204460 – CVE-2006-4535 Regression with fix for SCTP abort issue

Bug 204460 - CVE-2006-4535 Regression with fix for SCTP abort issue

Summary: CVE-2006-4535 Regression with fix for SCTP abort issue

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	4.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Neil Horman
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:	impact=important,source=vendorsec,rep...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-08-29 10:40 UTC by Marcel Holtmann
Modified:	2012-05-19 23:35 UTC (History)
CC List:	2 users (show)
Fixed In Version:	RHSA-2006-0689
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-10-05 19:20:03 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
massaged version of the patch for RHEL4 (638 bytes, patch) 2006-09-14 13:20 UTC, Neil Horman	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2006:0689	0	normal	SHIPPED_LIVE	Important: kernel security update	2006-10-05 04:00:00 UTC

Description Marcel Holtmann 2006-08-29 10:40:58 UTC

From Sridhar Samudrala:

With the recent fix, the callers of sctp_primitive_ABORT() need to create an
ABORT chunk and pass it as an argument rather than msghdr that was passed earlier.

This is a regression with bug 202122 (CVE-2006-3745).

Comment 2 Marcel Holtmann 2006-09-01 06:10:05 UTC

The regression causes a panic if an SCTP socket has SO_LINGER set with a linger
value of 0 and it is closed.

Comment 3 Neil Horman 2006-09-14 12:23:10 UTC

Looks pretty obvious.  Let me smoke test it quick and I'll post it.

Comment 4 Neil Horman 2006-09-14 13:20:46 UTC

Created attachment 136253 [details]
massaged version of the patch for RHEL4

version of the patch massaged for RHEL4

Comment 5 Jason Baron 2006-09-19 19:33:47 UTC

committed in stream U5 build 42.12. A test kernel with this patch is available
from http://people.redhat.com/~jbaron/rhel4/

Comment 6 Jason Baron 2006-09-26 14:36:46 UTC

committed in stream E5 build 42.0.3

Comment 7 RHEL Program Management 2006-09-27 22:36:20 UTC

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 9 Jay Turner 2006-10-03 13:40:48 UTC

QE ack for 4.5.

Comment 11 Red Hat Bugzilla 2006-10-05 19:20:03 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0689.html

Note You need to log in before you can comment on or make changes to this bug.