Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 113327

Summary: Kernel: DoS through NAT conntack (CVE-2005-3275)
Product: Gentoo Security Reporter: Thierry Carrez (RETIRED) <koon>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: gimli, hp-cluster, kang, kumba, security-kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: [linux < 2.4.32] [linux >=2.6 < 2.6.13]
Package list:
Runtime testing required: ---
Bug Depends on: 112791    
Bug Blocks:    

Description Thierry Carrez (RETIRED) gentoo-dev 2005-11-23 02:08:01 UTC
In Ubuntu's USN-219-1:

Patrick McHardy noticed a logic error in the network address
translation (NAT) connection tracker. A remote attacker could exploit
this by causing two packets for the same protocol to be NATed at the
same time, which resulted in a kernel crash. (CVE-2005-3275)
Comment 2 Tim Yamin (RETIRED) gentoo-dev 2005-12-24 05:22:59 UTC
Adding 2.4 maintainers; {mips,openmosix,rsbac,xbox}-sources.
Comment 3 Tim Yamin (RETIRED) gentoo-dev 2006-01-02 15:40:05 UTC
Toggle status.
Comment 4 Tim Yamin (RETIRED) gentoo-dev 2006-03-11 10:24:44 UTC
MIPS, OpenMOSIX and rsbac -- a patch is still needed which is supplied on this bug... Let me know if there are any problems with doing so.
Comment 5 Tim Yamin (RETIRED) gentoo-dev 2006-05-18 13:36:55 UTC
All resolved, closing...