Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.64.1003301534210.4709@faron.mitre.org>
Date: Tue, 30 Mar 2010 15:38:34 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: kernel: ipv6: skb is unexpectedly
 freed (remote DoS)


On Mon, 29 Mar 2010, Eugene Teo wrote:

> Upstream commit:
> http://git.kernel.org/linus/fb7e2399ec17f1004c0e0ccfd17439f8759ede01

I'm not clear on the role of ipv6 here.  The affected code is in 
ipv4/tcp_input.c and there's no mention of tcp_v6_conn_request() there.

I'm guessing this was fixed in Linux 2.6.20.

Arguably this could have been given a 2007 ID, but the patch didn't 
clearly label the problem as a security issue, so I will treat Eugene's 
request as the first widely-public disclosure - thus a 2010 date.

Use CVE-2010-1188

- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.