Bug 634976 – icmpmsg_put() in kernel writes beyond array bounds, leading to junk in /proc/net/snmp and memory corruption [rhel-5.5.z]

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 634976 - icmpmsg_put() in kernel writes beyond array bounds, leading to junk in /proc/net/snmp and memory corruption [rhel-5.5.z]

Summary:	icmpmsg_put() in kernel writes beyond array bounds, leading to junk in /proc/...

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	kernel (Show other bugs)
Sub Component:
Version:	5.5
Hardware:	All Linux

Priority	urgent Severity high
Target Milestone:	rc
Target Release:	---
Assigned To:	Jiri Pirko
QA Contact:	Red Hat Kernel QE team
Docs Contact:

URL:
Whiteboard:
Keywords:	ZStream

Depends On:	601391
Blocks:
	Show dependency tree / graph

Reported:	2010-09-17 09:26 EDT by RHEL Product and Program Management
Modified:	2015-05-04 21:21 EDT (History)
CC List:	13 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Previously, receiving 8 or more different types of ICMP packets corrupted the kernel memory. This was caused by a flaw in net/ipv4/proc.c. With this update, kernel memory is no longer corrupted when receiving 8 or more different types of ICMP packets.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2010-11-09 13:07:50 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2010:0839	normal	SHIPPED_LIVE	Moderate: kernel security and bug fix update	2010-11-09 13:06:20 EST

Groups: None (edit)

Description RHEL Product and Program Management 2010-09-17 09:26:01 EDT

This bug has been copied from bug #601391 and has been proposed
to be backported to 5.5 z-stream (EUS).

Comment 2 Jiri Pirko 2010-10-11 04:55:19 EDT

in kernel 2.6.18-194.20.1.el5

linux-2.6-net-ipv4-fix-buffer-overflow-in-icmpmsg_put.patch

Comment 8 errata-xmlrpc 2010-11-09 13:07:50 EST

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2010-0839.html

Comment 9 Martin Prpič 2010-11-11 09:06:21 EST

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, receiving 8 or more different types of ICMP packets corrupted the kernel memory. This was caused by a flaw in net/ipv4/proc.c. With this update, kernel memory is no longer corrupted when receiving 8 or more different types of ICMP packets.

Note You need to log in before you can comment on or make changes to this bug.