Bug#529342: marked as done (linux-2.6: ipv6 potential denial-of-service)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Mon, 18 May 2009 16:05:46 -0400
with message-id <20090518160546.84ef916f.michael.s.gilbert@gmail.com>
and subject line Re: linux-2.6: ipv6 potential denial-of-service
has caused the Debian Bug report #529342,
regarding linux-2.6: ipv6 potential denial-of-service
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
529342: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529342
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: linux-2.6: ipv6 potential denial-of-service
• From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
• Date: Mon, 18 May 2009 15:15:59 -0400
• Message-id: <[🔎] 20090518151559.ae934247.michael.s.gilbert@gmail.com>

Package: linux-2.6
Version: 2.6.26
Severity: important
Tags: security patch

Hi,

The following CVE (Common Vulnerabilities & Exposures) id was
published for linux-2.6.

CVE-2009-1360[0]:
| The __inet6_check_established function in net/ipv6/inet6_hashtables.c
| in the Linux kernel before 2.6.29, when Network Namespace Support (aka
| NET_NS) is enabled, allows remote attackers to cause a denial of
| service (NULL pointer dereference and system crash) via vectors
| involving IPv6 packets.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

Note that the kernel changelog says that this vulnerability was
introduced in 2.6.27; however, I've checked and found that the 2.6.26
code is identical to vulnerable 2.6.27 code.  Hence, it is my
assessment that 2.6.26 is affected as well.

Note also that etch-and-a-half (2.6.24) is likely affected as well, but
I have not checked this.

Since this is just a denial-of-service, it is of low severity/urgency.

Patches are available [1] and more info [2].

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1360
    http://security-tracker.debian.net/tracker/CVE-2009-1360
[1]
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3f53a38131a4e7a053c0aa060aba0411242fb6b9;hp=0c9a3aaaf30e1d1994de58c554ef97a719e20892
[2]
http://xorl.wordpress.com/2009/04/21/linux-kernel-net_ns-ipv6-null-pointer-dereference/

--- End Message ---

--- Begin Message ---

• To: 529342-close@bugs.debian.org
• Subject: Re: linux-2.6: ipv6 potential denial-of-service
• From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
• Date: Mon, 18 May 2009 16:05:46 -0400
• Message-id: <20090518160546.84ef916f.michael.s.gilbert@gmail.com>
• In-reply-to: <[🔎] 20090518151559.ae934247.michael.s.gilbert@gmail.com>
• References: <[🔎] 20090518151559.ae934247.michael.s.gilbert@gmail.com>

On Mon, 18 May 2009 15:15:59 -0400, Michael S. Gilbert wrote:
> Note that the kernel changelog says that this vulnerability was
> introduced in 2.6.27; however, I've checked and found that the 2.6.26
> code is identical to vulnerable 2.6.27 code.  Hence, it is my
> assessment that 2.6.26 is affected as well.

i apologize.  i reviewed this too quickly and overlooked the fact that
this is actually a problem with using twsk_net(tw), which was not
introduced into the code until 2.6.27.  hence, this is not an issue for
2.6.26.

mike

--- End Message ---