lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 23 Sep 2010 11:05:15 -0700
From:	Greg KH <greg@...ah.com>
To:	Thomas Dreibholz <dreibh@....uni-due.de>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Vlad Yasevich <vladislav.yasevich@...com>,
	netdev@...r.kernel.org, bugzilla-daemon@...zilla.kernel.org,
	Martin Becke <martin.becke@...-due.de>,
	David Miller <davem@...emloft.net>, linux-sctp@...r.kernel.org,
	stable@...nel.org, Sridhar Samudrala <sri@...ibm.com>
Subject: Re: [stable] [Bugme-new] [Bug 18592] New: Remote/local Denial of
 Service vulnerability in SCTP packet/chunk handling

On Sat, Sep 18, 2010 at 04:11:03PM +0200, Thomas Dreibholz wrote:
> On Donnerstag 16 September 2010, Vlad Yasevich wrote:
> > On 09/15/2010 03:43 PM, Andrew Morton wrote:
> > > Thanks, but please send patches via email, not via bugzilla.
> > > Documentation/SubmittingPatches has some tips.  Suitable recipients for
> > > this patch are, from the MAINTAINERS file:
> > > 
> > > M:      Vlad Yasevich <vladislav.yasevich@...com>
> > > M:      Sridhar Samudrala <sri@...ibm.com>
> > > L:      linux-sctp@...r.kernel.org
> > > 
> > > but please just send it as a reply-to-all to this email so that everyone
> > > knows wht's happening.
> > > 
> > > I'd suggest that you also add the line
> > > 
> > > Cc: <stable@...nel.org>
> > > 
> > > to the end of the changelog so that we don't forget to consider the
> > > patch for backporting.
> > 
> > Hi Andrew
> > 
> > There is a much simpler solution to this problem that I posted to netdev
> > today.
> 
> Dear all,
> 
> Vlad's patch solves the problem. I hope this patch can go into the mailine 
> kernel soon, in order to get distribution kernels fixed as soon as possible. It 
> is relatively easy to trigger the denial of service problem, making all 
> systems providing SCTP-based services vulnerable to a remote DoS attack.
> 
> I have also been able to reproduce the problem with kernel 2.6.32, i.e. at 
> least all kernels from 2.6.32 to 2.6.36 are affected.

Is this in Linus's tree now?  If so, does anyone have the git commit id?

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ