Bug 235857
Summary: | CVE-2007-1357 Remotely triggerable crash in AppleTalk | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Marcel Holtmann <holtmann> |
Component: | kernel | Assignee: | Don Zickus <dzickus> |
Status: | CLOSED NOTABUG | QA Contact: | Martin Jenner <mjenner> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 5.0 | CC: | security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | impact=important,source=vendorsec,reported=20070406,public=20070405 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-06-06 12:34:13 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Marcel Holtmann
2007-04-10 15:17:53 UTC
The appletalk.ko kernel module is not build. So the kernel is _NOT_ vulnerable, but our source RPM contains some weird config files: # grep ATALK *config* config-olpc-generic:# CONFIG_ATALK is not set config-rhel-generic:# CONFIG_ATALK is not set kernel-2.6.18-i586.config:CONFIG_ATALK=m kernel-2.6.18-i686.config:CONFIG_ATALK=m kernel-2.6.18-i686-kdump.config:CONFIG_ATALK=m kernel-2.6.18-i686-PAE.config:CONFIG_ATALK=m kernel-2.6.18-i686-xen.config:CONFIG_ATALK=m kernel-2.6.18-ia64.config:CONFIG_ATALK=m kernel-2.6.18-ia64-xen.config:CONFIG_ATALK=m kernel-2.6.18-ppc64.config:CONFIG_ATALK=m kernel-2.6.18-ppc64-kdump.config:CONFIG_ATALK=m kernel-2.6.18-ppc.config:CONFIG_ATALK=m kernel-2.6.18-ppc-smp.config:CONFIG_ATALK=m kernel-2.6.18-s390.config:CONFIG_ATALK=m kernel-2.6.18-s390x.config:CONFIG_ATALK=m kernel-2.6.18-x86_64.config:CONFIG_ATALK=m kernel-2.6.18-x86_64-kdump.config:CONFIG_ATALK=m kernel-2.6.18-x86_64-xen.config:CONFIG_ATALK=m Can someone explain what happened here? We treat fedora as the superset for our src.rpms. This is why ATALK is enabled in kernel-*.config (because fedora enables it). For subset kernels, ie rhel or olpc, we throw down a final set of config options to disable what we don't want to support. In the rhel-5 case this would be, config-rhel-generic. As you can see above, config-rhel-generic has CONFIG_ATALK disabled. When we build the rhel kernel, the final kernel-*.config output has CONFIG_ATALK disabled. I presume we can close this as NOTABUG because we don't support AppleTalk. |