[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8



On Thu, Aug 11, 2005 at 11:04:17AM +0200, Moritz Muehlenhoff wrote:
> Horms wrote:
> >> below patch has been slurped into the Debian patches for 2.6.8, but the
> >> error posted looks like the same error I suffered when hitting this bug.
> >> 
> >> Patch from http://lists.osdl.org/pipermail/bridge/2004-September/000638.html
> >> 
> >> Cut and paste from the web archive, so spacing etc. may be boned.
> >> But it's a typo-only fix anyway, so easy enough to recreate.
>> 
>> Thanks I have added this to SVN. 
>> 
>> Is this considered a security bug and if so does it have a CAN number?

> There is no public CVE assignment for this issue. If's it easily reproducable
> for non-root, it might account as a local DoS vulnerability.

mii-tool's IOCTL is only allowed by root.

The remote DoS comes from the fact that snmpd will call this IOCTL when it
gets a request for the interface statistics.

So it's exploitable via SNMP if the exploiter has access to the SNMP tree
in question. (Which is not the default, if I recall correctly?)

However, this means that cricket will bone the machine during the boot process,
or soon after.

^_^

-- 
-----------------------------------------------------------
Paul "TBBle" Hampson, MCSE
8th year CompSci/Asian Studies student, ANU
The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361)
Paul.Hampson@Anu.edu.au

"No survivors? Then where do the stories come from I wonder?"
-- Capt. Jack Sparrow, "Pirates of the Caribbean"

License: http://creativecommons.org/licenses/by/2.1/au/
-----------------------------------------------------------

Attachment: pgpDFUKM4lqkF.pgp
Description: PGP signature


Reply to: