Bug 81195 - Kernel: Remote oops/firewall bypasses (CAN-2005-{0209,0449})
Bug#: 81195 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: All Status: RESOLVED Severity: critical Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: jaervosz@gentoo.org
Component: Kernel
URL: 
Summary: Kernel: Remote oops/firewall bypasses (CAN-2005-{0209,0449})
Keywords:  
Status Whiteboard: [linux < 2.6.11]
Opened: 2005-02-07 22:43 0000
Description:   Opened: 2005-02-07 22:43 0000 
Herbert Xu made me aware of a security relevant problem (remote
opps/firewall bypass) in the netdev code. I did not see it on
vendor-sec yet.

  http://linux.bkbits.net:8080/linux-2.5/cset@41f8843a8ZMCNuP3meYAYnnXd3CO_g

(It changes the ABI, unfortunately).

I think this is the relevant thread:

  http://oss.sgi.com/archives/netdev/2005-01/msg01036.html

------- Comment #1 From Thierry Carrez (RETIRED) 2005-03-16 02:17:10 0000 ------- 
The above patch is CAN-2005-0449 (SMP, linux-2.6 only)

Another similar issue, from Ubuntu recent kernel updates:

A remote Denial of Service vulnerability was discovered in the
Netfilter IP packet handler. This allowed a remote attacker to crash
the machine by sending specially crafted IP packet fragments.
Affects only certain NICS, linux-2.6 only (CAN-2005-0209)

Patch:
http://linux.bkbits.net:8080/linux-2.6/cset%4041f59581p1swNaow4K1aBglV-q2jfQ

------- Comment #2 From Thierry Carrez (RETIRED) 2005-03-16 03:16:38 0000 ------- 
Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all
of these...

------- Comment #3 From Daniel Drake 2005-03-16 05:52:13 0000 ------- 
gentoo-dev-sources unaffected

------- Comment #4 From Thierry Carrez (RETIRED) 2005-03-26 09:02:17 0000 ------- 
According to this thread :
http://oss.sgi.com/archives/netdev/2005-01/msg01191.html

CAN-2005-0449 also applies to the 2.4-line.

------- Comment #5 From Tim Yamin (RETIRED) 2005-03-29 07:44:50 0000 ------- 
Created an attachment (id=54763) [details]
2.4 Patch

------- Comment #6 From Tim Yamin (RETIRED) 2005-03-29 07:45:49 0000 ------- 
Created an attachment (id=54764) [details]
2.6 Compound Patch

------- Comment #7 From Joshua Kinard 2005-04-23 22:24:28 0000 ------- 
mips-sources fixed.

------- Comment #8 From Tim Yamin (RETIRED) 2005-05-02 10:28:19 0000 ------- 
CCing maintainers:

grsec-sources: CCing solar
hardened-sources: CCing hardened
openmosix-sources: CCing cluster
rsbac-sources: CCing kang
sparc-sources: CCing joker

------- Comment #9 From solar 2005-05-02 10:43:37 0000 ------- 
Marking the existing 2.4.30 kernels stable fixes this right?

------- Comment #10 From Konstantin Arkhipov 2005-05-07 06:05:03 0000 ------- 
oM-sources-2.4.30-r1 goes stable.

------- Comment #11 From Tim Yamin (RETIRED) 2005-08-20 11:29:43 0000 ------- 
All fixed, closing bug.

------- Comment #12 From Tim Yamin (RETIRED) 2005-08-20 11:32:14 0000 ------- 
kang: rsbac-2.4 still needs this.

------- Comment #13 From Tim Yamin (RETIRED) 2005-11-26 02:29:05 0000 ------- 
All fixed, closing.