oss-sec mailing list archives
CVE Request: Multiple remote denial of service in Linux bridge networking code 2.6.37-3.0
From: Marcus Meissner <meissner () suse de>
Date: Fri, 28 Oct 2011 10:06:42 +0200
Hi, Linux kernel 2.6.37 introduced with this commit http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=462fb2af9788a82a534f8184abfde31574e1cfa0 several regressions that be used to trigger remote denial of service attacks when bridging is in use. Reporter thread is on: http://thread.gmane.org/gmane.linux.network/191713 Fixes are in git commits: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=f8e9881c2aef1e982e5abc25c046820cd0b7cf64 In 2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=66944e1c5797562cebe2d1857d46dff60bf9a69e In 2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=c65353daf137dd41f3ede3baf62d561fca076228 In 3.0 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=10949550bd1e50cc91c0f5085f7080a44b0871fe In 3.0 So it can be considered fixed with Linux kernel 3.0. Thanks to Eugene for looking up the commit ids. I think it just needs one CVE, as it was one introducing patch. Ciao, Marcus
Current thread:
- CVE Request: Multiple remote denial of service in Linux bridge networking code 2.6.37-3.0 Marcus Meissner (Oct 28)