27 kernel-source-2.4.27 kernel-patch-debian-2.4.27 kernel-doc-2.4.27
Architecture: source all
Version: 2.4.27-10
Distribution: unstable
Urgency: low
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Simon Horman <horms@debian.org>
Description:
kernel-doc-2.4.27 - Linux kernel specific documentation for version 2.4.27
kernel-patch-debian-2.4.27 - Debian patches to Linux 2.4.27
kernel-source-2.4.27 - Linux kernel source for version 2.4.27 with Debian patches
kernel-tree-2.4.27 - Linux kernel source tree for building Debian kernel images
Closes: 302704 302705 302864 305655 308757
Changes:
kernel-source-2.4.27 (2.4.27-10) unstable; urgency=low
.
* 155_net-bluetooth-signdness-fix.diff:
[Security] Fix signedness problem at socket creation in bluetooth
which can lead to local root exploit. See CAN-2005-0750
(Simon Horman) (closes: Bug#302704)
.
* 156_fs-ext2-info-leak.diff:
[Security] Fix information leak in ext2 which leads to
a local information leak. See CAN-2005-0400
(Simon Horman)
.
* 157_fs-isofs-range-check-1.diff, 157_fs-isofs-range-check-2.diff,
157_fs-isofs-range-check-3.diff:
[Security] Fix range checking in isofs which leads to a local crash
and arbitary code execution. See CAN-2005-0815
(Simon Horman) (closes: #302864)
.
* 158_fs-binfmt_elf-dos.diff:
Potential DOS in load_elf_library. See CAN-2005-0749
(Simon Horman) (closes: #302705)
.
* 159_fs-cramfs-stat.diff
Fix to stat output for cramfs
(Simon Horman)
.
* 160_drivers-net-sis900-oops.diff
sis900 kernel oops fix
(Simon Horman)
.
* 161_drivers-net-amd8111e-irq.diff
AMD8111e driver was releasing an irq in some error situations
(Simon Horman)
.
* 162_drivers-net-via-rhine-irq.diff
VIA Rhine driver was releasing an irq in some error situations
(Simon Horman)
.
* 165_VM_IO.diff added, 140_VM_IO.diff removed:
[CAN-2004-1057] Updated fix for DoS from accessing freed kernel pages.
The previous fix seems to have cuased some problems and this
is the one that is upstream.
(Simon Horman, Dann Frazier)
.
* 164_net-ipv4-icmp-quench.diff:
[CAN-2004-0790] Just silently ignore ICMP Source Quench messages.
(Simon Horman) (closes: #305655)
.
* 165_arch-ia64-kernel-missing-sysctl.diff:
[CAN-2005-0137] Add missing sysctl slot for ia64 resolving
local DoS. (Simon Horman)
.
* fs-binfmt_elf-dump-privelage.diff:
Linux kernel ELF core dump privilege elevation
See CAN-2005-1263. (closes: #308757). (Simon Horman)
Files:
59d9aeb90e71e4b6369a6b4986da690b 888 devel optional kernel-source-2.4.27_2.4.27-10.dsc
0ccc5c9df0130e5da099cd1a7c8a7f64 688010 devel optional kernel-source-2.4.27_2.4.27-10.diff.gz
157b883cbfb91812912c16728eb61fa0 633228 devel optional kernel-patch-debian-2.4.27_2.4.27-10_all.deb
9478d7f77b06c30454ef7864d9487fd4 3576196 doc optional kernel-doc-2.4.27_2.4.27-10_all.deb
3ae3d29a6b8a3de23a860627f3b440c3 31022934 devel optional kernel-source-2.4.27_2.4.27-10_all.deb
15394d1f0d96b07955178f05296929e0 23348 devel optional kernel-tree-2.4.27_2.4.27-10_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCjGuZdu+M6Iexz7URAnSkAJ9SWaRWL1fYfJzpqtV+TXQ3LhkidgCgynIE
FHrCSlUvvU/NhZxzmELwM+0=
=kbKC
-----END PGP SIGNATURE-----
Reply to: