Bug 473696 (CVE-2008-5079)
Summary: | CVE-2008-5079 Linux Kernel 'atm module' Local Denial of Service | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Eugene Teo (Security Response) <eteo> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | high | Docs Contact: | |||||||
Priority: | high | ||||||||
Version: | unspecified | CC: | agospoda, anton, bhu, cebbert, davej, dhoward, jpirko, lgoncalv, lwang, security-response-team, williams | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2010-12-21 17:54:25 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 473606, 473697, 473698, 473699, 473700, 473701, 474298, 474299, 474300 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Description
Eugene Teo (Security Response)
2008-11-30 02:30:27 UTC
Seems to be introduced by upstream commit 9301e32: From 9301e320e98ff19a0e48881b038d0c24ca76e6c0 Mon Sep 17 00:00:00 2001 From: Chas Williams <chas.navy.mil> Date: Wed, 28 Sep 2005 16:35:01 -0700 Subject: [PATCH] [ATM]: track and close listen sockets when sigd exits Signed-off-by: Chas Williams <chas.navy.mil> Tested the upstream kernel without commit 9301e32. It's not reproducible. (In reply to comment #3) > on rhel4 kernel, this bug is not triggerable. Like rhel4, tested 2.4.21-57.EL on rhel3, and the bug is not triggerable. [test@rhel3-as-i386 test]$ ./atmdos Itf VPI VCI AAL RX(PCR,Class) TX(PCR,Class) [test@rhel3-as-i386 test]$ uname -a Linux rhel3-as-i386 2.4.21-57.EL #1 Wed Apr 23 01:46:01 EDT 2008 i686 i686 i386 GNU/Linux Created attachment 325649 [details]
Proposed patch for real-time kernel
taskID=1598153; Tested this with the reproducer.
This is public now. http://marc.info/?l=linux-netdev&m=122841256115780&w=2 http://marc.info/?l=linux-netdev&m=122843162615569&w=2 Fixed in Fedora 10 kernel 2.6.27.8-143 Where is the Fedora 9 bug? (In reply to comment #19) > Where is the Fedora 9 bug? Don't think there is one. Please create it if needed. Thanks Chuck. (In reply to comment #17) > This is public now. > http://marc.info/?l=linux-netdev&m=122841256115780&w=2 > http://marc.info/?l=linux-netdev&m=122843162615569&w=2 Upstream commit: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=17b24b3c97498935a2ef9777370b1151dfed3f6f kernel-2.6.27.9-159.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/kernel-2.6.27.9-159.fc10 kernel-2.6.27.9-73.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/kernel-2.6.27.9-73.fc9 kernel-2.6.27.9-159.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. kernel-2.6.27.9-73.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. kernel-2.6.26.8-57.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/kernel-2.6.26.8-57.fc8 kernel-2.6.26.8-57.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. This was addressed via: Red Hat Enterprise Linux (v. 5.2.z server) (RHSA-2009:0021) MRG Realtime for RHEL 5 Server (RHSA-2009:0053) Red Hat Enterprise Linux version 5 (RHSA-2009:0225) |