90672 – (CVE-2005-3273) VUL-0: CVE-2005-3273: kernel: enail of service in ROSE network stack

Bug 90672 (CVE-2005-3273) - VUL-0: CVE-2005-3273: kernel: enail of service in ROSE network stack

Summary: VUL-0: CVE-2005-3273: kernel: enail of service in ROSE network stack

Status:	RESOLVED FIXED

Alias:	CVE-2005-3273

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	All SLES 9

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Chris L Mason
QA Contact:	Security Team bot

URL:
Whiteboard:	CVE-2005-3273: CVSS v2 Base Score: 5....
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-06-14 13:05 UTC by Dennis Conrad
Modified:	2021-09-26 10:30 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dennis Conrad 2005-06-14 13:05:38 UTC

ROSE does not verify the input for the ndigis argument of new routes resulting
in a minor security hole.

See

http://www.uwsg.iu.edu/hypermail/linux/kernel/0505.2/1755.html

for (very simple) patch.

Comment 1 Chris L Mason 2005-06-14 14:58:55 UTC

Greg, as keeper of security patches wandering around l-k, this one goes to you ;)

Comment 2 Marcus Meissner 2005-06-14 17:20:49 UTC

actually you should cc security-team too...

Comment 3 Greg Kroah-Hartman 2005-06-14 21:12:48 UTC

This is already in HEAD, and the sl93 kernel trees, right?

I think it's the security team's job to apply these to the rest of the kernels, 
if they think it is necessary.

Comment 4 Marcus Meissner 2005-06-15 07:36:40 UTC

not suse linux 9.3 
 
do you know what can be done with this problem? 
 
just crash the kernel? 
 
or root exploit?

Comment 5 Dennis Conrad 2005-06-15 08:01:05 UTC

A DoS should be possible.  I'm not sure about other impacts as there was nothing
mentioned in the kernel change log but "minor security hole".

This bug (amongst others) was originally reported by Brian Fuller on 2004-12-16:

   http://lwn.net/Articles/116322/

Comment 6 Marcus Meissner 2005-06-15 08:45:56 UTC

the questionable call is protected by:  
  
                if (!capable(CAP_NET_ADMIN))  
                        return -EPERM;  
  
so fix in HEAD is sufficient (and was already done in 2.6.12 I guess). 
 
root can crash the kernel many other ways.

Comment 7 Marcus Meissner 2005-11-08 16:57:41 UTC

CVE-2005-3273

Comment 8 Thomas Biege 2009-10-13 21:28:09 UTC

CVE-2005-3273: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)