diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2007-04-30 17:18:40 +0000 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2007-04-30 17:18:40 +0000 |
| commit | b995fda901e16dd7fc4a12d05c7d728ffb8797eb (patch) | |
| tree | 364ebb56aab6c536576ef4051cf5923b7c60c47a /ignored/CVE-2005-4440 | |
| parent | a7d7adb819f329fecd6d48e9af34d4f21c1c49d4 (diff) | |
move VLAN protocol bug entries to ignored/
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@777 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'ignored/CVE-2005-4440')
| -rw-r--r-- | ignored/CVE-2005-4440 | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/ignored/CVE-2005-4440 b/ignored/CVE-2005-4440 new file mode 100644 index 00000000..4c89f972 --- /dev/null +++ b/ignored/CVE-2005-4440 @@ -0,0 +1,40 @@ +Candidate: CVE-2005-4440 +References: + http://www.securityfocus.com/archive/1/archive/1/419831/100/0/threaded + http://www.securityfocus.com/archive/1/archive/1/419834/100/0/threaded + http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040333.html +Description: + The 802.1q VLAN protocol allows remote attackers to bypass network segmentation and spoof VLAN traffic + via a message with two 802.1q tags, which causes the second tag to be redirected from a downstream + switch after the first tag has been stripped, as demonstrated by Yersinia, aka "double-tagging VLAN + jumping attack." +Notes: + Quoting Horms: + I've taken a quick look at this. I don't think that 1. (VLAN jumping) effects + Linux because of the following line near the bottom of vlan_skb_recv(). + . + skb->protocol = __constant_htons(ETH_P_802_2); + . + I'm looking at Linus' Git tree as of this morning, + but I don't think there have been any relevnant changes + since Git began at 2.6.12-rc2. + . + This seems to imply that further processing will treat the packet + as an ethernet frame. Though I need to double check that it + can't be passed back into the vlan code. I'm doing that now, + but in about 15 minutes I have to leave, and I'll be on + leave for 6 days. At home, and possibly looking into this problem, + but not at my desk working sensible hours. + . + As for 2 (PVLAN jumping). I haven't looked into that yet but + it seems quite plausible. + . + dannf> Horms believes these to be protocol bugs - they are legal + dannf> things to do. Therefore, we're gonna ignore them for the sarge2 + dannf> series of kernels & follow what upstream does. +Bugs: +upstream: +linux-2.6: +2.6.8-sarge-security: ignored (2.6.8-16sarge5) +2.4.27-sarge-security: ignored (2.4.27-10sarge4) +2.6.18-etch-security: |