Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 10 Jul 2015 12:27:11 +0200
From: Gsunde Orangen <gsunde.orangen@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Re: CVE Request: UDP checksum DoS

These two issues (CVE-2015-5366 and CVE-2015-5364) - commit in May 30th:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0

are fixed upstream in: 3.10.81, 3.12.44, 3.14.45, 3.18.17, 4.0.6, and
4.1-rc7

Does anyone know the reason why it wasn't (yet?) included in the
latest 3.4.x release (3.4.108 as of 2015-06-19)?

Thanks,
Gsunde


On 2015-07-06, 11:23 cve-assign@...re.org wrote:
>>> However, the presence of "return -EAGAIN" may also have been a
>>>  security problem in some realistic circumstances. For
>>> example, maybe there's an attacker who can't transmit a flood
>>> with invalid checksums, but can sometimes inject one packet
>>> with an invalid checksum. The goal of this attacker isn't to
>>> cause a system hang; the goal is to cause an EPOLLET epoll
>>> application to stop reading for an indefinitely long period of
>>> time. This scenario can't also be covered by CVE-2015-5364. Is
>>> it better to have no CVE ID at all, e.g., is
>>> udp_recvmsg/udpv6_recvmsg simply not intended to defend against
>>> this scenario?
> 
>> It seems reasonable to assign a second CVE ID to that issue.
> 
> Use CVE-2015-5366.
> 
> 

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ