Re: [stable] Re: [patch 6/6] [NETFILTER]: Fix another crash in ip_nat_pptp (CVE-2006-0037)

On Thu, Feb 09, 2006 at 09:08:19PM -0800, Greg KH wrote:
> On Thu, Feb 09, 2006 at 08:57:29PM -0800, Andrew Morton wrote:
> > Greg KH <[email protected]> wrote:
> > >
> > > On Wed, Feb 08, 2006 at 01:35:41PM +0100, Holger Eitzenberger wrote:
> > > > On Fri, Jan 27, 2006 at 06:18:35PM -0800, Greg KH wrote:
> > > > 
> > > > >  	DEBUGP("altering call id from 0x%04x to 0x%04x\n",
> > > > > -		ntohs(*cid), ntohs(new_callid));
> > > > > +		ntohs(*(u_int16_t *)pptpReq + cid_off), ntohs(new_callid));
> > > > 
> > > > Note that this fix introduces another bug in the above use DEBUGP
> > > > statement, as there is (u_int16_t *) ptr arithmetic used, whereas
> > > > cid_off is a byte offset.
> > > > 
> > > > A fix for that was send a few weeks ago on netfilter-devel.
> > > 
> > > Great, care to forward it to [email protected] so we can get it in the
> > > next release?
> > > 
> > 
> > I have a copy of the patch and I'll cc stable@ on it.  Although afaik this
> > bug just causes wrong debug info to come out, so I don't think it's
> > terribly important (?)
> 
> If that's the only problem with it, no it's not worth adding to -stable.

Yes, this patch only fixes code in DEBUG statements.  Debug can only be
enabled at compile time, so I agree it's not a candidate for -stable.

-- 
- Harald Welte <[email protected]>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

Attachment: pgpfWowaAf0yX.pgp
Description: PGP signature

---

• References:
  • [patch 6/6] [NETFILTER]: Fix another crash in ip_nat_pptp (CVE-2006-0037)
    • From: Greg KH <[email protected]>
  • Re: [patch 6/6] [NETFILTER]: Fix another crash in ip_nat_pptp (CVE-2006-0037)
    • From: Holger Eitzenberger <[email protected]>
  • Re: [stable] Re: [patch 6/6] [NETFILTER]: Fix another crash in ip_nat_pptp (CVE-2006-0037)
    • From: Greg KH <[email protected]>
  • Re: [stable] Re: [patch 6/6] [NETFILTER]: Fix another crash in ip_nat_pptp (CVE-2006-0037)
    • From: Andrew Morton <[email protected]>
  • Re: [stable] Re: [patch 6/6] [NETFILTER]: Fix another crash in ip_nat_pptp (CVE-2006-0037)
    • From: Greg KH <[email protected]>

• Prev by Date: Re: Taking a break from Kernel Traffic
• Next by Date: Linux 2.6.15.4
• Previous by thread: Re: [stable] Re: [patch 6/6] [NETFILTER]: Fix another crash in ip_nat_pptp (CVE-2006-0037)
• Next by thread: [patch 1/6] setting irq affinity is broken in ia32 with MSI enabled
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]