Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 176580

Summary: Kernel: Infinite recursion in netlink (CVE-2007-1861)
Product: Gentoo Security Reporter: Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.mail-archive.com/netdev%40vger.kernel.org/msg36434.html
Whiteboard: [linux < 2.6.16.50][linux >= 2.6.17 < 2.6.20.8][gp < 2.6.20-8]
Package list:
Runtime testing required: ---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-04-30 14:21:07 UTC 
Reply to NETLINK_FIB_LOOKUP messages were misrouted back to kernel,
    which resulted in infinite recursion and stack overflow.
    
    The bug is present in all kernel versions since the feature appeared.
    
    The patch also makes some minimal cleanup:
    
    1. Return something consistent (-ENOENT) when fib table is missing
    2. Do not crash when queue is empty (does not happen, but yet)
    3. Put result of lookup
    
    Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
    Signed-off-by: David S. Miller <davem@davemloft.net>
Comment 1 unnamedrambler 2008-03-08 19:29:37 UTC 
CVE-2007-1861
metadata:
[linux < 2.6.16.50] ca80e5b5767e8a2bf0714f9797b872258e500ee6
[linux >= 2.6.17 < 2.6.20.8] 9bc1779885f4ce1a4257c5640c70b75d2ae124ad
also in 2.6.21 1194ed0a3eb8076c8fbfe310f1ccbf229e8647de
[gp < 2.6.20-8]