Red Hat Bugzilla – Bug 167703
CAN-2005-2872 ipt_recent crash
Last modified: 2007-11-30 17:07:20 EST
A flaw has been reported in the ipt_recent module along with a patch
A subset of this patch was commited to 2.6 kernel prior to 2.6.12:
It was originally reported that this flaw can cause a remote crash but in other
messages mentioned that this was just on 64-bit systems. The security team
haven't yet analysed this flaw to determine the exact consequences or likelyhood
The CVE entry states:
The ipt_recent kernel module (ipt_recent.c) in Linux kernel
before 2.6.12, when running on 64-bit processors such as
AMD64, does not properly perform certain time tests when the
jiffies value is greater than LONG_MAX, which can allow
remote attackers to cause a denial of service (kernel panic)
via certain attacks such as SSH brute force.
Dave, you looked at the original patch for this and I seem to recall you found
bugs in it. Can you confirm that the subset patch committed via bk into
mainline appropriate for us to use?
Yes, the BK patch is fine.
The bogus version never made it into Linus's tree.
ipt_recent needs to be rewritten from scratch to try and address
the problems the blog.blackdown.de patch is trying to solve.
Note this has been renamed to CAN-2005-2872 by Mitre
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
This seems to fix only 64bit remote DoS but not jiffies problem when >25 days
uptime. The bug #169279 is tracking this issue. So this is only FYI entry for
this (closed) bug.