Bug 1424751 (CVE-2017-2634) - CVE-2017-2634 kernel: dccp: crash while sending ipv6 reset packet
Summary: CVE-2017-2634 kernel: dccp: crash while sending ipv6 reset packet
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2017-2634
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 1424753 (view as bug list)
Depends On: 1425177 1426298 1426307 1426309 1426311 1426507
Blocks: 1426501
TreeView+ depends on / blocked
 
Reported: 2017-02-19 07:27 UTC by Wade Mealing
Modified: 2019-09-29 14:07 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system.
Clone Of:
: 1426298 1426307 (view as bug list)
Environment:
Last Closed: 2019-06-08 03:07:54 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:0323 normal SHIPPED_LIVE Important: kernel security update 2017-02-24 20:56:33 UTC
Red Hat Product Errata RHSA-2017:0346 normal SHIPPED_LIVE Important: kernel security and bug fix update 2017-02-28 20:03:22 UTC
Red Hat Product Errata RHSA-2017:0347 normal SHIPPED_LIVE Important: kernel security and bug fix update 2017-02-28 20:03:15 UTC

Description Wade Mealing 2017-02-19 07:27:01 UTC
A flaw was found in the linux kernels implementation of DCCP protocol in which a an application making a DCCP connection over IPV6 could crash a remote (or local) system.  When attempting to send a DCCP reset packet, the system will incorrectly create the packet header and while updating the SNMP counters for this condition crash the kernel. The remote system would need to have both an application running as a DCCP server and have an IPV6 address routable.

This can result in the system crash or denial of service.

Upstream fix:

https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=f53dc67c5e7babafe239b93a11678b0e05bead51

Comment 13 Wade Mealing 2017-02-24 04:21:55 UTC
*** Bug 1424753 has been marked as a duplicate of this bug. ***

Comment 14 Wade Mealing 2017-02-24 04:44:32 UTC
Statement:

This issue affects Red Hat Enterprise Linux 5 kernel.  This issue was fixed in a versions 6 and 7 prior to this issue being raised.

Future Linux kernel updates for Red Hat Enterprise Linux 5 may address this issue.

Comment 15 Wade Mealing 2017-02-24 04:45:54 UTC
Acknowledgment:

Name: Wade Mealing (Red Hat Product Security)

Comment 18 errata-xmlrpc 2017-02-24 15:58:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2017:0323 https://rhn.redhat.com/errata/RHSA-2017-0323.html

Comment 20 errata-xmlrpc 2017-02-28 15:04:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5.6 Long Life

Via RHSA-2017:0347 https://rhn.redhat.com/errata/RHSA-2017-0347.html

Comment 21 errata-xmlrpc 2017-02-28 15:07:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5.9 Long Life

Via RHSA-2017:0346 https://rhn.redhat.com/errata/RHSA-2017-0346.html


Note You need to log in before you can comment on or make changes to this bug.