74384 2004-12-14 07:31 0000 Linux kernel IGMP vulnerabilities (CAN-2004-1137) 2009-05-03 13:53:36 0000 1 1 1 Unclassified Gentoo Security Kernel unspecified All All RESOLVED FIXED http://isec.pl/vulnerabilities/isec-0018-igmp.txt [linux <2.6.10] P2 normal --- 1 christian.korff@gmail.com security@gentoo.org cycloon@is-root.org dberkholz@gentoo.org hanno@gentoo.org jaervosz@gentoo.org kang@gentoo.org kern-sec@gentoo.org tor.klingberg@gmx.net christian.korff@gmail.com 2004-12-14 07:31:50 0000 http://isec.pl/vulnerabilities/isec-0019-scm.txt http://isec.pl/vulnerabilities/isec-0018-igmp.txt koon@gentoo.org 2004-12-14 08:58:06 0000 Separating the two issues. this one will be for the IGMP one : Synopsis: Linux kernel IGMP vulnerabilities Product: Linux kernel Version: 2.4 up to and including 2.4.28, 2.6 up to and including 2.6.9 Vendor: http://www.kernel.org/ URL: http://isec.pl/vulnerabilities/isec-0018-igmp.txt CVE: CAN-2004-1137 Author: Paul Starzetz <ihaquer@isec.pl> Date: Dec 14, 2004 BK changesets : http://linux.bkbits.net:8080/linux-2.4/cset@41b76e94BsJKm8jhVtyDat9ZM1dXXg http://linux.bkbits.net:8080/linux-2.6/cset@41b768d1ySHbfa7cUWDle8NjDT_02A http://linux.bkbits.net:8080/linux-2.6/cset@41b76c07Ee61GkoNwMH-oOvWG2FdxA koon@gentoo.org 2004-12-14 09:03:35 0000 *** Bug 73210 has been marked as a duplicate of this bug. *** solar@gentoo.org 2004-12-14 22:19:54 0000 The BK changesets in comment #1 appear to be for isec-0019-scm koon@gentoo.org 2004-12-15 00:41:24 0000 Yes, you're right... I was confused by those CMSG/IGMP stuff. Latest patch by Chris Wright follows. koon@gentoo.org 2004-12-15 00:42:02 0000 Created an attachment (id=46018) CAN-2004-1137.patch Patch by Chris Wright (chrisw@osdl.org) joker@gentoo.org 2004-12-15 02:17:00 0000 Any version for 2.4.28 available? Attachment 46018 doesn't apply on it. tor.klingberg@gmx.net 2004-12-16 07:18:12 0000 Any fixed version coming to portage? tor.klingberg@gmx.net 2004-12-16 07:21:42 0000 Ah, sorry. gentoo-dev-sources-2.6.9-r10 has the fix, but is masked. May I suggest unmasking? joker@gentoo.org 2004-12-16 12:10:08 0000 sparc-sources 2.4.28-r2 are patched plasmaroo@gentoo.org 2004-12-24 07:08:13 0000 Doesn't affect <= 2.4.21... tocharian@gentoo.org 2004-12-24 13:11:15 0000 Patched in ~x86 hardened-sources-2.4.28-r1 plasmaroo@gentoo.org 2004-12-24 16:35:19 0000 Ok, all patched - the following externally maintained sources still need patching: gentoo-dev-sources-2.6.7 -- Adding dsd... hppa(-dev)-sources -- Adding GMSoft... mips-sources -- Adding `Kumba... openmosix-sources -- Adding cluster herd... pegasos-dev-sources -- Adding dholm... rsbac(-dev)-sources -- Adding kang... tocharian@gentoo.org 2004-12-24 17:00:53 0000 hardened-dev-sources-r18 fixed dsd@gentoo.org 2004-12-24 18:51:33 0000 gentoo-dev-sources 2.6.8 (not 2.6.7) is eradicators deal dsd@gentoo.org 2004-12-24 19:22:11 0000 Sorry, sparc is actually on 2.6.9 and already done dholm@gentoo.org 2004-12-25 05:29:21 0000 pegasos-dev-sources fixed gmsoft@gentoo.org 2004-12-27 06:27:40 0000 2.4 is dropped on hppa and I've added 2.6.10-pa1 which doesn't seems affected by this problem. voxus@gentoo.org 2004-12-27 08:49:24 0000 done in oM6-sources. kumba@gentoo.org 2005-01-05 21:21:16 0000 mips-sources fixed. kang@gentoo.org 2005-01-13 16:04:34 0000 rsbac-dev-sources/rsbac-sources patched plasmaroo@gentoo.org 2005-01-15 14:49:30 0000 kang: 2.6.10 and 2.4.28-r2 need stabilizing... kang@gentoo.org 2005-01-18 13:14:48 0000 Tim Yamin : I'm working on it. Didn't had inet the past weeks due to a big isp failure.. i just got it back today. I was able to commit a few things in between ;) will get that ready before 2005.0 snapshot (luckily isp doesn't fails tomorrow again ;) koon@gentoo.org 2005-03-16 03:16:26 0000 Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all of these... plasmaroo@gentoo.org 2005-03-16 06:05:04 0000 All fixed, closing bug. rbu@gentoo.org 2009-05-03 13:53:36 0000 http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commit;h=620512af09f33236b4ea04372816b761d48586d9 http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commit;h=cfd024d7691544c8b666a7b6aa1e44215775de6b 46018 2004-12-15 00:42 0000 Patch (2.4/2.6) linux-2.6-CAN-2004-1137.patch text/plain PT09PT0gbmV0L2lwdjQvaWdtcC5jIDEuNTggdnMgZWRpdGVkID09PT09Ci0tLSAxLjU4L25ldC9p cHY0L2lnbXAuYyAgICAgICAgMjAwNC0xMS0wOSAxNjo0NDoyNSAtMDg6MDAKKysrIGVkaXRlZC9u ZXQvaXB2NC9pZ21wLmMgICAgICAyMDA0LTEyLTEwIDE1OjE2OjE3IC0wODowMApAQCAtMTc3OCwx MiArMTc3OCwxMiBAQCBpbnQgaXBfbWNfc291cmNlKGludCBhZGQsIGludCBvbW9kZSwgc3RyCiAg ICAgICAgICAgICAgICAgICAgICAgIGdvdG8gZG9uZTsKICAgICAgICAgICAgICAgIHJ2ID0gITA7 CiAgICAgICAgICAgICAgICBmb3IgKGk9MDsgaTxwc2wtPnNsX2NvdW50OyBpKyspIHsKLSAgICAg ICAgICAgICAgICAgICAgICAgcnYgPSBtZW1jbXAoJnBzbC0+c2xfYWRkciwgJm1yZXFzLT5pbXJf bXVsdGlhZGRyLAorICAgICAgICAgICAgICAgICAgICAgICBydiA9IG1lbWNtcCgmcHNsLT5zbF9h ZGRyW2ldLCAmbXJlcXMtPmltcl9zb3VyY2VhZGRyLAogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIHNpemVvZihfX3UzMikpOwotICAgICAgICAgICAgICAgICAgICAgICBpZiAocnYgPj0g MCkKKyAgICAgICAgICAgICAgICAgICAgICAgaWYgKHJ2ID09IDApCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9Ci0gICAgICAgICAgICAgICBp ZiAoIXJ2KSAgICAgICAgLyogc291cmNlIG5vdCBmb3VuZCAqLworICAgICAgICAgICAgICAgaWYg KHJ2KSAgICAgICAgIC8qIHNvdXJjZSBub3QgZm91bmQgKi8KICAgICAgICAgICAgICAgICAgICAg ICAgZ290byBkb25lOwogCiAgICAgICAgICAgICAgICAvKiB1cGRhdGUgdGhlIGludGVyZmFjZSBm aWx0ZXIgKi8KQEAgLTE4MjUsOSArMTgyNSw5IEBAIGludCBpcF9tY19zb3VyY2UoaW50IGFkZCwg aW50IG9tb2RlLCBzdHIKICAgICAgICB9CiAgICAgICAgcnYgPSAxOyAvKiA+IDAgZm9yIGluc2Vy dCBsb2dpYyBiZWxvdyBpZiBzbF9jb3VudCBpcyAwICovCiAgICAgICAgZm9yIChpPTA7IGk8cHNs LT5zbF9jb3VudDsgaSsrKSB7Ci0gICAgICAgICAgICAgICBydiA9IG1lbWNtcCgmcHNsLT5zbF9h ZGRyLCAmbXJlcXMtPmltcl9tdWx0aWFkZHIsCisgICAgICAgICAgICAgICBydiA9IG1lbWNtcCgm cHNsLT5zbF9hZGRyW2ldLCAmbXJlcXMtPmltcl9zb3VyY2VhZGRyLAogICAgICAgICAgICAgICAg ICAgICAgICBzaXplb2YoX191MzIpKTsKLSAgICAgICAgICAgICAgIGlmIChydiA+PSAwKQorICAg ICAgICAgICAgICAgaWYgKHJ2ID09IDApCiAgICAgICAgICAgICAgICAgICAgICAgIGJyZWFrOwog ICAgICAgIH0KICAgICAgICBpZiAocnYgPT0gMCkgICAgICAgICAgICAvKiBhZGRyZXNzIGFscmVh ZHkgdGhlcmUgaXMgYW4gZXJyb3IgKi8KPT09PT0gbmV0L2lwdjYvbWNhc3QuYyAxLjcxIHZzIGVk aXRlZCA9PT09PQotLS0gMS43MS9uZXQvaXB2Ni9tY2FzdC5jICAgICAgIDIwMDQtMTEtMTEgMTU6 MDc6MjUgLTA4OjAwCisrKyBlZGl0ZWQvbmV0L2lwdjYvbWNhc3QuYyAgICAgMjAwNC0xMi0xMCAx NzoyMDo0NiAtMDg6MDAKQEAgLTM5MSwxMiArMzkxLDEyIEBAIGludCBpcDZfbWNfc291cmNlKGlu dCBhZGQsIGludCBvbW9kZSwgc3QKICAgICAgICAgICAgICAgICAgICAgICAgZ290byBkb25lOwog ICAgICAgICAgICAgICAgcnYgPSAhMDsKICAgICAgICAgICAgICAgIGZvciAoaT0wOyBpPHBzbC0+ c2xfY291bnQ7IGkrKykgewotICAgICAgICAgICAgICAgICAgICAgICBydiA9IG1lbWNtcCgmcHNs LT5zbF9hZGRyLCBncm91cCwKKyAgICAgICAgICAgICAgICAgICAgICAgcnYgPSBtZW1jbXAoJnBz bC0+c2xfYWRkcltpXSwgc291cmNlLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNp emVvZihzdHJ1Y3QgaW42X2FkZHIpKTsKLSAgICAgICAgICAgICAgICAgICAgICAgaWYgKHJ2ID49 IDApCisgICAgICAgICAgICAgICAgICAgICAgIGlmIChydiA9PSAwKQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIGJyZWFrOwogICAgICAgICAgICAgICAgfQotICAgICAgICAgICAgICAg aWYgKCFydikgICAgICAgIC8qIHNvdXJjZSBub3QgZm91bmQgKi8KKyAgICAgICAgICAgICAgIGlm IChydikgICAgICAgICAvKiBzb3VyY2Ugbm90IGZvdW5kICovCiAgICAgICAgICAgICAgICAgICAg ICAgIGdvdG8gZG9uZTsKIAogICAgICAgICAgICAgICAgLyogdXBkYXRlIHRoZSBpbnRlcmZhY2Ug ZmlsdGVyICovCkBAIC00MzcsOCArNDM3LDggQEAgaW50IGlwNl9tY19zb3VyY2UoaW50IGFkZCwg aW50IG9tb2RlLCBzdAogICAgICAgIH0KICAgICAgICBydiA9IDE7IC8qID4gMCBmb3IgaW5zZXJ0 IGxvZ2ljIGJlbG93IGlmIHNsX2NvdW50IGlzIDAgKi8KICAgICAgICBmb3IgKGk9MDsgaTxwc2wt PnNsX2NvdW50OyBpKyspIHsKLSAgICAgICAgICAgICAgIHJ2ID0gbWVtY21wKCZwc2wtPnNsX2Fk ZHIsIGdyb3VwLCBzaXplb2Yoc3RydWN0IGluNl9hZGRyKSk7Ci0gICAgICAgICAgICAgICBpZiAo cnYgPj0gMCkKKyAgICAgICAgICAgICAgIHJ2ID0gbWVtY21wKCZwc2wtPnNsX2FkZHJbaV0sIHNv dXJjZSwgc2l6ZW9mKHN0cnVjdCBpbjZfYWRkcikpOworICAgICAgICAgICAgICAgaWYgKHJ2ID09 IDApCiAgICAgICAgICAgICAgICAgICAgICAgIGJyZWFrOwogICAgICAgIH0KICAgICAgICBpZiAo cnYgPT0gMCkgICAgICAgICAgICAvKiBhZGRyZXNzIGFscmVhZHkgdGhlcmUgaXMgYW4gZXJyb3Ig Ki8K