Re: [stable] [patch 29/37] dvb-core: Proper handling ULE SNDU length of 0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Sep 07, 2006 at 02:57:56PM +0200, Marcel Holtmann wrote:
> Hi Greg,
> 
> > ULE (Unidirectional Lightweight Encapsulation RFC 4326) decapsulation
> > code has a bug that allows an attacker to send a malformed ULE packet
> > with SNDU length of 0 and bring down the receiving machine. This patch
> > fix the bug and has been tested on version 2.6.17.11. This bug is 100%
> > reproducible and the modified source code (GPL) used to produce this bug
> > will be posted on http://nrg.cs.usm.my/downloads.htm shortly.  The
> > kernel will produce a dump during CRC32 checking on faulty ULE packet.
> 
> the upstream code changed for 2.6.18. It has a different way of
> addressing this issue, but it also changes a lot of other stuff in the
> whole code. However it might be worth looking at it, because the
> upstream code might be still vulnerable.

So we should not take this patch for 2.6.17.y?  Do you have a different
patch we should use instead?

thanks,

greg k-h
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux