r4584 - people/horms/patch_notes/cve
Micah Anderson
micah at costa.debian.org
Fri Oct 21 17:28:50 UTC 2005
Author: micah
Date: 2005-10-21 17:28:41 +0000 (Fri, 21 Oct 2005)
New Revision: 4584
Added:
people/horms/patch_notes/cve/net-ipv4-ipvs-conn_tab-race.dpatch
Modified:
people/horms/patch_notes/cve/netfilter-NAT-memory-corruption.dpatch
Log:
Added net-ipv4-ipvs-conn_tab-race.dpatch
Updated description in netfilter-NAT-memory-corruption.dpatch
Added: people/horms/patch_notes/cve/net-ipv4-ipvs-conn_tab-race.dpatch
===================================================================
--- people/horms/patch_notes/cve/net-ipv4-ipvs-conn_tab-race.dpatch 2005-10-21 17:22:06 UTC (rev 4583)
+++ people/horms/patch_notes/cve/net-ipv4-ipvs-conn_tab-race.dpatch 2005-10-21 17:28:41 UTC (rev 4584)
@@ -0,0 +1,20 @@
+======================================================
+Candidate: CVE-2005-3274
+URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3274
+Reference:
+CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=e684f066dff5628bb61ad1912de6e8058b5b4c7d
+Reference: CONFIRM:http://lkml.org/lkml/2005/6/23/249
+Reference: CONFIRM:http://lkml.org/lkml/2005/6/24/173
+Description:
+ Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4
+ before 2.4.32-pre2, when running on SMP systems, allows local users to
+ cause a denial of service (null dereference) by causing a connection
+ timer to expire while the connection table is being flushed before the
+ appropriate lock is acquired.
+
+Bug: [id, id, ...]
+fixed-upstream: [2.6.13(, 2.4.32-pre2)*]
+2.6.13: (pending [(version)]|released [(version)]|N/A)[, backported][, patch-name-used.diff]
+2.6.12: (pending [(version)]|released [(version)]|N/A)[, backported][, patch-name-used.diff]
+2.6.8-sarge-security: (pending [(2.6.8-16sarge2)]|released [(2.6.8-sarge1)]|N/A)[, backported][, patch-name-used.diff]
+2.4.27-sarge-security: (pending [(2.4.27-10sarge1)]|released [(version)]|N/A)[, backported][, patch-name-used.diff]
Modified: people/horms/patch_notes/cve/netfilter-NAT-memory-corruption.dpatch
===================================================================
--- people/horms/patch_notes/cve/netfilter-NAT-memory-corruption.dpatch 2005-10-21 17:22:06 UTC (rev 4583)
+++ people/horms/patch_notes/cve/netfilter-NAT-memory-corruption.dpatch 2005-10-21 17:28:41 UTC (rev 4584)
@@ -1,13 +1,15 @@
======================================================
Candidate: CVE-2005-3275
-CONFIRM: http://linux.bkbits.net:8080/linux-2.6/cset@1.3596.79.34?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_proto_udp.c
-Description:
- A potential memory corruption bug exists in the NAT code in Linux
- kernels prior to 2.6.13 and 2.4.32-rc1. The portptr pointing to the
- port in the conntrack tuple is declared static, which could result in
- memory corruption when two packets of the same protocol are NATed at
- the same time and one conntrack goes away. A malicious machine on the
- same network could potentially use this to initiate a DoS attack.
+URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275
+Reference:
+CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3596.79.34?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_proto_udp.c
+Description:
+ The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in
+ Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly
+ declares a variable to be static, which allows remote attackers to
+ cause a denial of service (memory corruption) by causing two packets
+ for the same protocol to be NATed at the same time, which leads to
+ memory corruption.
Bug: [id, id, ...]
fixed-upstream: [2.6.12.3(, version)*]
More information about the Kernel-svn-changes
mailing list