Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1424751 - (CVE-2017-2634) CVE-2017-2634 kernel: dccp: crash while sending ipv6 reset packet
CVE-2017-2634 kernel: dccp: crash while sending ipv6 reset packet
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20170224,repor...
: Security
: 1424753 (view as bug list)
Depends On: 1425177 1426298 1426307 1426309 1426311 1426507
Blocks: 1426501
  Show dependency treegraph
 
Reported: 2017-02-19 02:27 EST by Wade Mealing
Modified: 2018-02-14 18:15 EST (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system.
Story Points: ---
Clone Of:
: 1426298 1426307 (view as bug list)
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:0323 normal SHIPPED_LIVE Important: kernel security update 2017-02-24 15:56:33 EST
Red Hat Product Errata RHSA-2017:0346 normal SHIPPED_LIVE Important: kernel security and bug fix update 2017-02-28 15:03:22 EST
Red Hat Product Errata RHSA-2017:0347 normal SHIPPED_LIVE Important: kernel security and bug fix update 2017-02-28 15:03:15 EST

  None (edit)
Description Wade Mealing 2017-02-19 02:27:01 EST 
A flaw was found in the linux kernels implementation of DCCP protocol in which a an application making a DCCP connection over IPV6 could crash a remote (or local) system.  When attempting to send a DCCP reset packet, the system will incorrectly create the packet header and while updating the SNMP counters for this condition crash the kernel. The remote system would need to have both an application running as a DCCP server and have an IPV6 address routable.

This can result in the system crash or denial of service.

Upstream fix:

https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=f53dc67c5e7babafe239b93a11678b0e05bead51
Comment 13 Wade Mealing 2017-02-23 23:21:55 EST 
*** Bug 1424753 has been marked as a duplicate of this bug. ***
Comment 14 Wade Mealing 2017-02-23 23:44:32 EST 
Statement:

This issue affects Red Hat Enterprise Linux 5 kernel.  This issue was fixed in a versions 6 and 7 prior to this issue being raised.

Future Linux kernel updates for Red Hat Enterprise Linux 5 may address this issue.
Comment 15 Wade Mealing 2017-02-23 23:45:54 EST 
Acknowledgment:

Name: Wade Mealing (Red Hat Product Security)
Comment 18 errata-xmlrpc 2017-02-24 10:58:05 EST 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2017:0323 https://rhn.redhat.com/errata/RHSA-2017-0323.html
Comment 20 errata-xmlrpc 2017-02-28 10:04:54 EST 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5.6 Long Life

Via RHSA-2017:0347 https://rhn.redhat.com/errata/RHSA-2017-0347.html
Comment 21 errata-xmlrpc 2017-02-28 10:07:00 EST 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5.9 Long Life

Via RHSA-2017:0346 https://rhn.redhat.com/errata/RHSA-2017-0346.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.