Bug 657303 (CVE-2010-4251, CVE-2010-4805)
| Summary: | CVE-2010-4251 CVE-2010-4805 kernel: unlimited socket backlog DoS | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Eugene Teo (Security Response) <eteo> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | dhoward, haliu, jolsa, kernel-mgr, lwang, plyons, pmatouse, rkhan, security-response-team, vgoyal, vkrizan, vmayatsk |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-07-29 13:27:17 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 657305, 657306, 657308, 657309, 694317, 694396 | ||
| Bug Blocks: | |||
|
Description
Eugene Teo (Security Response)
2010-11-25 12:38:42 UTC
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise MRG as they have already backported the fixes for this issue. Future kernel updates in Red Hat Enterprise Linux 6 may address this flaw. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:0303 https://rhn.redhat.com/errata/RHSA-2011-0303.html We need c07224005dd3fe746246acadc9be652a588a4d7f for a typo correction too. This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0542 https://rhn.redhat.com/errata/RHSA-2011-0542.html A CVE was assigned to this for commit c377411f which we have already backported as part of a collection of fixes for CVE-2010-4251. ====================================================== Name: CVE-2010-4805 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4805 Assigned: 20110526 Reference: MLIST:[netdev] 20100302 [PATCH 1/8] net: add limit for socket backlog Reference: URL:http://kerneltrap.org/mailarchive/linux-netdev/2010/3/3/6271093/thread Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c377411f2494a931ff7facdbb3a6839b1266bcf6 Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35 Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=657303 Reference: BID:46637 Reference: URL:http://www.securityfocus.com/bid/46637 The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4251. This issue has been addressed in following products: Red Hat Enterprise Linux 6.0.Z - Server Only Via RHSA-2011:0883 https://rhn.redhat.com/errata/RHSA-2011-0883.html |