A null pointer dereference in netfilter can cause the kernel to crash when processing certain connections. This bug can be triggered remotely. In addition, as a result of a bug in the cpuset_tasks_read function, users logged onto the system can read part of the kernel memory. This may allow an attacker to access protected information. Finally the kernel also harbours a bug which affects the way seeds for generating random numbers are generated where the system has no entropy source. This may result in applications which rely on random number generators being less secure. Reproducible: Always
A null pointer dereference in netfilter can cause the kernel to crash when processing certain connections. This bug can be triggered remotely. In addition, as a result of a bug in the cpuset_tasks_read function, users logged onto the system can read part of the kernel memory. This may allow an attacker to access protected information. Finally the kernel also harbours a bug which affects the way seeds for generating random numbers are generated where the system has no entropy source. This may result in applications which rely on random number generators being less secure.
This also applies to Linux 2.6.20 (bugs supposedly fixed in 2.6.20.13). Here are the git diffs for the respective CVE's: random: fix error in entropy extraction (CVE-2007-2453 1 of 2) Git-ID: 602b6aeefe8932dd8bb15014e8fe6bb25d736361 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.20.y.git;a=commitdiff;h=54bb290bb2bad45d45cae1399181a233ffbc487b http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.21.y.git;a=commitdiff;h=374f167dfb97c1785515a0c41e32a66b414859a8 random: fix seeding with zero entropy (CVE-2007-2453 2 of 2) Git-ID: 7f397dcdb78d699a20d96bfcfb595a2411a5bbd2 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.20.y.git;a=commitdiff;h=f5939fcd7378c7a26cc8101dff373c90d269d769 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.21.y.git;a=commitdiff;h=7bd369b1346bf7f15bba42ddf369fb79fe759b50 cpuset: prevent information leak in cpuset_tasks_read (CVE-2007-2875) Git-ID: 85badbdf5120d246ce2bb3f1a7689a805f9c9006 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.20.y.git;a=commitdiff;h=6a5357887e4ebfd9c0f472cffc58bcdf426f4cad http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.21.y.git;a=commitdiff;h=c23e7e4c94647c2c47d2c835b21cc7d745f62d05 NETFILTER: {ip, nf}_conntrack_sctp: fix remotely triggerable NULL ptr dereference (CVE-2007-2876) Git-ID: Not yet upstream http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.20.y.git;a=commitdiff;h=13ad357c616a85828fa224c0876a393d1dd6f59f http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.21.y.git;a=commitdiff;h=8c640bd0c68201dd0d71b78a07bb224973580ad3
This is fixed in 2.6.20-r9, not yet stable though.
*** Bug 185449 has been marked as a duplicate of this bug. ***
Is this bug still valid?
Newer version who address the problem have long gone stable...so closing.
Interval chosen in a way to match all three CVE's. (CVE-2007-2453 and CVE-2007-2876 have been, respectively, backported in 2.6.16.55-rc1 and 2.6.16.53-rc1, too.)
