108572 – CAN-2003-0859 Netlink local DoS: glibc

Bug 108572 - CAN-2003-0859 Netlink local DoS: glibc

Summary: CAN-2003-0859 Netlink local DoS: glibc

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	glibc
Sub Component:
Version:	3.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jakub Jelinek
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2003-10-30 10:23 UTC by Mark J. Cox
Modified:	2007-11-30 22:06 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-06-18 13:02:09 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Mark J. Cox 2003-10-30 10:23:51 UTC

Herbert Xu discovered that a number of netlink applications do not
check the source address of incoming packets, assuming they are coming
from the kernel.  As any local user can send unicast netlink messages
to any process on the system, this can lead to a local denial of
service attack, or other local attacks.

glibc in RHEL3 is affected (getifaddrs)

Currently embargoed.

Comment 1 Mark J. Cox 2003-11-24 16:31:46 UTC

was fixed by RHSA-2003:334

Comment 2 Josh Bressers 2004-06-18 13:02:09 UTC

I'm closing this since it's been fixed.

Note You need to log in before you can comment on or make changes to this bug.