lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20100923.122155.108788529.davem@davemloft.net>
Date:	Thu, 23 Sep 2010 12:21:55 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	greg@...ah.com
Cc:	dreibh@....uni-due.de, akpm@...ux-foundation.org,
	vladislav.yasevich@...com, netdev@...r.kernel.org,
	bugzilla-daemon@...zilla.kernel.org, martin.becke@...-due.de,
	linux-sctp@...r.kernel.org, stable@...nel.org, sri@...ibm.com
Subject: Re: [stable] [Bugme-new] [Bug 18592] New: Remote/local Denial of
 Service vulnerability in SCTP packet/chunk handling

From: Greg KH <greg@...ah.com>
Date: Thu, 23 Sep 2010 11:05:15 -0700

> On Sat, Sep 18, 2010 at 04:11:03PM +0200, Thomas Dreibholz wrote:
>> Vlad's patch solves the problem. I hope this patch can go into the mailine 
>> kernel soon, in order to get distribution kernels fixed as soon as possible. It 
>> is relatively easy to trigger the denial of service problem, making all 
>> systems providing SCTP-based services vulnerable to a remote DoS attack.
>> 
>> I have also been able to reproduce the problem with kernel 2.6.32, i.e. at 
>> least all kernels from 2.6.32 to 2.6.36 are affected.
> 
> Is this in Linus's tree now?  If so, does anyone have the git commit id?

Should be: 4bdab43323b459900578b200a4b8cf9713ac8fab
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ