[Kernel-packages] [Bug 1739765] Re: xt_TCPMSS buffer overflow bug
Sorry, the kernel commit to fix this didn't pick up the launchpad bug number, so this bug didn't get auto-closed. It's been addressed in all Ubuntu releases e.g. https://usn.ubuntu.com/usn/usn-3583-1/ . You can see the state at https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18017.html. Thanks again for the report! ** Changed in: linux (Ubuntu) Status: Expired => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1739765 Title: xt_TCPMSS buffer overflow bug Status in linux package in Ubuntu: Fix Released Bug description: Bug was reported in LKML here: https://lkml.org/lkml/2017/4/2/13 In few words - corrupted packet might be used to modify memory at router who has xt_TCPMSS used as iptables action. This is really nasty bug, and can be triggered remotely by malicious person on anything that usually use this iptables action (PPPoE/PPTP-enabled ISP or VPN provider, for example). This bug existed for several years, i guess. I waited for a while since April, as it's already pushed to stable, and probably all distributions have it updated, so now it's time to do bugreport, to make sure it is really fixed everywhere. Maybe worth to assign CVE for it? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1739765] Re: xt_TCPMSS buffer overflow bug
[Expired for linux (Ubuntu) because there has been no activity for 60 days.] ** Changed in: linux (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1739765 Title: xt_TCPMSS buffer overflow bug Status in linux package in Ubuntu: Expired Bug description: Bug was reported in LKML here: https://lkml.org/lkml/2017/4/2/13 In few words - corrupted packet might be used to modify memory at router who has xt_TCPMSS used as iptables action. This is really nasty bug, and can be triggered remotely by malicious person on anything that usually use this iptables action (PPPoE/PPTP-enabled ISP or VPN provider, for example). This bug existed for several years, i guess. I waited for a while since April, as it's already pushed to stable, and probably all distributions have it updated, so now it's time to do bugreport, to make sure it is really fixed everywhere. Maybe worth to assign CVE for it? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1739765] Re: xt_TCPMSS buffer overflow bug
Perfect! Thanks a lot, now i have big reason to ask some sysadmins and vendors to upgrade their kernels. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1739765 Title: xt_TCPMSS buffer overflow bug Status in linux package in Ubuntu: Incomplete Bug description: Bug was reported in LKML here: https://lkml.org/lkml/2017/4/2/13 In few words - corrupted packet might be used to modify memory at router who has xt_TCPMSS used as iptables action. This is really nasty bug, and can be triggered remotely by malicious person on anything that usually use this iptables action (PPPoE/PPTP-enabled ISP or VPN provider, for example). This bug existed for several years, i guess. I waited for a while since April, as it's already pushed to stable, and probably all distributions have it updated, so now it's time to do bugreport, to make sure it is really fixed everywhere. Maybe worth to assign CVE for it? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1739765] Re: xt_TCPMSS buffer overflow bug
Use CVE-2017-18017. Thanks ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-18017 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1739765 Title: xt_TCPMSS buffer overflow bug Status in linux package in Ubuntu: Incomplete Bug description: Bug was reported in LKML here: https://lkml.org/lkml/2017/4/2/13 In few words - corrupted packet might be used to modify memory at router who has xt_TCPMSS used as iptables action. This is really nasty bug, and can be triggered remotely by malicious person on anything that usually use this iptables action (PPPoE/PPTP-enabled ISP or VPN provider, for example). This bug existed for several years, i guess. I waited for a while since April, as it's already pushed to stable, and probably all distributions have it updated, so now it's time to do bugreport, to make sure it is really fixed everywhere. Maybe worth to assign CVE for it? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1739765] Re: xt_TCPMSS buffer overflow bug
Thanks Denys, I've asked MITRE for a CVE number for this issue. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1739765 Title: xt_TCPMSS buffer overflow bug Status in linux package in Ubuntu: Incomplete Bug description: Bug was reported in LKML here: https://lkml.org/lkml/2017/4/2/13 In few words - corrupted packet might be used to modify memory at router who has xt_TCPMSS used as iptables action. This is really nasty bug, and can be triggered remotely by malicious person on anything that usually use this iptables action (PPPoE/PPTP-enabled ISP or VPN provider, for example). This bug existed for several years, i guess. I waited for a while since April, as it's already pushed to stable, and probably all distributions have it updated, so now it's time to do bugreport, to make sure it is really fixed everywhere. Maybe worth to assign CVE for it? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1739765] Re: xt_TCPMSS buffer overflow bug
Yes, already queued by Eric Dumazet in all stable since report in April http://patchwork.ozlabs.org/patch/746618/ Yes, i did, but troubleshooting done and fix issued by Eric Dumazet. Also there is chance exist that someone used it for malicious purposes "in wild" at that moment, as it appeared at peak time on ISP, in specific network with many users, while exactly same setup on other locations didn't had this issue. That was reason to enable KASAN and to search for it. No CVE as far as i know, i just don't know how to do that. Not sure if Eric or netfilter developers (for example Pablo Neira Ayuso) filled anything. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1739765 Title: xt_TCPMSS buffer overflow bug Status in linux package in Ubuntu: Incomplete Bug description: Bug was reported in LKML here: https://lkml.org/lkml/2017/4/2/13 In few words - corrupted packet might be used to modify memory at router who has xt_TCPMSS used as iptables action. This is really nasty bug, and can be triggered remotely by malicious person on anything that usually use this iptables action (PPPoE/PPTP-enabled ISP or VPN provider, for example). This bug existed for several years, i guess. I waited for a while since April, as it's already pushed to stable, and probably all distributions have it updated, so now it's time to do bugreport, to make sure it is really fixed everywhere. Maybe worth to assign CVE for it? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1739765] Re: xt_TCPMSS buffer overflow bug
Hello Denys, Are fixes for this bug available? Did you discover this bug? Have you, or someone else, filed for a CVE for this issue yet? Thanks ** Package changed: kernel-package (Ubuntu) => linux (Ubuntu) ** Information type changed from Private Security to Public Security ** Changed in: linux (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1739765 Title: xt_TCPMSS buffer overflow bug Status in linux package in Ubuntu: Incomplete Bug description: Bug was reported in LKML here: https://lkml.org/lkml/2017/4/2/13 In few words - corrupted packet might be used to modify memory at router who has xt_TCPMSS used as iptables action. This is really nasty bug, and can be triggered remotely by malicious person on anything that usually use this iptables action (PPPoE/PPTP-enabled ISP or VPN provider, for example). This bug existed for several years, i guess. I waited for a while since April, as it's already pushed to stable, and probably all distributions have it updated, so now it's time to do bugreport, to make sure it is really fixed everywhere. Maybe worth to assign CVE for it? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp