Bug 220975 (CVE-2007-6282)

Summary:	Kernel: IPSec ESP crash (CVE-2007-6282)
Product:	Gentoo Security	Reporter:	Robert Buchholz (RETIRED) <rbu>
Component:	Kernel	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	kernel
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=920fc941a9617f95ccb283037fe6f8a38d95bb69
Whiteboard:	[linux <2.6.25]
Package list:		Runtime testing required:	---

Description Robert Buchholz (RETIRED) gentoo-dev

2008-05-08 18:15:16 UTC

CVE-2007-6282 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6282):
  The IPsec implementation in Linux kernel before 2.6.25 allows remote routers
  to cause a denial of service (crash) via a fragmented ESP packet in which the
  first fragment does not contain the entire ESP header and IV.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2008-05-08 19:39:39 UTC

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=920fc941a9617f95ccb283037fe6f8a38d95bb69

Comment 2 kfm 2009-07-20 18:46:01 UTC

hardened-kernel unaffected at present time. Removing alias.