[oss-security] CVE request -- kernel: deficiency in processing igmp host membership reports in br_multicast

From: Petr Matousek <pmatouse_at_nospam>
Date: Thu Feb 17 2011 - 00:09:32 GMT
To: oss-security@lists.openwall.com

"It was found that executing bridge snooping code triggered by host
originated IGMP packets could cause corruption in 512-byte slabs,
most commonly leading to crashes in jbd2. This could be possibly
exploited by local unprivileged user to crash the host (DoS)."

References:
https://bugzilla.redhat.com/show_bug.cgi?id=678169
http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=6b0d6a9b4296fa16a28d10d416db7a770fc03287

Thanks,
-- Petr Matousek / Red Hat Security Response Team

This message: [ Message body ]
Next message: Eugene Teo: "Re: [oss-security] CVE request -- kernel: deficiency in processing igmp host membership reports in br_multicast"
Previous message: Moritz Muehlenhoff: "Re: [oss-security] CVE request - kernel: bridge br_multicast NULL pointer dereference"
Next in thread: Eugene Teo: "Re: [oss-security] CVE request -- kernel: deficiency in processing igmp host membership reports in br_multicast"
Reply: Eugene Teo: "Re: [oss-security] CVE request -- kernel: deficiency in processing igmp host membership reports in br_multicast"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]