|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2005-3273: kernel: enail of service in ROSE network stack | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Dennis Conrad <dcon> |
| Component: | Incidents | Assignee: | Chris L Mason <mason> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | SLES 9 | ||
| Whiteboard: | CVE-2005-3273: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) | ||
| Found By: | Other | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Dennis Conrad
2005-06-14 13:05:38 UTC
Greg, as keeper of security patches wandering around l-k, this one goes to you ;) actually you should cc security-team too... This is already in HEAD, and the sl93 kernel trees, right? I think it's the security team's job to apply these to the rest of the kernels, if they think it is necessary. not suse linux 9.3 do you know what can be done with this problem? just crash the kernel? or root exploit? A DoS should be possible. I'm not sure about other impacts as there was nothing mentioned in the kernel change log but "minor security hole". This bug (amongst others) was originally reported by Brian Fuller on 2004-12-16: http://lwn.net/Articles/116322/ the questionable call is protected by:
if (!capable(CAP_NET_ADMIN))
return -EPERM;
so fix in HEAD is sufficient (and was already done in 2.6.12 I guess).
root can crash the kernel many other ways.
CVE-2005-3273 CVE-2005-3273: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) |