CAN-2005-2802 split into separate CANs
This is FYI, Moritz confirmend there is nothing confidential here.
----- Forwarded message from Horms <horms@verge.net.au> -----
Date: Mon, 12 Sep 2005 17:38:42 +0900
From: Horms <horms@verge.net.au>
To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: Juergen Kreileder <jk@blackdown.de>
Subject: Re: [coley@mitre.org: CAN-2005-2802 split into separate CANs]
X-Cluestick: seven
On Sat, Sep 10, 2005 at 01:14:49AM +0200, Moritz Muehlenhoff wrote:
> Hi Horms,
> can you please
> a) correct the changelog in SVN
Done.
> b) check whether CAN-2005-2873 is fixed as well
That bug does seem to be present in 2.4.27, 2.6.8, 2.6.12, 2.6.13 and
Linus' current git tree. The comment at
http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/
seems to imply that the fix has been held off until post 2.6.14,
but I do not know why. I have CCed Juergen, hopefully he can comment.
Also, is the a reason this correspondence can't go to debian-kernel?
>
> Cheers,
> Moritz
>
> ----- Forwarded message from "Steven M. Christey" <coley@mitre.org> -----
>
> Date: Fri, 9 Sep 2005 14:21:46 -0400 (EDT)
> From: "Steven M. Christey" <coley@mitre.org>
> Subject: CAN-2005-2802 split into separate CANs
>
>
> Hello,
>
> Based on some clarifying information from Juergen Kreileder, it became
> clear that CAN-2005-2802, as I wrote it, actually combined two
> distinct issues, only one of which was initially fixed. As a result,
> it needs to be REJECTed and split into two other separate candidates,
> namely CAN-2005-2872 and CAN-2005-2873. See details below.
>
> - Steve
>
>
> ======================================================
> Candidate: CAN-2005-2802
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2802
>
> ** REJECT **
>
> DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CAN-2005-2872,
> CAN-2005-2873. Reason: this candidate's description originally
> combined two separate issues. Notyes: All CVE users should consult
> CAN-2005-2872 and CAN-2005-2873 to determine the appropriate
> identifier for the issue.
>
>
> ======================================================
> Candidate: CAN-2005-2872
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2872
> Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322237
> Reference: CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/lsm-2.6.git;a=commit;h=bcfff0b471a60df350338bcd727fc9b8a6aa54b2
>
> The ipt_recent kernel module (ipt_recent.c) in Linux kernel before
> 2.6.12, when running on 64-bit processors such as AMD64, allows remote
> attackers to cause a denial of service (kernel panic) via certain
> attacks such as SSH brute force, which leads to memset calls using a
> length based on the u_int32_t type, acting on an array of unsigned
> long elements, a different vulnerability than CAN-2005-2873.
>
>
> ======================================================
> Candidate: CAN-2005-2873
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2873
> Reference: MISC:http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/
>
> The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and
> earlier does not properly perform certain time tests when the jiffies
> value is greater than LONG_MAX, which can cause ipt_recent netfilter
> rules to block too early, a different vulnerability than
> CAN-2005-2872.
>
>
>
>
> ----- End forwarded message -----
--
Horms
----- End forwarded message -----
--
Horms
Reply to: