CVE-2005-3275 states: The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service (memory corruption) by causing two packets for the same protocol to be NATed at the same time, which leads to memory corruption. http://linux.bkbits.net:8080/linux-2.4/cset@42ed94a6GH4Evdcy1opShq3w0GHUWQ This issue was already fixed in EL4 in linux-2.6.12-network.patch but not in EL3 which looks vulnerable to this issue.
RHEL3 looks vulnerable to me, too.
Reassigning to Don at Linda's request.
A fix for this problem has just been committed to the RHEL3 U7 patch pool this evening (in kernel version 2.4.21-37.8.EL).
A fix for this problem has also been committed to the RHEL3 E7 patch pool this evening (in kernel version 2.4.21-37.0.1.EL).
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2006-0140.html