Bugzilla – Bug 3362
DoS in linux networking hash tables + local vuln
Last modified: 2003-10-19 23:20:34 UTC
DoS in linux networking hash tables local vuln as well. W0rf, when you get that patched, post a comment and I'll integrate it up. If you need a patch put on a mirror, I can host it, just attach the patch, and put http://smgl.positivism.org/filename.patch.bz2 as the source. If you're busy let me know, too, and I'll just extract it from the srpms and host it, and put the patch in.
this one has a patch: http://marc.theaimsgroup.com/?l=bk-commits-24&m=105217616607144&w=2 this one doesn't: http://bugzilla.kernel.org/show_bug.cgi?id=703 let's patch the remote DoS at least. I've got a patches/hashDoS file made up to get the patch from within the bitkeeper url above ;) testing the compile now. Does require a very small change to PRE_BUILD to allow urls with & in them. BTW, sorcery is borked for urls with & in them, so I did a nice hack job, where I did \& to it. Also note that the stupid download routine tries to FUZZ the url to add a .tar.bz2 to the end of it, so I just faked it out with a dirty hack... but it's all working now. hashDoS #!/bin/bash DESCRIPTION="security fix for hash table DoS" SHORT="security fix for hash table DoS" HELP="Vulnerability: CAN-2003-0244 Several hash table implementations in the networking were remotely exploitable. Remote attackers could launch attacks whereby, using carefully choosen forged source addresses, make every routing cache entry get hashed into the same hash chain. Netfilter's IP conntrack module and the TCP syn-queue implementation had identical vulnerabilities and have been fixed too. The choosen solution to the problem involved using Bob's Jenkins hash along with a randomly choosen input. For the ipv4 routing cache we take things one step further and periodically choose a new random secret. By default this happens every 10 minutes, but this is configurable by the user via sysctl knobs. This patch is for 2.4.20 " VERSIONS="2.4.20" MD5S[0]=0a9d83f0fb0715c3cef97a66f86e9b69 if [[ "$1" == "CONFIG" ]]; then echo " SOURCE${COUNTER}='index.html?m=105217616607144\\&q=raw' SOURCE${COUNTER}_URL='http://marc.theaimsgroup.com/?m=105217616607144\\&q=raw;FAKE=.tar.bz2'" >> ${SPELL_CONFIG}.DETAILS source $SCRIPT_DIRECTORY/MD5PATCH fi PRE_BUILD: change "$mFILE" to unquoted $mFILE in md5check() I'm going to submit this once it's all tested. Does anybody know where the patch is for the local vuln?
in devel/test/stable in perforce. I wonder when it will get tarballed up with the whole ibiblio issue... Also, for devel, zero added in his cross compiling support to the kernel. both he and I have tested it, seems to work without issue by default. Haven't tried to actually cross compile with it yet.
Patched so closing... Eric
if any of these still have issues outstanding then they can be reopened, but most have just been overlooked/forgotten ("these" refers to the 611 fixed but not closed bugs I just found in our database)