Bug 74384

Comment 1 Thierry Carrez (RETIRED) 2004-12-14 08:58:06 UTC

Separating the two issues. this one will be for the IGMP one :

Synopsis:  Linux kernel IGMP vulnerabilities
Product:   Linux kernel
Version:   2.4 up to and including 2.4.28, 2.6 up to and including 2.6.9
Vendor:    http://www.kernel.org/
URL:       http://isec.pl/vulnerabilities/isec-0018-igmp.txt
CVE:       CAN-2004-1137
Author:    Paul Starzetz <ihaquer@isec.pl>
Date:      Dec 14, 2004

BK changesets :
http://linux.bkbits.net:8080/linux-2.4/cset@41b76e94BsJKm8jhVtyDat9ZM1dXXg
http://linux.bkbits.net:8080/linux-2.6/cset@41b768d1ySHbfa7cUWDle8NjDT_02A
http://linux.bkbits.net:8080/linux-2.6/cset@41b76c07Ee61GkoNwMH-oOvWG2FdxA

Comment 2 Thierry Carrez (RETIRED) 2004-12-14 09:03:35 UTC

*** Bug 73210 has been marked as a duplicate of this bug. ***

Comment 3 solar (RETIRED) 2004-12-14 22:19:54 UTC

The BK changesets in comment #1 appear to be for isec-0019-scm

Comment 4 Thierry Carrez (RETIRED) 2004-12-15 00:41:24 UTC

Yes, you're right... I was confused by those CMSG/IGMP stuff. Latest patch by Chris Wright follows.

Comment 5 Thierry Carrez (RETIRED) 2004-12-15 00:42:02 UTC

Created attachment 46018 [details, diff]
Patch (2.4/2.6)

Patch by Chris Wright (chrisw@osdl.org)

Comment 6 Christian Birchinger (RETIRED) 2004-12-15 02:17:00 UTC

Any version for 2.4.28 available? Attachment 46018 [details, diff] doesn't apply on it.

Any fixed version coming to portage?

Ah, sorry. gentoo-dev-sources-2.6.9-r10 has the fix, but is masked. May I suggest unmasking?

Comment 9 Christian Birchinger (RETIRED) 2004-12-16 12:10:08 UTC

sparc-sources 2.4.28-r2 are patched

Comment 10 Tim Yamin (RETIRED) 2004-12-24 07:08:13 UTC

Doesn't affect <= 2.4.21...

Comment 11 Adam Mondl (RETIRED) 2004-12-24 13:11:15 UTC

Patched in ~x86 hardened-sources-2.4.28-r1

Comment 12 Tim Yamin (RETIRED) 2004-12-24 16:35:19 UTC

Ok, all patched - the following externally maintained sources still need patching:

gentoo-dev-sources-2.6.7 -- Adding dsd...
hppa(-dev)-sources -- Adding GMSoft...
mips-sources -- Adding `Kumba...
openmosix-sources -- Adding cluster herd...
pegasos-dev-sources -- Adding dholm...
rsbac(-dev)-sources -- Adding kang...

Comment 13 Adam Mondl (RETIRED) 2004-12-24 17:00:53 UTC

hardened-dev-sources-r18 fixed

Comment 14 Daniel Drake (RETIRED) 2004-12-24 18:51:33 UTC

gentoo-dev-sources 2.6.8 (not 2.6.7) is eradicators deal

Comment 15 Daniel Drake (RETIRED) 2004-12-24 19:22:11 UTC

Sorry, sparc is actually on 2.6.9 and already done

Comment 16 David Holm (RETIRED) 2004-12-25 05:29:21 UTC

pegasos-dev-sources fixed

Comment 17 Guy Martin (RETIRED) 2004-12-27 06:27:40 UTC

2.4 is dropped on hppa and I've added 2.6.10-pa1 which doesn't seems affected by this problem.

Comment 18 Konstantin Arkhipov (RETIRED) 2004-12-27 08:49:24 UTC

done in oM6-sources.

Comment 19 Joshua Kinard 2005-01-05 21:21:16 UTC

mips-sources fixed.

Comment 20 Guillaume Destuynder (RETIRED) 2005-01-13 16:04:34 UTC

rsbac-dev-sources/rsbac-sources patched

Comment 21 Tim Yamin (RETIRED) 2005-01-15 14:49:30 UTC

kang: 2.6.10 and 2.4.28-r2 need stabilizing...

Comment 22 Guillaume Destuynder (RETIRED) 2005-01-18 13:14:48 UTC

Tim Yamin : I'm working on it. Didn't had inet the past weeks due to a big isp failure.. i just got it back today.
I was able to commit a few things in between ;)
will get that ready before 2005.0 snapshot (luckily isp doesn't fails tomorrow again ;)

Comment 23 Thierry Carrez (RETIRED) 2005-03-16 03:16:26 UTC

Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all
of these...

Comment 24 Tim Yamin (RETIRED) 2005-03-16 06:05:04 UTC

All fixed, closing bug.

Comment 25 Robert Buchholz (RETIRED) 2009-05-03 13:53:36 UTC

http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commit;h=620512af09f33236b4ea04372816b761d48586d9
http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commit;h=cfd024d7691544c8b666a7b6aa1e44215775de6b