oss-sec mailing list archives
Re: CVE Request: Multiple remote denial of service in Linux bridge networking code 2.6.37-3.0
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 28 Oct 2011 09:23:37 -0600
On 10/28/2011 02:06 AM, Marcus Meissner wrote:
Hi, Linux kernel 2.6.37 introduced with this commit http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=462fb2af9788a82a534f8184abfde31574e1cfa0 several regressions that be used to trigger remote denial of service attacks when bridging is in use. Reporter thread is on: http://thread.gmane.org/gmane.linux.network/191713 Fixes are in git commits: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=f8e9881c2aef1e982e5abc25c046820cd0b7cf64 In 2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=66944e1c5797562cebe2d1857d46dff60bf9a69e In 2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=c65353daf137dd41f3ede3baf62d561fca076228 In 3.0 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=10949550bd1e50cc91c0f5085f7080a44b0871fe In 3.0 So it can be considered fixed with Linux kernel 3.0. Thanks to Eugene for looking up the commit ids. I think it just needs one CVE, as it was one introducing patch. Ciao, Marcus
Please use CVE-2011-4087 for this issue. -- -Kurt Seifried / Red Hat Security Response Team
Current thread:
- CVE Request: Multiple remote denial of service in Linux bridge networking code 2.6.37-3.0 Marcus Meissner (Oct 28)
- Re: CVE Request: Multiple remote denial of service in Linux bridge networking code 2.6.37-3.0 Kurt Seifried (Oct 28)