Bug 202412
Summary: | CVE-2005-2873 ipt_recent crash (second part) | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | Marcel Holtmann <holtmann> | ||||
Component: | kernel | Assignee: | Neil Horman <nhorman> | ||||
Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 4.0 | CC: | jbaron, security-response-team | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | RHBA-2007-0304 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2007-05-08 03:18:49 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Marcel Holtmann
2006-08-14 09:55:27 UTC
Created attachment 135397 [details]
patch to update ipt_recent module to latest upstream code
I spent some time last night to generate the patch that updates our current
ipt_recent code to the latest upstream version. Its ABI compatibile as far as
I've been able to see, and it builds without warnings for me. Can you please
give it a test and confirm its functionality for me? Thanks
QE is concerned about testing this fix. We need some guidance on testing before we can ack this request. I built a custom kernel to start jiffies > LONG_MAX, but I think on 32 bit systems it should roll over anyway within the first 5 minutes after boot. Basically, all you need to do is set up an iptable rule to do an ipt_recent module --check operation of a source ip on a given port and drop the packet if its found, along with a --seconds 30 to narrow the search to the last 30 seconds. then a second subsequent rule to add the source ip to the table. the effect here should be that one can contact the specified port on the system (I used the telnet daemon to test) once every 30 seconds. Addition connect attempts will be dropped. When the bug is in place, once an entry is added to the table it will (incorrectly) always be found, and the matching packets will always be dropped. with the fix, packets will be allowed through once every 30 seconds This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. QE ack for RHEL4.5. committed in stream U5 build 42.20. A test kernel with this patch is available from http://people.redhat.com/~jbaron/rhel4/ I'm not able to reproduce the original problem but I did test the ipt_recent functionality and it appears to be working as expected. I have also verified that the patch to update ipt_recent is in the -52 kernel. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-0304.html |