OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/net/ipv4
History
Solar Designer 2c8ac66bb2 [NETFILTER]: Fix do_add_counters race, possible oops or info leak (CVE-2006-0039) 
Solar Designer found a race condition in do_add_counters(). The beginning
of paddc is supposed to be the same as tmp which was sanity-checked
above, but it might not be the same in reality. In case the integer
overflow and/or the race condition are triggered, paddc->num_counters
might not match the allocation size for paddc. If the check below
(t->private->number != paddc->num_counters) nevertheless passes (perhaps
this requires the race condition to be triggered), IPT_ENTRY_ITERATE()
would read kernel memory beyond the allocation size, potentially causing
an oops or leaking sensitive data (e.g., passwords from host system or
from another VPS) via counter increments. This requires CAP_NET_ADMIN.

Signed-off-by: Solar Designer <solar@openwall.com>
Signed-off-by: Kirill Korotaev <dev@openvz.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2006-05-19 02:16:52 -07:00
..
ipvs [PATCH] sem2mutex: misc static one-file mutexes 2006-03-26 08:56:55 -08:00
netfilter [NETFILTER]: Fix do_add_counters race, possible oops or info leak (CVE-2006-0039) 2006-05-19 02:16:52 -07:00
Kconfig [INET]: Introduce tunnel4/tunnel6 2006-03-28 17:02:46 -08:00
Makefile [INET]: Introduce tunnel4/tunnel6 2006-03-28 17:02:46 -08:00
af_inet.c [IPV4]: inet_init() -> fs_initcall 2006-04-29 18:33:14 -07:00
ah4.c [IPSEC]: Kill unused decap state argument 2006-04-01 00:52:46 -08:00
arp.c [IPV4]: Possible cleanups. 2006-04-14 15:00:20 -07:00
datagram.c
devinet.c [IPV4]: Possible cleanups. 2006-04-14 15:00:20 -07:00
esp4.c [IPSEC]: Kill unused decap state argument 2006-04-01 00:52:46 -08:00
fib_frontend.c [IPV4]: Possible cleanups. 2006-04-14 15:00:20 -07:00
fib_hash.c [INET_SOCK]: Move struct inet_sock & helper functions to net/inet_sock.h 2006-01-03 13:11:21 -08:00
fib_lookup.h
fib_rules.c [IPV4]: Add fib rule netlink notifications 2006-03-23 01:16:06 -08:00
fib_semantics.c [NETLINK]: illegal use of pid in rtnetlink 2006-02-09 16:43:41 -08:00
fib_trie.c [FIB_TRIE]: Fix leaf freeing. 2006-04-09 22:25:23 -07:00
icmp.c [PATCH] for_each_possible_cpu: network codes 2006-04-11 06:18:31 -07:00
igmp.c [NET]: dev_put/dev_hold cleanup 2006-03-20 22:32:28 -08:00
inet_connection_sock.c [INET]: Fix typo in Arnaldo's connection sock compat fixups. 2006-03-20 22:52:32 -08:00
inet_diag.c [INET_DIAG]: Introduce sk_diag_fill 2006-01-09 14:56:56 -08:00
inet_hashtables.c [IPV4]: Possible cleanups. 2006-04-14 15:00:20 -07:00
inet_timewait_sock.c [TWSK]: Introduce struct timewait_sock_ops 2006-01-03 13:10:54 -08:00
inetpeer.c [NET]: Change some "if (x) BUG();" to "BUG_ON(x);" 2006-01-09 14:16:18 -08:00
ip_forward.c
ip_fragment.c [IPV4] ip_fragment: Always compute hash with ipfrag_lock held. 2006-04-09 22:43:55 -07:00
ip_gre.c [INET]: Use port unreachable instead of proto for tunnels 2006-04-09 22:25:29 -07:00
ip_input.c [IPV4]: Remove likely in ip_rcv_finish() 2006-05-06 18:11:39 -07:00
ip_options.c [IPV4]: ip_options_fragment() has no effect on fragmentation 2006-05-09 15:18:50 -07:00
ip_output.c [PATCH] ip_output: account for fraggap when checking to add trailer_len 2006-04-14 16:04:18 -07:00
ip_sockglue.c [NET]: Identation & other cleanups related to compat_[gs]etsockopt cset 2006-03-20 22:48:35 -08:00
ipcomp.c [NET]: Remove redundant NULL checks before [kv]free 2006-04-18 15:57:55 -07:00
ipconfig.c [NET]: Convert RTNL to mutex. 2006-03-20 22:23:58 -08:00
ipip.c [INET]: Move no-tunnel ICMP error to tunnel4/tunnel6 2006-04-09 22:25:25 -07:00
ipmr.c [NET]: dev_put/dev_hold cleanup 2006-03-20 22:32:28 -08:00
multipath.c
multipath_drr.c
multipath_random.c
multipath_rr.c
multipath_wrandom.c [IPV4] multipath_wrandom: Fix softirq-unsafe spin lock usage 2006-02-02 16:59:16 -08:00
netfilter.c [NETFILTER]: Add address family specific checksum helpers 2006-04-09 22:25:41 -07:00
proc.c [PATCH] for_each_possible_cpu: network codes 2006-04-11 06:18:31 -07:00
protocol.c
raw.c [NET]: Identation & other cleanups related to compat_[gs]etsockopt cset 2006-03-20 22:48:35 -08:00
route.c [IPV4]: ip_route_input panic fix 2006-04-17 17:27:11 -07:00
syncookies.c [ICSK]: Rename struct tcp_func to struct inet_connection_sock_af_ops 2006-01-03 13:10:38 -08:00
sysctl_net_ipv4.c [TCP]: sysctl to allow TCP window > 32767 sans wscale 2006-03-20 22:40:29 -08:00
tcp.c [TCP]: Fix sock_orphan dead lock 2006-05-03 23:31:35 -07:00
tcp_bic.c
tcp_cong.c [TCP]: Fix RFC2465 typo. 2006-03-28 17:02:47 -08:00
tcp_cubic.c [TCP] cubic: use Newton-Raphson 2006-01-03 13:11:09 -08:00
tcp_diag.c
tcp_highspeed.c [TCP]: Fix snd_cwnd adjustments in tcp_highspeed.c 2006-05-05 17:41:44 -07:00
tcp_htcp.c [TCP] H-TCP: Better time accounting 2006-03-20 22:23:10 -08:00
tcp_hybla.c
tcp_input.c [TCP]: reno sacked_out count fix 2006-05-16 21:42:11 -07:00
tcp_ipv4.c [IPV4]: Possible cleanups. 2006-04-14 15:00:20 -07:00
tcp_minisocks.c [IPV6]: Introduce inet6_timewait_sock 2006-01-03 13:10:47 -08:00
tcp_output.c [TCP]: Fix unlikely usage in tcp_transmit_skb() 2006-04-29 18:33:19 -07:00
tcp_scalable.c
tcp_timer.c [TCP]: MTU probing 2006-03-20 17:53:41 -08:00
tcp_vegas.c [TCP] tcp_vegas: Fix slow start 2006-01-04 13:59:32 -08:00
tcp_westwood.c
tunnel4.c [INET]: Move no-tunnel ICMP error to tunnel4/tunnel6 2006-04-09 22:25:25 -07:00
udp.c [NET]: Identation & other cleanups related to compat_[gs]etsockopt cset 2006-03-20 22:48:35 -08:00
xfrm4_input.c [INET]: Move no-tunnel ICMP error to tunnel4/tunnel6 2006-04-09 22:25:25 -07:00
xfrm4_output.c [IPSEC]: Fix IP ID selection 2006-04-29 18:33:16 -07:00
xfrm4_policy.c [IPSEC]: Use TOS when doing tunnel lookups 2006-02-23 16:19:26 -08:00
xfrm4_state.c [XFRM]: IPsec tunnel wildcard address support 2006-01-13 14:34:36 -08:00
xfrm4_tunnel.c [IPSEC]: Kill unused decap state argument 2006-04-01 00:52:46 -08:00