Debian Bug report logs - #295949
kernel-source-2.6.8: [CAN-2005-0449] skb_checksum_help DoS

Package: kernel-source-2.6.8; Maintainer for kernel-source-2.6.8 is (unknown);

Reported by: Djoume SALVETTI <djoume@taket.org>

Date: Sat, 19 Feb 2005 09:48:20 UTC

Severity: normal

Tags: patch, security

Done: Horms <horms@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, djoume@taket.org, Debian kernel team <debian-kernel@lists.debian.org>:
Bug#295949; Package kernel-source-2.6.8. Full text and rfc822 format available.

Acknowledgement sent to Djoume SALVETTI <djoume@taket.org>:
New Bug report received and forwarded. Copy sent to djoume@taket.org, Debian kernel team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Djoume SALVETTI <djoume@taket.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kernel-source-2.6.8: [CAN-2005-0449] skb_checksum_help DoS
Date: Fri, 18 Feb 2005 12:17:47 +0100
Package: kernel-source-2.6.8
Severity: normal


Good day,

>From CAN-2005-0449 :

| The netfilter/iptables module in Linux before 2.6.8.1 allows remote
| attackers to cause a denial of service (kernel crash) or bypass
| firewall rules via crafted packets, which are not properly handled by
| the skb_checksum_help function.

More info is available here :
http://oss.sgi.com/archives/netdev/2005-01/msg01036.html

I believe this CAN is bogus as 2.6.10 seems to be vulnerable.

A patch from Herbet Xu is available here :

http://oss.sgi.com/archives/netdev/2005-01/msg01072.html

Regards.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: powerpc (ppc)
Kernel: Linux 2.6.9-rfb-swsusp
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro (charmap=ISO-8859-15)



Tags added: security Request was from Djoumé SALVETTI <djoume@taket.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: patch Request was from Djoumé SALVETTI <djoume@taket.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian kernel team <debian-kernel@lists.debian.org>:
Bug#295949; Package kernel-source-2.6.8. Full text and rfc822 format available.

Acknowledgement sent to Horms <horms@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian kernel team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #14 received at 295949@bugs.debian.org (full text, mbox):

From: Horms <horms@debian.org>
To: Djoume SALVETTI <djoume@taket.org>, 295949@bugs.debian.org, 295948@bugs.debian.org, 295947@bugs.debian.org
Subject: Re: Bug#295949: kernel-source-2.6.8: [CAN-2005-0449] skb_checksum_help DoS
Date: Tue, 22 Mar 2005 15:48:30 +0900
On Fri, Feb 18, 2005 at 12:17:47PM +0100, Djoume SALVETTI wrote:
> Package: kernel-source-2.6.8
> Severity: normal
> 
> 
> Good day,
> 
> >From CAN-2005-0449 :
> 
> | The netfilter/iptables module in Linux before 2.6.8.1 allows remote
> | attackers to cause a denial of service (kernel crash) or bypass
> | firewall rules via crafted packets, which are not properly handled by
> | the skb_checksum_help function.

On Fri, Feb 18, 2005 at 12:24:28PM +0100, Djoume SALVETTI wrote:
> Package: kernel-source-2.6.10
> Severity: normal
> 
> 
> Good day,
> 
> >From CAN-2005-0449 :
> 
> | The netfilter/iptables module in Linux before 2.6.8.1 allows remote
> | attackers to cause a denial of service (kernel crash) or bypass
> | firewall rules via crafted packets, which are not properly handled by
> | the skb_checksum_help function.
> 
> More info is available here :
> http://oss.sgi.com/archives/netdev/2005-01/msg01036.html
> 
> I believe this CAN is bogus as 2.6.10 seems to be vulnerable.
> 
> A patch from Herbet Xu is available here :
> 
> http://oss.sgi.com/archives/netdev/2005-01/msg01072.html

This change is for CAN-2005-209 AFIK.
It has been added to SVN already.
CAN-2005-0449 is a different problem and
its patch seems to introduce an ABI change.


-- 
Horms



Reply sent to Horms <horms@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Djoume SALVETTI <djoume@taket.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #19 received at 295949-done@bugs.debian.org (full text, mbox):

From: Horms <horms@debian.org>
To: 295949-done@bugs.debian.org
Subject: #295949: kernel-source-2.6.8: [CAN-2005-0449] skb_checksum_help DoS
Date: Thu, 6 Oct 2005 13:42:44 +0900
#295949: kernel-source-2.6.8: [CAN-2005-0449] skb_checksum_help DoS

Fixed in 2.6.8-14


-- 
Horms



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 18 Jun 2007 06:36:18 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 19:00:30 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.