lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Mar 2007 01:14:50 -0700 From: Andrew Morton <akpm@...ux-foundation.org> To: netdev@...r.kernel.org Cc: "bugme-daemon@...nel-bugs.osdl.org" <bugme-daemon@...zilla.kernel.org>, didier.schrapf@...atelaleniaspace.com Subject: Re: [Bugme-new] [Bug 8284] New: IPsec anti-replay window management flaw On Fri, 30 Mar 2007 01:06:17 -0700 bugme-daemon@...zilla.kernel.org wrote: > http://bugzilla.kernel.org/show_bug.cgi?id=8284 > > Summary: IPsec anti-replay window management flaw > Kernel Version: 2.6.20.4 > Status: NEW > Severity: normal > Owner: shemminger@...l.org > Submitter: didier.schrapf@...atelaleniaspace.com > > > The IPsec ESP/AH anti-replay window size is configurable, 64 being the value > recommended by RFC 2406. > Linux kernels use a 32 bit bitmap to check whether a sequence number has > already been received. > > When a packet is received, if its seq is lower than the greatest received seq, > and if the difference is greater than 32, the check doesn't work. > This constitutes a security flaw. > > The faulty code is in net/xfrm/xfrm-state.c, functions xfrm_replay_check() and > xfrm_replay_advance(). - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists