Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8

To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: Paul TBBle Hampson <Paul.Hampson@anu.edu.au>, 309308@bugs.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org
Subject: Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
From: Horms <horms@debian.org>
Date: Fri, 12 Aug 2005 16:40:29 +0900
Message-id: <[🔎] 20050812074027.GM1654@verge.net.au>
Reply-to: Horms <horms@debian.org>, 309308@bugs.debian.org
In-reply-to: <[🔎] 20050812072648.GA5575@informatik.uni-bremen.de>
References: <[🔎] 20050811014254.GA15047@keitarou.queanbeyan.bubblesworth.net> <[🔎] 20050811042418.GJ1378@verge.net.au> <[🔎] 20050811090417.GA5735@informatik.uni-bremen.de> <[🔎] 20050811094549.GA19121@keitarou.queanbeyan.bubblesworth.net> <[🔎] 20050811095754.GG14427@verge.net.au> <[🔎] 20050812072648.GA5575@informatik.uni-bremen.de>

On Fri, Aug 12, 2005 at 09:26:49AM +0200, Moritz Muehlenhoff wrote:
> Horms wrote:
> > > > There is no public CVE assignment for this issue. If's it easily reproducable
> > > > for non-root, it might account as a local DoS vulnerability.
> > > 
> > > mii-tool's IOCTL is only allowed by root.
> > > 
> > > The remote DoS comes from the fact that snmpd will call this IOCTL when it
> > > gets a request for the interface statistics.
> > > 
> > > So it's exploitable via SNMP if the exploiter has access to the SNMP tree
> > > in question. (Which is not the default, if I recall correctly?)
> > > 
> > > However, this means that cricket will bone the machine during the boot process,
> > > or soon after.
> > 
> > I think thats a strong enough reason to tag it as a security fix,
> > and thus include it in a kernel security update.
> 
> Hi Horms,
> this is now CAN-2005-2548. Can you please add it to the changelog?

Of course. Its in now.

-- 
Horms

Reply to:

References:
- Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
  - From: Paul TBBle Hampson <Paul.Hampson@anu.edu.au>
- Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
  - From: Horms <horms@debian.org>
- Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
  - From: Paul TBBle Hampson <Paul.Hampson@anu.edu.au>
- Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
  - From: Horms <horms@debian.org>
- Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: kernel 2.4.27-10: isofs driver ignore some parameters with mount
Next by Date: Re: kernel 2.4.27-10: isofs driver ignore some parameters with mount
Previous by thread: Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
Next by thread: make: *** [stamp-build] Error 2
Index(es):
- Date
- Thread