Bug 152796 - Multiple kernel vulnerabilities
Summary: Multiple kernel vulnerabilities
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: Package request (Show other bugs)
(Show other bugs)
Version: unspecified
Hardware: All Linux
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL: http://www.securityfocus.com/archive/...
Whiteboard: 1, LEGACY, rh73, rh90
Depends On:
TreeView+ depends on / blocked
Reported: 2004-10-06 06:23 UTC by John Dalbec
Modified: 2008-05-01 15:38 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description David Lawrence 2005-03-30 23:27:46 UTC
04.39.14 CVE: Not Available
Platform: Cross Platform
Title: Multiple Vendor TCP Packet Fragmentation Denial of Service
Description: Multiple vendor implementations of the TCP/IP stack are
reported to be vulnerable to a remote denial of service condition. The
issue presents itself when a large number of fragmented packets, with
missing fragments, are sent to the system and then the final fragment
is repetitively sent. Microsoft Windows 2000/XP, Linux kernel 2.4 tree
and some Cisco devices are reported to be vulnerable.
Ref: http://www.securityfocus.com/archive/1/376490

------- Additional Comments From dom@earth.li 2004-10-18 01:39:04 ----

bug 2106 could be fixed at the same time if it turns out to be a trivial patch.

------- Additional Comments From deisenst@gtw.net 2004-10-26 20:39:39 ----

No patch appears to be available yet, but there is a SecurityFocus BID #:

    * BID-11258: Multiple Vendor TCP Packet Fragmentation Handling Denial Of 
      Service Vulnerability    <http://www.securityfocus.com/bid/11258>.

There are claims that various Linux 2.6 kernels are not vulnerable to this.

------- Additional Comments From jpdalbec@ysu.edu 2004-10-29 02:52:04 ----

04.42.10 CVE: CAN-2004-0814
Platform: Linux
Title: Linux Kernel Terminal Locking Race Condition
Description: A race condition  exists in the terminal subsystem of
Linux Kernel. This issue can be used to create a remote denial of
service by sending specially crafted packets. This issue has been
addressed in version 2.6.9 of the Linux Kernel. Patches are also
available for 2.4.x releases.
Ref: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672

------- Additional Comments From jpdalbec@ysu.edu 2004-10-29 02:53:37 ----

*** Bug 2212 has been marked as a duplicate of this bug. ***

------- Additional Comments From marcdeslauriers@videotron.ca 2004-11-20 06:01:06 ----

Anther kernel issue:

Stefan Dirsch reported to the freedesktop.org bugzilla an issue with
permissions within the DRM code.


------- Additional Comments From jpdalbec@ysu.edu 2004-11-23 04:58:14 ----

bug 2205 could be fixed also.

------- Additional Comments From jpdalbec@ysu.edu 2004-11-24 04:47:19 ----

04.46.11 CVE: CAN-2004-0883, CAN-2004-0949
Platform: Linux
Title: Linux Kernel SMBFS Multiple Remote Vulnerabilities
Description: The Linux kernel is reportedly vulnerable to multiple
remote security issues in the SMBFS network file system. These include
buffer overflows, local and remote information disclosure, and an
integer underflow. These could lead to information disclosure, denial
of service or even execution of arbitrary code on the vulnerable
Ref: http://security.e-matters.de/advisories/142004.html 

------- Additional Comments From marcdeslauriers@videotron.ca 2004-12-02 16:24:01 ----

Red Hat has released an updated 2.4 kernel for RHEL3 containing a slew of
security fixes. See:


------- Additional Comments From dom@earth.li 2004-12-03 02:21:49 ----

I'm working on rolling an updated kernel. With any luck I will have something
later today.

------- Additional Comments From dom@earth.li 2004-12-13 13:03:45 ----

Hash: SHA1

I have spent some time working on this, and have fixed a few issues, but
the ELF patch does not apply at all easily to our kernel and I didn't
feel comfortable hacking this in. Work so far is:


with sha1sum:

8177fb7ff08630562566d8221fb429f1ed584ed2  kernel-2.4.20-38.7.legacy.src.rpm

I hope that someone can pick this up and complete the fixes for a release.
Sorry it took so long to respond to this bug.
Version: GnuPG v1.2.4 (GNU/Linux)


------- Additional Comments From michael@neonweb.ru 2004-12-13 22:33:19 ----

seems to be broken - it's only 560k in size, and can't be unpacked with rpm.
It's not a downloading problem, because sha1sum gives correct value.

------- Additional Comments From dom@earth.li 2004-12-13 23:07:03 ----

Hash: SHA1

Whoops. That was an aborted upload - should have checked more carefully.
Fixed now - new hash below.

44a4a23f62833f54c7c60f84d9c918914c86d4c7  kernel-2.4.20-38.7.legacy.src.rpm
Version: GnuPG v1.2.4 (GNU/Linux)


------- Additional Comments From jpdalbec@ysu.edu 2004-12-14 05:38:06 ----

Red Hat has released an updated 2.4 kernel for RHEL 2.1 containing a slew of
security fixes. See:


------- Additional Comments From bugzilla.fedora.us@beej.org 2004-12-14 13:21:46 ----

we should probably add to the never-ending list of kernel bugs that need to be
fixed all those from bug 2336 and CAN-2004-1058, CAN-2004-1068, CAN-2004-1151.

comment 5 is CAN-2004-1056

can somebody with the right bits update the summary to include all CVEs so that
it's easier to find?

------- Additional Comments From jpdalbec@ysu.edu 2004-12-15 05:46:03 ----

Created an attachment (id=944)
ELF patch

This patch requires a small modification to linux-2.4.22-security.patch and
linux-2.4.22-security-nptl.patch.  See my next attachment.

------- Additional Comments From jpdalbec@ysu.edu 2004-12-15 05:58:35 ----

Created an attachment (id=945)
security metapatch for ELF patch

Apply this metapatch to linux-2.4.22-security.patch and
linux-2.4.22-security-nptl.patch to get a clean build.

------- Additional Comments From jpdalbec@ysu.edu 2004-12-15 06:06:17 ----

In my test build I added the ELF patch to the .spec file right after patch 2620.
 I also commented out Source70 because mach didn't like it.  The build hasn't
actually finished yet, but I see binfmt_elf.o in the build directory so I think
the patch is good.  I'm going on vacation tomorrow so maybe someone else can
take it from here?

------- Additional Comments From siegert@sfu.ca 2005-01-06 15:36:20 ----

Since kernel bugs are currently tracked under two ids 2128 and 2336:
I just proposed a bunch of patches at

------- Additional Comments From rob.myers@gtri.gatech.edu 2005-01-07 09:58:18 ----

re comment #18:
your patches were also helpful for fc1.  :)

i just proposed some fc1 rpms under bug #2336.  should we start tracking all the
issues under that bug?

------- Additional Comments From abo@kth.se 2005-01-10 06:22:48 ----

Regarding: CAN-2004-1235: Kernel uselib() privilege elevation



I combined:


and applied to 2.4.20-37.9.legacy. Attaching the result.

------- Additional Comments From abo@kth.se 2005-01-10 06:23:42 ----

Created an attachment (id=963)
Patch for CAN-2004-1235

------- Additional Comments From dom@earth.li 2005-01-10 06:58:29 ----

regarding comment #20, I believe this is already covered in bug #2336

------- Additional Comments From marcdeslauriers@videotron.ca 2005-02-19 04:42:12 ----

This bug has been superceded by bug 2336.

------- Additional Comments From marcdeslauriers@videotron.ca 2005-02-24 17:42:14 ----

Updated kernel packages were released in bug 2336.

------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:27 -------

This bug previously known as bug 2128 at https://bugzilla.fedora.us/
Originally filed under the Fedora Legacy product and Package request component.

ELF patch
security metapatch for ELF patch
Patch for CAN-2004-1235

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Unknown severity critical. Setting to default severity "normal".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Note You need to log in before you can comment on or make changes to this bug.