[kernel] r4923 - patch-tracking
Micah Anderson
micah at costa.debian.org
Sun Nov 27 20:10:34 UTC 2005
Author: micah
Date: Sun Nov 27 20:10:33 2005
New Revision: 4923
Modified:
patch-tracking/fix-dst-leak-in-icmp_push_reply
Log:
CVE assignment CVE-2005-3849 for fix-dst-leak-in-icmp_push_reply
Modified: patch-tracking/fix-dst-leak-in-icmp_push_reply
==============================================================================
--- patch-tracking/fix-dst-leak-in-icmp_push_reply (original)
+++ patch-tracking/fix-dst-leak-in-icmp_push_reply Sun Nov 27 20:10:33 2005
@@ -1,4 +1,4 @@
-Candidate: requested
+Candidate: CVE-2005-3848
References:
CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb94c62c252796f42bb83fe40960d12f3ea5a82a
MISC:http://lkml.org/lkml/2005/8/26/173
@@ -12,6 +12,12 @@
This code looks completely different in 2.4; neither ip_append_data() (the
function that returns an error) nor icmp_push_reply() (the function that fails
to check this error) exist. So, I'm marking 2.4 as unaffected.
+ Actual CVE description:
+ Memory leak in the icmp_push_reply function in Linux 2.6 before
+ 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of
+ service (memory consumption) via a large number of crafted packets
+ that cause the ip_append_data function to fail, aka "DST leak in
+ icmp_push_reply."
upstream: released (2.6.12.6, 2.6.13)
2.6.13:
2.6.12:
More information about the Kernel-svn-changes
mailing list