Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Wed, 30 Apr 2008 18:10:17 +0200
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com
Cc: Karsten Keil <kkeil@...e.de>, security@...nel.org
Subject: Re: security problem in ESP fragment handling?

On Wed, Apr 30, 2008 at 04:18:11PM +0100, Mark J Cox wrote:
> >http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=920fc941a9617f95ccb283037fe6f8a38d95bb69
> >
> >This will at least hang the networking of the system if triggered.
> >
> >
> >According to Karsten Keil just ESP fragment packets need to be accepted
> >by the kernel to trigger the condition.
> >We think this might be true for all 2.6 kernels (ever since esp.c got 
> >added).
> 
> Quick response (burried today) but I think this is already allocated 
> CVE-2007-6282
> 
> http://64.233.183.104/search?q=cache:NNop-SbiE4EJ:www.mail-archive.com/netdev%40vger.kernel.org/msg62480.html+CVE-2007-6282&hl=en&ct=clnk&cd=1

Yes, this is the same issue.

Ciao, Marcus

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ