rpms/kernel/F-10 linux-2.6-net-atm-CVE-2008-5079.patch, NONE, 1.1 kernel.spec, 1.1178, 1.1179
Chuck Ebbert
cebbert at fedoraproject.org
Tue Dec 9 03:53:13 UTC 2008
- Previous message (by thread): rpms/gtk-sharp2/devel gtk-sharp2.spec,1.36,1.37
- Next message (by thread): rpms/nspluginwrapper/F-10 .cvsignore, 1.8, 1.9 nspluginwrapper.spec, 1.67, 1.68 sources, 1.13, 1.14 nspluginwrapper-1.1.8-fix-invalid-RPC-after-NPP_Destroy.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: cebbert
Update of /cvs/pkgs/rpms/kernel/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15072
Modified Files:
kernel.spec
Added Files:
linux-2.6-net-atm-CVE-2008-5079.patch
Log Message:
ATM security fix (CVE-2008-5079)
linux-2.6-net-atm-CVE-2008-5079.patch:
--- NEW FILE linux-2.6-net-atm-CVE-2008-5079.patch ---
From: Chas Williams <chas at cmf.nrl.navy.mil>
Date: Thu, 4 Dec 2008 22:58:13 +0000 (-0800)
Subject: ATM: CVE-2008-5079: duplicate listen() on socket corrupts the vcc table
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fdavem%2Fnet-2.6.git;a=commitdiff_plain;h=17b24b3c97498935a2ef9777370b1151dfed3f6f
ATM: CVE-2008-5079: duplicate listen() on socket corrupts the vcc table
As reported by Hugo Dias that it is possible to cause a local denial
of service attack by calling the svc_listen function twice on the same
socket and reading /proc/net/atm/*vc
Signed-off-by: Chas Williams <chas at cmf.nrl.navy.mil>
Signed-off-by: David S. Miller <davem at davemloft.net>
---
diff --git a/net/atm/svc.c b/net/atm/svc.c
index de1e4f2..8fb54dc 100644
--- a/net/atm/svc.c
+++ b/net/atm/svc.c
@@ -293,7 +293,10 @@ static int svc_listen(struct socket *sock,int backlog)
error = -EINVAL;
goto out;
}
- vcc_insert_socket(sk);
+ if (test_bit(ATM_VF_LISTEN, &vcc->flags)) {
+ error = -EADDRINUSE;
+ goto out;
+ }
set_bit(ATM_VF_WAITING, &vcc->flags);
prepare_to_wait(sk->sk_sleep, &wait, TASK_UNINTERRUPTIBLE);
sigd_enq(vcc,as_listen,NULL,NULL,&vcc->local);
@@ -307,6 +310,7 @@ static int svc_listen(struct socket *sock,int backlog)
goto out;
}
set_bit(ATM_VF_LISTEN,&vcc->flags);
+ vcc_insert_socket(sk);
sk->sk_max_ack_backlog = backlog > 0 ? backlog : ATM_BACKLOG_DEFAULT;
error = -sk->sk_err;
out:
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-10/kernel.spec,v
retrieving revision 1.1178
retrieving revision 1.1179
diff -u -r1.1178 -r1.1179
--- kernel.spec 8 Dec 2008 07:59:26 -0000 1.1178
+++ kernel.spec 9 Dec 2008 03:52:37 -0000 1.1179
@@ -680,6 +680,8 @@
# r8169 fixes
Patch2005: linux-2.6-netdev-r8169-2.6.28.patch
+# ATM security fix
+Patch2006: linux-2.6-net-atm-CVE-2008-5079.patch
# Make Eee laptop driver suck less
Patch2011: linux-2.6-eeepc-laptop-update.patch
@@ -1280,6 +1282,8 @@
ApplyPatch linux-2.6-netdev-r8169-2.6.28.patch
+ApplyPatch linux-2.6-net-atm-CVE-2008-5079.patch
+
ApplyPatch linux-2.6-eeepc-laptop-update.patch
ApplyPatch linux-2.6-toshiba-acpi-update.patch
@@ -1907,6 +1911,9 @@
%kernel_variant_files -k vmlinux %{with_kdump} kdump
%changelog
+* Mon Dec 08 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.27.8-143
+- ATM security fix (CVE-2008-5079)
+
* Mon Dec 08 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.27.8-142
- Scheduler fixes from 2.6.28
- Previous message (by thread): rpms/gtk-sharp2/devel gtk-sharp2.spec,1.36,1.37
- Next message (by thread): rpms/nspluginwrapper/F-10 .cvsignore, 1.8, 1.9 nspluginwrapper.spec, 1.67, 1.68 sources, 1.13, 1.14 nspluginwrapper-1.1.8-fix-invalid-RPC-after-NPP_Destroy.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list