Summary: | 8139too driver icmp leak | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Chuck Gorish <support> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED UPSTREAM | ||
Severity: | critical | CC: | gritsbarley, mr_bones_, x86-kernel |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Chuck Gorish
2003-07-17 06:17:42 UTC
cleaning up older bugs...this one somehow got overlooked. I'm assuming that this vuln., being over a year old, has now been fixed, but I can't find any confirmation. kernel team, can you confirm? Some relevant links: http://www.atstake.com/research/advisories/2003/a010603-1.txt http://www.kb.cert.org/vuls/id/412115 http://www.redhat.com/support/errata/RHSA-2003-025.html The only patch to 8139too.c that I could find in the redhat kernel were present in vanilla-sources-2.4.25. Would be nice to get confirmation from jgarzik@pobox.com though. Chuck -- we don't have an easy way to test if this is fixed in newer versions of the kernel. Since it sounds like you tested this a while back, can you test again using 2.4.25 vanilla to tell us if the issue is resolved? Thanks. Re comment #2 (confirmation email) --------------------------------------------------------------------- For hardware that does not auto-pad (like 8139), you can grep any net driver for skb_padto() or ETH_ZLEN to determine if such bugs have been fixed. Of course, in order to determine if hardware supports auto-pad, one must test or consult the docs (well, docs can be wrong... might as well just test). Jeff --------------------------------------------------------------------- Lowering Severity and changing resolution to UPSTREAM. Gentoo has no way of preforming these tests and nobody is stepping up and saying (Yo Hi I have a RelTek 8139 and I tested it with kernel-x.x.x and it's vuln/not vuln) and this bug has been in an open state for way to long.. If anybody disagrees with this then please open the bug and preform some tests. |