Bug 136018 - VUL-0: local dos in ip_conntrack_proto_tcp
Summary: VUL-0: local dos in ip_conntrack_proto_tcp
Status: RESOLVED INVALID
Alias: None
Product: SUSE LINUX 10.0
Classification: openSUSE
Component: Kernel (show other bugs)
Version: Final
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: E-mail List
QA Contact: E-mail List
URL:
Whiteboard: CVE-2005-3809: CVSS v2 Base Score: 7....
Keywords:
Depends on:
Blocks:
 
Reported: 2005-11-30 10:07 UTC by Marcus Meissner
Modified: 2009-10-13 20:40 UTC (History)
1 user (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2005-11-30 10:07:49 UTC 
is public.

CVE-2005-3809

"The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via an update message without private protocol information, which triggers a null dereference."

http://marc.theaimsgroup.com/?l=linux-kernel&m=113269476105016&w=2


http://kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.14.y.git;a=commit;h=36f73ff25328f8a99c8a30f8a89b27b87440e0d1


http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.14.3



can this done by a user? or just by root?
Comment 1 Olaf Kirch 2005-11-30 10:11:37 UTC 
... 2.6.14 up to 2.6.14.3 ...

We don't ship any products based on this kernel. In particular, 10.0
is based on 2.6.13 which is not vulnerable according to the description
Comment 2 Thomas Biege 2009-10-13 20:40:24 UTC 
CVE-2005-3809: CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)