Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
On Fri, Aug 12, 2005 at 09:26:49AM +0200, Moritz Muehlenhoff wrote: > Horms wrote: > > > > There is no public CVE assignment for this issue. If's it easily > > > > reproducable > > > > for non-root, it might account as a local DoS vulnerability. > > > > > > mii-tool's IOCTL is only allowed by root. > > > > > > The remote DoS comes from the fact that snmpd will call this IOCTL when it > > > gets a request for the interface statistics. > > > > > > So it's exploitable via SNMP if the exploiter has access to the SNMP tree > > > in question. (Which is not the default, if I recall correctly?) > > > > > > However, this means that cricket will bone the machine during the boot > > > process, > > > or soon after. > > > > I think thats a strong enough reason to tag it as a security fix, > > and thus include it in a kernel security update. > > Hi Horms, > this is now CAN-2005-2548. Can you please add it to the changelog? Of course. Its in now. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
Horms wrote: > > > There is no public CVE assignment for this issue. If's it easily > > > reproducable > > > for non-root, it might account as a local DoS vulnerability. > > > > mii-tool's IOCTL is only allowed by root. > > > > The remote DoS comes from the fact that snmpd will call this IOCTL when it > > gets a request for the interface statistics. > > > > So it's exploitable via SNMP if the exploiter has access to the SNMP tree > > in question. (Which is not the default, if I recall correctly?) > > > > However, this means that cricket will bone the machine during the boot > > process, > > or soon after. > > I think thats a strong enough reason to tag it as a security fix, > and thus include it in a kernel security update. Hi Horms, this is now CAN-2005-2548. Can you please add it to the changelog? Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
On Thu, Aug 11, 2005 at 07:46:12PM +1000, Paul TBBle Hampson wrote: > On Thu, Aug 11, 2005 at 11:04:17AM +0200, Moritz Muehlenhoff wrote: > > Horms wrote: > > >> below patch has been slurped into the Debian patches for 2.6.8, but the > > >> error posted looks like the same error I suffered when hitting this bug. > > >> > > >> Patch from > > >> http://lists.osdl.org/pipermail/bridge/2004-September/000638.html > > >> > > >> Cut and paste from the web archive, so spacing etc. may be boned. > > >> But it's a typo-only fix anyway, so easy enough to recreate. > >> > >> Thanks I have added this to SVN. > >> > >> Is this considered a security bug and if so does it have a CAN number? > > > There is no public CVE assignment for this issue. If's it easily > > reproducable > > for non-root, it might account as a local DoS vulnerability. > > mii-tool's IOCTL is only allowed by root. > > The remote DoS comes from the fact that snmpd will call this IOCTL when it > gets a request for the interface statistics. > > So it's exploitable via SNMP if the exploiter has access to the SNMP tree > in question. (Which is not the default, if I recall correctly?) > > However, this means that cricket will bone the machine during the boot > process, > or soon after. I think thats a strong enough reason to tag it as a security fix, and thus include it in a kernel security update. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
On Thu, Aug 11, 2005 at 11:04:17AM +0200, Moritz Muehlenhoff wrote: > Horms wrote: > >> below patch has been slurped into the Debian patches for 2.6.8, but the > >> error posted looks like the same error I suffered when hitting this bug. > >> > >> Patch from > >> http://lists.osdl.org/pipermail/bridge/2004-September/000638.html > >> > >> Cut and paste from the web archive, so spacing etc. may be boned. > >> But it's a typo-only fix anyway, so easy enough to recreate. >> >> Thanks I have added this to SVN. >> >> Is this considered a security bug and if so does it have a CAN number? > There is no public CVE assignment for this issue. If's it easily reproducable > for non-root, it might account as a local DoS vulnerability. mii-tool's IOCTL is only allowed by root. The remote DoS comes from the fact that snmpd will call this IOCTL when it gets a request for the interface statistics. So it's exploitable via SNMP if the exploiter has access to the SNMP tree in question. (Which is not the default, if I recall correctly?) However, this means that cricket will bone the machine during the boot process, or soon after. ^_^ -- --- Paul "TBBle" Hampson, MCSE 8th year CompSci/Asian Studies student, ANU The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] "No survivors? Then where do the stories come from I wonder?" -- Capt. Jack Sparrow, "Pirates of the Caribbean" License: http://creativecommons.org/licenses/by/2.1/au/ --- pgpFECLcYrHMg.pgp Description: PGP signature
Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
Horms wrote: > > below patch has been slurped into the Debian patches for 2.6.8, but the > > error posted looks like the same error I suffered when hitting this bug. > > > > Patch from http://lists.osdl.org/pipermail/bridge/2004-September/000638.html > > > > Cut and paste from the web archive, so spacing etc. may be boned. > > But it's a typo-only fix anyway, so easy enough to recreate. > > Thanks I have added this to SVN. > > Is this considered a security bug and if so does it have a CAN number? There is no public CVE assignment for this issue. If's it easily reproducable for non-root, it might account as a local DoS vulnerability. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]