Your message dated Sun, 7 Feb 2010 23:12:49 +0100 with message-id <20100207221249.GA17049@inutil.org> and subject line Re: e1000: Potential packet filtering bypass has caused the Debian Bug report #564114, regarding e1000: Potential packet filtering bypass to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 564114: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564114 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Cc: Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>
- Subject: e1000: Potential packet filtering bypass
- From: Ben Hutchings <ben@decadent.org.uk>
- Date: Thu, 07 Jan 2010 19:12:36 +0000
- Message-id: <1262891556.2480.20.camel@localhost>
Package: linux-2.6 Version: 2.6.32-4 Severity: normal Tags: patch security Fabian Yamaguchi made a presentation at 26C3 <http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html> which included a bug in e1000 related to this fix for CVE-2009-1385: commit ea30e11970a96cfe5e32c03a29332554573b4a10 Author: Neil Horman <nhorman@tuxdriver.com> Date: Tue Jun 2 01:29:58 2009 -0700 e1000: add missing length check to e1000 receive routine The bug is that the last part of a scattered frame will be accepted so long as it is longer than 4 bytes. This can be used to evade packet filtering in front of the host with the e1000 hardware, since the packet filter will look at the real frame headers but Linux will see the 'headers' in this last part. Personally I doubt that many packet filters are configured to allow jumbo frames through, hence severity is only 'normal'. A proposed fix was posted in: <http://article.gmane.org/gmane.linux.network/148454> We should get a separate CVE number for this bug. Ben. -- System Information: Debian Release: squeeze/sid APT prefers proposed-updates APT policy: (500, 'proposed-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (x86_64) Kernel: Linux 2.6.32-trunk-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- Ben Hutchings To err is human; to really foul things up requires a computer.Attachment: signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
- To: 564114-done@bugs.debian.org
- Subject: Re: e1000: Potential packet filtering bypass
- From: Moritz Muehlenhoff <jmm@inutil.org>
- Date: Sun, 7 Feb 2010 23:12:49 +0100
- Message-id: <20100207221249.GA17049@inutil.org>
- In-reply-to: <1262891556.2480.20.camel@localhost>
- References: <1262891556.2480.20.camel@localhost>
Version: 2.6.32-6 On Thu, Jan 07, 2010 at 07:12:36PM +0000, Ben Hutchings wrote: > Package: linux-2.6 > Version: 2.6.32-4 > Severity: normal > Tags: patch security > > Fabian Yamaguchi made a presentation at 26C3 > <http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html> which > included a bug in e1000 related to this fix for CVE-2009-1385: Fixed in 2.6.32-6. Cheers, Moritz
--- End Message ---