Bugzilla – Bug 132741
VUL-0: CVE-2005-3272: kernel: remote attackers can poison the bridge forwardiung table
Last modified: 2021-11-22 10:32:01 UTC
CVE-2005-3272 Linux kernel before 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets. http://linux.bkbits.net:8080/linux-2.6/cset@429a310bRFOXOmZvKaGXW8A5Qd9F1A
code in sles9 looks different a bit, but I guess it is affected. olaf, I think we need to fix this, do you agree?
remote -> major
Looking "a bit different" sure is an understatement. Backporting this fix is not trivial at all. In fact doing so may require a partial backport from 2.6.12 (at least the br_fdb_update function may need to be backported, and that seems to pull in some additional stuff). I am actually reluctant to include this change at this time in the product release cycle. Such a change needs more testing. Please comment.
since this is affects the local lan this is not that problematic. (other ways of attacking the network are possible). I guess we can leave out fixing for older products and just mark it fixed for the upcoming products.
CVE-2005-3272: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)