Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 249729 (CVE-2008-5300) - Kernel: sendmsg() DOS during AF_UNIX GC (CVE-2008-5300)
Summary: Kernel: sendmsg() DOS during AF_UNIX GC (CVE-2008-5300)
Status: RESOLVED FIXED
Alias: CVE-2008-5300
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High minor
Assignee: Gentoo Security
URL: http://git.kernel.org/?p=linux/kernel...
Whiteboard: [linux <2.6.27.8]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-12-03 20:27 UTC by Stefan Behte (RETIRED)
Modified: 2013-09-05 03:33 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2008-12-03 20:27:31 UTC
CVE-2008-5300 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5300):
  Linux kernel 2.6.28 allows local users to cause a denial of service
  ("soft lockup" and process loss) via a large number of sendmsg
  function calls, which does not block during AF_UNIX garbage
  collection and triggers an OOM condition, a different vulnerability
  than CVE-2008-5029.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2008-12-03 20:34:17 UTC
Also see:

http://marc.info/?l=linux-netdev;m=122721862313564;w=2
Comment 2 Bruno Buss 2008-12-05 12:18:26 UTC
This is the fix:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5f23b734963ec7eaa3ebcd9050da0c9b7d143dd3

It's in 2.6.27.8, that is in stable review cycle.
It's not in 2.6.28-rc7, but will be in 2.6.28-rc8 as it's already in linus tree.


Security Focus says that there is a lot of vulnerable versions:
http://www.securityfocus.com/bid/32516/info

I think when 2.6.27.8 is released, genpatches will be updated and then gentoo-sources-2.6.27-r5 will be released.
But to 2.6.26, what we will do? Backport to genpatches and release gentoo-sources-2.6.26-r4?
Comment 3 Mathieu Segaud 2008-12-05 12:49:30 UTC
(In reply to comment #2)
> This is the fix:
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5f23b734963ec7eaa3ebcd9050da0c9b7d143dd3
> 
> It's in 2.6.27.8, that is in stable review cycle.
> It's not in 2.6.28-rc7, but will be in 2.6.28-rc8 as it's already in linus
> tree.
> 
> 
> Security Focus says that there is a lot of vulnerable versions:
> http://www.securityfocus.com/bid/32516/info
> 
> I think when 2.6.27.8 is released, genpatches will be updated and then
> gentoo-sources-2.6.27-r5 will be released.
> But to 2.6.26, what we will do? Backport to genpatches and release
> gentoo-sources-2.6.26-r4?

no need to backport, the diff applies cleanly, builds fine and runs cool here.
I tried the experiment that triggered the DoS as described here: http://marc.info/?l=linux-netdev&m=122721862313564&w=2#1 and was enable to trigger any OOM condition or soft lockups.
I suggest the diff be added to genpatches as is, and release 2.6.26-r4 as you proposed it.