Debian Bug report logs - #242994
[CAN-2003-0856] Local DoS via spoofed messages

version graph

Package: iproute; Maintainer for iproute is Debian iproute maintainers <ah-iproute@debian.org>; Source for iproute is src:iproute2.

Reported by: "J.H.M. Dassen (Ray)" <fsmla@xinara.org>

Date: Sat, 10 Apr 2004 08:18:02 UTC

Severity: grave

Tags: fixed, patch, security, upstream

Found in version 20010824-13

Done: Andreas Barth <aba@not.so.argh.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Juan Cespedes <cespedes@debian.org>:
Bug#242994; Package iproute. Full text and rfc822 format available.

Acknowledgement sent to "J.H.M. Dassen (Ray)" <fsmla@xinara.org>:
New Bug report received and forwarded. Copy sent to Juan Cespedes <cespedes@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "J.H.M. Dassen (Ray)" <fsmla@xinara.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: [CAN-2003-0856] Local DoS via spoofed messages
Date: Sat, 10 Apr 2004 10:01:08 +0200
[Message part 1 (text/plain, inline)]
Package: iproute
Version: 20010824-13
Severity: grave
Tags: security upstream patch woody sarge sid 

Candidate: CAN-2003-0856
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0856
Phase: Assigned (20031010)
Category: SF
Reference: REDHAT:RHSA-2003:317
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-317.html

iproute 2.4.7 and earlier allows local users to cause a denial of service
via spoofed messages as other users to the kernel netlink interface.


The attached patch was extracted from iproute-2.4.7-11.30E.1.src.rpm and
applies cleanly to sid's iproute sources.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (800, 'unstable'), (750, 'experimental'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.26-rc2
Locale: LANG=C, LC_CTYPE=en_US.ISO8859-1

Versions of packages iproute depends on:
ii  libatm1                     2.4.1-15     shared library for ATM (Asynchrono
ii  libc6                       2.3.2.ds1-11 GNU C Library: Shared libraries an

-- no debconf information
-- 
Obsig: developing a new sig
[iproute2-2.4.7-netlink.patch (text/plain, attachment)]

Tags removed: woody Request was from "J.H.M. Dassen (Ray)" <fsmla@xinara.org> to control@bugs.debian.org. Full text and rfc822 format available.

Message sent on to "J.H.M. Dassen (Ray)" <fsmla@xinara.org>:
Bug#242994. Full text and rfc822 format available.

Message #10 received at 242994-submitter@bugs.debian.org (full text, mbox):

From: Joshua Kwan <joshk@triplehelix.org>
To: 242994-submitter@bugs.debian.org
Subject: NMU in 3-day
Date: Sun, 16 May 2004 21:02:24 -0700
[Message part 1 (text/plain, inline)]
Hi,

I've NMU'd iproute with just this fix into DELAYED/3-day on gluck. You
may remove it and perform an appropriate maintainer upload in that time.

The changelog follows.

 iproute (20010824-13.1) unstable; urgency=high
   
   * NMU for a security fix.
   * [CAN-2003-0856] Fix a local denial of service vulnerability via
     spoofed messages to the kernel's Netlink interface. (Closes: #242994)

Thanks!

-- 
Joshua Kwan
[signature.asc (application/pgp-signature, inline)]

Tags added: fixed Request was from Joshua Kwan <joshk@triplehelix.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags removed: sarge, sid Request was from "J.H.M. Dassen (Ray)" <fsmla@xinara.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Andreas Barth <aba@not.so.argh.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to "J.H.M. Dassen (Ray)" <fsmla@xinara.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #19 received at 242994-done@bugs.debian.org (full text, mbox):

From: Andreas Barth <aba@not.so.argh.org>
To: 242994-done@bugs.debian.org
Subject: patch accepted in the package
Date: Mon, 3 Jan 2005 22:57:03 +0100
Hi,

thanks for your bug report and patch; this is included also in my last
maintainer upload, so I'm closing this bug.

Cheers,
Andi
-- 
   http://home.arcor.de/andreas-barth/
   PGP 1024/89FB5CE5  DC F1 85 6D A6 45 9C 0F  3B BE F1 D0 C5 D1 D9 0C



Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 21:54:54 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.