| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201009181611.05665.dreibh@iem.uni-due.de> Date: Sat, 18 Sep 2010 16:11:03 +0200 From: Thomas Dreibholz <dreibh@....uni-due.de> To: Andrew Morton <akpm@...ux-foundation.org> Cc: Vlad Yasevich <vladislav.yasevich@...com>, bugzilla-daemon@...zilla.kernel.org, netdev@...r.kernel.org, Sridhar Samudrala <sri@...ibm.com>, linux-sctp@...r.kernel.org, stable@...nel.org, David Miller <davem@...emloft.net>, Martin Becke <martin.becke@...-due.de> Subject: Re: [Bugme-new] [Bug 18592] New: Remote/local Denial of Service vulnerability in SCTP packet/chunk handling On Donnerstag 16 September 2010, Vlad Yasevich wrote: > On 09/15/2010 03:43 PM, Andrew Morton wrote: > > Thanks, but please send patches via email, not via bugzilla. > > Documentation/SubmittingPatches has some tips. Suitable recipients for > > this patch are, from the MAINTAINERS file: > > > > M: Vlad Yasevich <vladislav.yasevich@...com> > > M: Sridhar Samudrala <sri@...ibm.com> > > L: linux-sctp@...r.kernel.org > > > > but please just send it as a reply-to-all to this email so that everyone > > knows wht's happening. > > > > I'd suggest that you also add the line > > > > Cc: <stable@...nel.org> > > > > to the end of the changelog so that we don't forget to consider the > > patch for backporting. > > Hi Andrew > > There is a much simpler solution to this problem that I posted to netdev > today. Dear all, Vlad's patch solves the problem. I hope this patch can go into the mailine kernel soon, in order to get distribution kernels fixed as soon as possible. It is relatively easy to trigger the denial of service problem, making all systems providing SCTP-based services vulnerable to a remote DoS attack. I have also been able to reproduce the problem with kernel 2.6.32, i.e. at least all kernels from 2.6.32 to 2.6.36 are affected. Best regards -- ======================================================================= Dr. Thomas Dreibholz University of Duisburg-Essen, Room ES210 Inst. for Experimental Mathematics Ellernstraße 29 Computer Networking Technology Group D-45326 Essen/Germany ----------------------------------------------------------------------- E-Mail: dreibh@....uni-due.de Homepage: http://www.iem.uni-due.de/~dreibh ======================================================================= -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists