Bug 168803 - CAN-2005-2457, -2548 Linux Kernel Denial of Service
CAN-2005-2457, -2548 Linux Kernel Denial of Service
Status: CLOSED DUPLICATE of bug 157459
Product: Fedora Legacy
Classification: Retired
Component: kernel (Show other bugs)
fc2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
http://www.securityfocus.com/bid/14614
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-09-20 09:42 EDT by John Dalbec
Modified: 2007-04-18 13:31 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-11-18 01:05:55 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Dalbec 2005-09-20 09:42:34 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20050729 Netscape/8.0.3.3

Description of problem:
05.34.5 CVE: CAN-2005-2457
Platform: Linux
Title: Linux Kernel ISO File System Denial of Service
Description: The Linux kernel driver for compressed ISO file systems
is prone to a denial of service vulnerability. A malicious user may
create a compressed ISO file system containing data that will trigger
the exploit. Upon successful exploitation of this vulnerability, the
kernel will attempt to mount this image, and will cause the Linux
kernel to crash. Various versions of the kernel are vulnerable.
Ref: http://www.securityfocus.com/bid/14614 

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try


Additional info:
Comment 1 John Dalbec 2005-09-20 09:43:24 EDT
05.34.6 CVE: CAN-2005-2548
Platform: Linux
Title: Linux Kernel SNMP Handler Denial of Service
Description: The Linux kernel is prone to an SNMP handler denial of
service vulnerability. Linux kernel versions 2.6.8 rc2 and earlier are
known to be vulnerable.
Ref: http://lists.debian.org/debian-kernel/2005/08/msg00418.html 
Comment 2 John Dalbec 2005-09-21 10:22:17 EDT
05.37.8 CVE: CAN-2005-2802
Platform: Linux
Title: Linux Kernel Netfilter ipt_recent Remote Denial of Service
Description: The Netfilter project maintains the packet filter
component of the Linux kernel. The "ipt_recent" module can be used
with Netfilter to verify if a source address has been recently seen.
The "ipt_recent" module in the Linux Kernel is reported prone to a
local denial of service vulnerability which can be exploited by
sending specially crafted packets such as packets used to carry out an
SSH brute force attack. Linux Kernel versions 2.6.8 and 2.6.10 are
vulnerable.
Ref: http://www.securityfocus.com/advisories/9223
Comment 3 David Eisenstein 2005-11-17 20:52:52 EST
Hey John, Pekka, et al., 

Why don't we combine this bug with bug # 157459, "CAN-2005-1263 Linux kernel ELF
core dump privilege elevation", adding the three above advisories to it, call
157459 "Linux Kernel multiple vulnerabilities (CAN-2005-1263, CAN-2005-2457,
CAN-2005-2548, CAN-2005-2802)" and close this bug DUPLICATE of 157459?  Or 
combine that bug with this one, closing that one as a duplicate?  

That way we can track all kernel security issues in on bug ticket #.
Comment 4 Pekka Savola 2005-11-18 01:05:55 EST
Seems to make sense..

*** This bug has been marked as a duplicate of 157459 ***

Note You need to log in before you can comment on or make changes to this bug.