Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 24661 - 8139too driver icmp leak
Summary: 8139too driver icmp leak
Status: RESOLVED UPSTREAM
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: x86 Linux
: High critical (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-07-17 06:17 UTC by Chuck Gorish
Modified: 2011-10-30 22:37 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Chuck Gorish 2003-07-17 06:17:42 UTC
Nessus reports an "etherleak", risk factor - serious, 
CVE: CAN-2003-0001
BID:6535
see http://www.atstake.com/research/advisories/2003/a010603-1.txt
for details.

I am running an up to date system as of 7-16-03 using Realtek RTL-8139 network
card and the 8139too driver compiled into the kernel rather than as a module.
Kernel is 2.4.20-gentoo-r5. This test was run on my local lan. Although this is
not a risk from the outside, those companies running such cards in their
workstations/servers can be at risk from within.

Chuck
support@pathworx.com
Comment 1 Kurt Lieber (RETIRED) gentoo-dev 2004-03-30 01:15:02 UTC
cleaning up older bugs...this one somehow got overlooked.

I'm assuming that this vuln., being over a year old, has now been fixed, but I can't find any confirmation.

kernel team, can you confirm?

Some relevant links:  

http://www.atstake.com/research/advisories/2003/a010603-1.txt
http://www.kb.cert.org/vuls/id/412115
http://www.redhat.com/support/errata/RHSA-2003-025.html
Comment 2 Mr. Bones. (RETIRED) gentoo-dev 2004-03-30 02:37:12 UTC
The only patch to 8139too.c that I could find in the redhat kernel were present
in vanilla-sources-2.4.25.  Would be nice to get confirmation from
jgarzik@pobox.com though.
Comment 3 Kurt Lieber (RETIRED) gentoo-dev 2004-04-08 07:58:30 UTC
Chuck -- we don't have an easy way to test if this is fixed in newer versions of the kernel.  Since it sounds like you tested this a while back, can you test again using 2.4.25 vanilla to tell us if the issue is resolved?

Thanks.
Comment 4 solar (RETIRED) gentoo-dev 2004-04-15 00:39:54 UTC
Re comment #2 (confirmation email)
---------------------------------------------------------------------
For hardware that does not auto-pad (like 8139), you can grep any net 
driver for skb_padto() or ETH_ZLEN to determine if such bugs have been 
fixed.

Of course, in order to determine if hardware supports auto-pad, one must 
test or consult the docs (well, docs can be wrong... might as well just 
test).

        Jeff
---------------------------------------------------------------------
Comment 5 solar (RETIRED) gentoo-dev 2004-04-23 08:02:08 UTC
Lowering Severity and changing resolution to UPSTREAM. Gentoo has no way 
of preforming these tests and nobody is stepping up and saying (Yo Hi I
have a RelTek 8139 and I tested it with kernel-x.x.x and it's vuln/not
vuln) and this bug has been in an open state for way to long..

If anybody disagrees with this then please open the bug and preform some
tests.