[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

CAN-2005-2802 split into separate CANs

This is FYI, Moritz confirmend there is nothing confidential here.

----- Forwarded message from Horms <horms@verge.net.au> -----

Date: Mon, 12 Sep 2005 17:38:42 +0900
From: Horms <horms@verge.net.au>
To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: Juergen Kreileder <jk@blackdown.de>
Subject: Re: [coley@mitre.org: CAN-2005-2802 split into separate CANs]
X-Cluestick: seven

On Sat, Sep 10, 2005 at 01:14:49AM +0200, Moritz Muehlenhoff wrote:
> Hi Horms,
> can you please
> a) correct the changelog in SVN

Done.

> b) check whether CAN-2005-2873 is fixed as well

That bug does seem to be present in 2.4.27, 2.6.8, 2.6.12, 2.6.13 and
Linus' current git tree. The comment at
http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/ 
seems to imply that the fix has been held off until post 2.6.14, 
but I do not know why. I have CCed Juergen, hopefully he can comment.

Also, is the a reason this correspondence can't go to debian-kernel?

> 
> Cheers,
>         Moritz
> 
> ----- Forwarded message from "Steven M. Christey" <coley@mitre.org> -----
> 
> Date: Fri, 9 Sep 2005 14:21:46 -0400 (EDT)
> From: "Steven M. Christey" <coley@mitre.org>
> Subject: CAN-2005-2802 split into separate CANs
> 
> 
> Hello,
> 
> Based on some clarifying information from Juergen Kreileder, it became
> clear that CAN-2005-2802, as I wrote it, actually combined two
> distinct issues, only one of which was initially fixed.  As a result,
> it needs to be REJECTed and split into two other separate candidates,
> namely CAN-2005-2872 and CAN-2005-2873.  See details below.
> 
> - Steve
> 
> 
> ======================================================
> Candidate: CAN-2005-2802
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2802
> 
> ** REJECT **
> 
> DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CAN-2005-2872,
> CAN-2005-2873.  Reason: this candidate's description originally
> combined two separate issues.  Notyes: All CVE users should consult
> CAN-2005-2872 and CAN-2005-2873 to determine the appropriate
> identifier for the issue.
> 
> 
> ======================================================
> Candidate: CAN-2005-2872
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2872
> Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322237
> Reference: CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/lsm-2.6.git;a=commit;h=bcfff0b471a60df350338bcd727fc9b8a6aa54b2
> 
> The ipt_recent kernel module (ipt_recent.c) in Linux kernel before
> 2.6.12, when running on 64-bit processors such as AMD64, allows remote
> attackers to cause a denial of service (kernel panic) via certain
> attacks such as SSH brute force, which leads to memset calls using a
> length based on the u_int32_t type, acting on an array of unsigned
> long elements, a different vulnerability than CAN-2005-2873.
> 
> 
> ======================================================
> Candidate: CAN-2005-2873
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2873
> Reference: MISC:http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/
> 
> The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and
> earlier does not properly perform certain time tests when the jiffies
> value is greater than LONG_MAX, which can cause ipt_recent netfilter
> rules to block too early, a different vulnerability than
> CAN-2005-2872.
> 
> 
> 
> 
> ----- End forwarded message -----

-- 
Horms

----- End forwarded message -----

-- 
Horms
Reply to: