113327 – Kernel: DoS through NAT conntack (CVE-2005-3275)

Bug 113327 - Kernel: DoS through NAT conntack (CVE-2005-3275)

Summary: Kernel: DoS through NAT conntack (CVE-2005-3275)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	[linux < 2.4.32] [linux >=2.6 < 2.6.13]
Keywords:

Depends on:	112791
Blocks:
	Show dependency tree

Reported:	2005-11-23 02:08 UTC by Thierry Carrez (RETIRED)
Modified:	2009-05-03 15:51 UTC (History)
CC List:	5 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thierry Carrez (RETIRED) gentoo-dev

2005-11-23 02:08:01 UTC

In Ubuntu's USN-219-1:

Patrick McHardy noticed a logic error in the network address
translation (NAT) connection tracker. A remote attacker could exploit
this by causing two packets for the same protocol to be NATed at the
same time, which resulted in a kernel crash. (CVE-2005-3275)

Comment 1 Tim Yamin (RETIRED) gentoo-dev

2005-11-26 09:20:03 UTC

Patch:

http://linux.bkbits.net:8080/linux-2.6/cset@42e14e05d0V1d88nZlaIX1F9dCRApA

Comment 2 Tim Yamin (RETIRED) gentoo-dev

2005-12-24 05:22:59 UTC

Adding 2.4 maintainers; {mips,openmosix,rsbac,xbox}-sources.

Comment 3 Tim Yamin (RETIRED) gentoo-dev

2006-01-02 15:40:05 UTC

Toggle status.

Comment 4 Tim Yamin (RETIRED) gentoo-dev

2006-03-11 10:24:44 UTC

MIPS, OpenMOSIX and rsbac -- a patch is still needed which is supplied on this bug... Let me know if there are any problems with doing so.

Comment 5 Tim Yamin (RETIRED) gentoo-dev

2006-05-18 13:36:55 UTC

All resolved, closing...