Hi guys,
I am putting together a database of errata for Linux 2.4.x. It will have
individual patches for each major bug (at the moment thats just security
flaws) and a mega-patch for each version. I am starting on kernel 2.4.9
for no other reason as this is what I currently use...
This is what I have so far for 2.4.9:
1. Netfilter mac address matching bug
2. ptrace race condition
3. symlink DoS
4. syncookie/netfilter bug
5. Netfilter FTP conntrack bug (can someone confirm this ??)
I have patches only for item 1 at the moment. I can rip out the patch
for 3 and possibly 4. If there is interest I will post a URL to them
here.
Does anyone here know of any other issues in this kernel (or newer
kernels) or have access to any of the patches I am missing? You can mail
patches to me directly if they are big or you feel they are irrelivant
to the list.
Thanks
--
// Gianni Tedesco <[email protected]>
80% of all email is a figment of procmails imagination.
On 1 Dec 2001, Gianni Tedesco wrote:
> Hi guys,
>
> I am putting together a database of errata for Linux 2.4.x. It will have
> individual patches for each major bug (at the moment thats just security
> flaws) and a mega-patch for each version. I am starting on kernel 2.4.9
> for no other reason as this is what I currently use...
>
> This is what I have so far for 2.4.9:
> 1. Netfilter mac address matching bug
> 2. ptrace race condition
> 3. symlink DoS
> 4. syncookie/netfilter bug
> 5. Netfilter FTP conntrack bug (can someone confirm this ??)
#5 was fixed in 2.4.5 I believe.
/Martin
Never argue with an idiot. They drag you down to their level, then beat you with experience.
Martin Josefsson <[email protected]> writes:
> > This is what I have so far for 2.4.9:
> > 1. Netfilter mac address matching bug
> > 2. ptrace race condition
> > 3. symlink DoS
> > 4. syncookie/netfilter bug
> > 5. Netfilter FTP conntrack bug (can someone confirm this ??)
>
> #5 was fixed in 2.4.5 I believe.
There are rumours about a buffer overflow in the PASV command, which
was silently fixed (it's not related to earlier FTP connection
tracking problems which could lead to filter evasion).
--
Florian Weimer [email protected]
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898