Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 7 Apr 2015 20:38:21 -0400 (EDT)
From: Wade Mealing <wmealing@...hat.com>
To: OSS Security List <oss-security@...ts.openwall.com>
Cc: cve-assign@...re.org
Subject: CVE request netfilter connection tracking accounting.

Gday,

I'd like to request a CVE for an issue posted to netfilter-devel 
( http://marc.info/?l=netfilter-devel&m=140112364215200&w=2 ).
 
This issue can be classified as a denial of service.

>From the bug report:

"I got the following OOPS with kernel 3.14.4 (debian backport for wheezy) on our 
internet gateway while trying to establish a new PPTP tunnel from a NAT-ed host.
Seems it's 100% reproductible"

The issue appears to be within netfilter connection tracking accounting, not specific
to PPTP or other helper protocols.

The flaw was introduced on Linux 3.6 and fixed on 3.15. The upstream fix is available ( See reference 1 )

Thank you.

Wade Mealing -- Red Hat Product Security

References:

1) http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=223b02d923ecd7c84cf9780bb3686f455d279279

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ