From: Thomas Dreibholz <dreibh@iem.uni-due.de>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Vlad Yasevich <vladislav.yasevich@hp.com>,
bugzilla-daemon@bugzilla.kernel.org, netdev@vger.kernel.org,
Sridhar Samudrala <sri@us.ibm.com>,
linux-sctp@vger.kernel.org, stable@kernel.org,
David Miller <davem@davemloft.net>,
Martin Becke <martin.becke@uni-due.de>
Subject: Re: [Bugme-new] [Bug 18592] New: Remote/local Denial of Service vulnerability in SCTP packet/chunk handling
Date: Sat, 18 Sep 2010 16:11:03 +0200 [thread overview]
Message-ID: <201009181611.05665.dreibh@iem.uni-due.de> (raw)
In-Reply-To: <4C916615.4060400@hp.com>
On Donnerstag 16 September 2010, Vlad Yasevich wrote:
> On 09/15/2010 03:43 PM, Andrew Morton wrote:
> > Thanks, but please send patches via email, not via bugzilla.
> > Documentation/SubmittingPatches has some tips. Suitable recipients for
> > this patch are, from the MAINTAINERS file:
> >
> > M: Vlad Yasevich <vladislav.yasevich@hp.com>
> > M: Sridhar Samudrala <sri@us.ibm.com>
> > L: linux-sctp@vger.kernel.org
> >
> > but please just send it as a reply-to-all to this email so that everyone
> > knows wht's happening.
> >
> > I'd suggest that you also add the line
> >
> > Cc: <stable@kernel.org>
> >
> > to the end of the changelog so that we don't forget to consider the
> > patch for backporting.
>
> Hi Andrew
>
> There is a much simpler solution to this problem that I posted to netdev
> today.
Dear all,
Vlad's patch solves the problem. I hope this patch can go into the mailine
kernel soon, in order to get distribution kernels fixed as soon as possible. It
is relatively easy to trigger the denial of service problem, making all
systems providing SCTP-based services vulnerable to a remote DoS attack.
I have also been able to reproduce the problem with kernel 2.6.32, i.e. at
least all kernels from 2.6.32 to 2.6.36 are affected.
Best regards
--
=======================================================================
Dr. Thomas Dreibholz
University of Duisburg-Essen, Room ES210
Inst. for Experimental Mathematics Ellernstraße 29
Computer Networking Technology Group D-45326 Essen/Germany
-----------------------------------------------------------------------
E-Mail: dreibh@iem.uni-due.de
Homepage: http://www.iem.uni-due.de/~dreibh
=======================================================================
next prev parent reply other threads:[~2010-09-18 14:15 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <bug-18592-10286@https.bugzilla.kernel.org/>
2010-09-15 19:43 ` [Bugme-new] [Bug 18592] New: Remote/local Denial of Service vulnerability in SCTP packet/chunk handling Andrew Morton
2010-09-16 0:34 ` Vlad Yasevich
2010-09-18 14:11 ` Thomas Dreibholz [this message]
2010-09-23 18:05 ` [stable] " Greg KH
2010-09-23 19:21 ` David Miller
2010-09-23 19:37 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201009181611.05665.dreibh@iem.uni-due.de \
--to=dreibh@iem.uni-due.de \
--cc=akpm@linux-foundation.org \
--cc=bugzilla-daemon@bugzilla.kernel.org \
--cc=davem@davemloft.net \
--cc=linux-sctp@vger.kernel.org \
--cc=martin.becke@uni-due.de \
--cc=netdev@vger.kernel.org \
--cc=sri@us.ibm.com \
--cc=stable@kernel.org \
--cc=vladislav.yasevich@hp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).