Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8

To: Horms <horms@debian.org>
Cc: Paul TBBle Hampson <Paul.Hampson@anu.edu.au>, 309308@bugs.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org
Subject: Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 12 Aug 2005 09:26:49 +0200
Message-id: <[🔎] 20050812072648.GA5575@informatik.uni-bremen.de>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 309308@bugs.debian.org
In-reply-to: <[🔎] 20050811095754.GG14427@verge.net.au>
References: <[🔎] 20050811014254.GA15047@keitarou.queanbeyan.bubblesworth.net> <[🔎] 20050811042418.GJ1378@verge.net.au> <[🔎] 20050811090417.GA5735@informatik.uni-bremen.de> <[🔎] 20050811094549.GA19121@keitarou.queanbeyan.bubblesworth.net> <[🔎] 20050811095754.GG14427@verge.net.au>

Horms wrote:
> > > There is no public CVE assignment for this issue. If's it easily reproducable
> > > for non-root, it might account as a local DoS vulnerability.
> > 
> > mii-tool's IOCTL is only allowed by root.
> > 
> > The remote DoS comes from the fact that snmpd will call this IOCTL when it
> > gets a request for the interface statistics.
> > 
> > So it's exploitable via SNMP if the exploiter has access to the SNMP tree
> > in question. (Which is not the default, if I recall correctly?)
> > 
> > However, this means that cricket will bone the machine during the boot process,
> > or soon after.
> 
> I think thats a strong enough reason to tag it as a security fix,
> and thus include it in a kernel security update.

Hi Horms,
this is now CAN-2005-2548. Can you please add it to the changelog?

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
  - From: Horms <horms@debian.org>

References:
- Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
  - From: Paul TBBle Hampson <Paul.Hampson@anu.edu.au>
- Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
  - From: Horms <horms@debian.org>
- Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
  - From: Paul TBBle Hampson <Paul.Hampson@anu.edu.au>
- Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
  - From: Horms <horms@debian.org>

Prev by Date: Re: linux-2.6 - patches
Next by Date: kernel 2.4.27-10: isofs driver ignore some parameters with mount
Previous by thread: Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
Next by thread: Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
Index(es):
- Date
- Thread