Bug 136018

Summary: VUL-0: local dos in ip_conntrack_proto_tcp
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Marcus Meissner <meissner>
Component: KernelAssignee: E-mail List <kernel-maintainers>
Status: RESOLVED INVALID QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: Final   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVE-2005-3809: CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2005-11-30 10:07:49 UTC 
is public.

CVE-2005-3809

"The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via an update message without private protocol information, which triggers a null dereference."

http://marc.theaimsgroup.com/?l=linux-kernel&amp;m=113269476105016&amp;w=2


http://kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.14.y.git;a=commit;h=36f73ff25328f8a99c8a30f8a89b27b87440e0d1


http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.14.3



can this done by a user? or just by root?
Comment 1 Olaf Kirch 2005-11-30 10:11:37 UTC 
... 2.6.14 up to 2.6.14.3 ...

We don't ship any products based on this kernel. In particular, 10.0
is based on 2.6.13 which is not vulnerable according to the description
Comment 2 Thomas Biege 2009-10-13 20:40:24 UTC 
CVE-2005-3809: CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)