Bug#529342: linux-2.6: ipv6 potential denial-of-service
On Mon, May 18, 2009 at 03:15:59PM -0400, Michael S. Gilbert wrote:
> Package: linux-2.6
> Version: 2.6.26
> Severity: important
> Tags: security patch
> The following CVE (Common Vulnerabilities & Exposures) id was
> published for linux-2.6.
> | The __inet6_check_established function in net/ipv6/inet6_hashtables.c
> | in the Linux kernel before 2.6.29, when Network Namespace Support (aka
> | NET_NS) is enabled, allows remote attackers to cause a denial of
> | service (NULL pointer dereference and system crash) via vectors
> | involving IPv6 packets.
> If you fix the vulnerability please also make sure to include the
> CVE id in your changelog entry.
> Note that the kernel changelog says that this vulnerability was
> introduced in 2.6.27; however, I've checked and found that the 2.6.26
> code is identical to vulnerable 2.6.27 code. Hence, it is my
> assessment that 2.6.26 is affected as well.
Wasn't this introduced in de0744a (post-2.6.26)?
Also note that this is only an issue with NET_NS enabled. NET_NS is
not enabled for etch/lenny kernels, as this feature was marked
EXPERIMENTAL in those releases. Though we do make a best effort for
users building kernels from our source but w/ a custom config,
EXPERIMENTAL options are explicitly noted as being unsupported.