78363 – Memory leak through ip_options_get (CAN-2004-1335)

Bug 78363 - Memory leak through ip_options_get (CAN-2004-1335)

Summary: Memory leak through ip_options_get (CAN-2004-1335)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All All

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://linux.bkbits.net:8080/linux-2....
Whiteboard:	[linux < 2.4.29] [linux >=2.6 < 2.6.10]
Keywords:

Depends on:
Blocks:

Reported:	2005-01-17 07:03 UTC by Thierry Carrez (RETIRED)
Modified:	2009-05-03 14:51 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thierry Carrez (RETIRED) gentoo-dev

2005-01-17 07:03:30 UTC

CAN-2004-1335
Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function.

See URL for common patches with bug 78362 and bug 74392.

Comment 1 solar (RETIRED) gentoo-dev

2005-01-18 12:01:19 UTC

I don't think the mails are going in the inboxes of the people on kern-sec@ for whatever reason. Or atleast when I just checked my inbox I see nothing.

Comment 2 solar (RETIRED) gentoo-dev

2005-01-18 12:03:38 UTC

ignore last comment. They were in my spam folder for whatever reason.

Comment 3 solar (RETIRED) gentoo-dev

2005-01-18 15:55:11 UTC

Tim/plasmaroo can you make heads/tails of exactly which patches need to be added to 2.4.x? he has 4 patches listed.

Comment 4 Tim Yamin (RETIRED) gentoo-dev

2005-01-19 07:52:04 UTC

For this bug just the following changeset is needed (Should apply to 2.4 also):

http://linux.bkbits.net:8080/linux-2.6/gnupatch@41b76673BNGyitGqJmXlJzqgdV85yg

Comment 5 Adam Mondl (RETIRED) gentoo-dev

2005-01-21 19:12:24 UTC

Fixed in ~x86 hardened-sources-2.4.28-r4

Comment 6 solar (RETIRED) gentoo-dev

2005-02-04 06:44:23 UTC

Thanks tim grsec-sources patch in ~arch

Comment 7 Thierry Carrez (RETIRED) gentoo-dev

2005-03-16 03:16:27 UTC

Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all
of these...

Comment 8 Daniel Drake (RETIRED) gentoo-dev

2005-03-16 05:42:42 UTC

gentoo-dev-sources is unaffected

Comment 9 Tim Yamin (RETIRED) gentoo-dev

2005-03-29 06:12:54 UTC

`Kumba: It seems mips-sources-2.4.27, 2.4.28, 2.6.8.1 and 2.6.9 still need this fix; anything >= 2.6.10 already includes it.

Comment 10 Tim Yamin (RETIRED) gentoo-dev

2005-04-07 05:20:10 UTC

openmosix-sources also needs patching...

Comment 11 Joshua Kinard gentoo-dev

2005-04-23 22:30:51 UTC

mips-sources fixed.

Comment 12 Tim Yamin (RETIRED) gentoo-dev

2005-08-15 15:36:44 UTC

All fixed, closing bug.