* Re: [Bugme-new] [Bug 8284] New: IPsec anti-replay window management flaw
[not found] <200703300806.l2U86HLU019078@fire-2.osdl.org>
@ 2007-03-30 8:14 ` Andrew Morton
0 siblings, 0 replies; only message in thread
From: Andrew Morton @ 2007-03-30 8:14 UTC (permalink / raw)
To: netdev; +Cc: bugme-daemon@kernel-bugs.osdl.org, didier.schrapf
On Fri, 30 Mar 2007 01:06:17 -0700 bugme-daemon@bugzilla.kernel.org wrote:
> http://bugzilla.kernel.org/show_bug.cgi?id=8284
>
> Summary: IPsec anti-replay window management flaw
> Kernel Version: 2.6.20.4
> Status: NEW
> Severity: normal
> Owner: shemminger@osdl.org
> Submitter: didier.schrapf@alcatelaleniaspace.com
>
>
> The IPsec ESP/AH anti-replay window size is configurable, 64 being the value
> recommended by RFC 2406.
> Linux kernels use a 32 bit bitmap to check whether a sequence number has
> already been received.
>
> When a packet is received, if its seq is lower than the greatest received seq,
> and if the difference is greater than 32, the check doesn't work.
> This constitutes a security flaw.
>
> The faulty code is in net/xfrm/xfrm-state.c, functions xfrm_replay_check() and
> xfrm_replay_advance().
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2007-03-30 8:15 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <200703300806.l2U86HLU019078@fire-2.osdl.org>
2007-03-30 8:14 ` [Bugme-new] [Bug 8284] New: IPsec anti-replay window management flaw Andrew Morton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).