Bug 132750 (CVE-2005-3274)

Summary: VUL-0: CVE-2005-3274: kernel: local dos in virtual server / ip_vs_conn_flush on SMP
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Marcus Meissner <meissner>
Status: RESOLVED WONTFIX QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: lmb, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVE-2005-3274: CVSS v2 Base Score: 1.2 (AV:L/AC:H/Au:N/C:N/I:N/A:P)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2005-11-08 16:47:29 UTC 
CVE-2005-3274

Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired.

CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=e684f066dff5628bb61ad1912de6e8058b5b4c7d 
CONFIRM:http://lkml.org/lkml/2005/6/23/249 
CONFIRM:http://lkml.org/lkml/2005/6/24/173
Comment 1 Marcus Meissner 2005-11-08 16:52:19 UTC 
we have VS enabled. not sure if we need or want to fix this.
Comment 2 Lars Marowsky-Bree 2005-11-08 18:54:28 UTC 
It's fairly low risk, but adding it seems a good idea before it is made public. Your call.
Comment 3 Olaf Kirch 2005-11-11 10:26:42 UTC 
I think it's not worth the hassle. ip_vs_conn_flush is called during
rmmod - so we're talking about the a connection expiring at the moment
the admin rmmod's the module. How likely is that?

-> WONTFIX please
Comment 4 Marcus Meissner 2005-11-11 10:28:31 UTC 
i agree.
Comment 5 Thomas Biege 2009-10-13 20:33:45 UTC 
CVE-2005-3274: CVSS v2 Base Score: 1.2 (AV:L/AC:H/Au:N/C:N/I:N/A:P)