summaryrefslogtreecommitdiffstats
path: root/ignored
diff options
context:
space:
mode:
authorMoritz Muehlenhoff <jmm@debian.org>2007-04-30 17:18:40 +0000
committerMoritz Muehlenhoff <jmm@debian.org>2007-04-30 17:18:40 +0000
commitb995fda901e16dd7fc4a12d05c7d728ffb8797eb (patch)
tree364ebb56aab6c536576ef4051cf5923b7c60c47a /ignored
parenta7d7adb819f329fecd6d48e9af34d4f21c1c49d4 (diff)
move VLAN protocol bug entries to ignored/
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@777 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'ignored')
-rw-r--r--ignored/CVE-2005-444040
-rw-r--r--ignored/CVE-2005-444144
2 files changed, 84 insertions, 0 deletions
diff --git a/ignored/CVE-2005-4440 b/ignored/CVE-2005-4440
new file mode 100644
index 00000000..4c89f972
--- /dev/null
+++ b/ignored/CVE-2005-4440
@@ -0,0 +1,40 @@
+Candidate: CVE-2005-4440
+References:
+ http://www.securityfocus.com/archive/1/archive/1/419831/100/0/threaded
+ http://www.securityfocus.com/archive/1/archive/1/419834/100/0/threaded
+ http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040333.html
+Description:
+ The 802.1q VLAN protocol allows remote attackers to bypass network segmentation and spoof VLAN traffic
+ via a message with two 802.1q tags, which causes the second tag to be redirected from a downstream
+ switch after the first tag has been stripped, as demonstrated by Yersinia, aka "double-tagging VLAN
+ jumping attack."
+Notes:
+ Quoting Horms:
+ I've taken a quick look at this. I don't think that 1. (VLAN jumping) effects
+ Linux because of the following line near the bottom of vlan_skb_recv().
+ .
+ skb->protocol = __constant_htons(ETH_P_802_2);
+ .
+ I'm looking at Linus' Git tree as of this morning,
+ but I don't think there have been any relevnant changes
+ since Git began at 2.6.12-rc2.
+ .
+ This seems to imply that further processing will treat the packet
+ as an ethernet frame. Though I need to double check that it
+ can't be passed back into the vlan code. I'm doing that now,
+ but in about 15 minutes I have to leave, and I'll be on
+ leave for 6 days. At home, and possibly looking into this problem,
+ but not at my desk working sensible hours.
+ .
+ As for 2 (PVLAN jumping). I haven't looked into that yet but
+ it seems quite plausible.
+ .
+ dannf> Horms believes these to be protocol bugs - they are legal
+ dannf> things to do. Therefore, we're gonna ignore them for the sarge2
+ dannf> series of kernels & follow what upstream does.
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security: ignored (2.6.8-16sarge5)
+2.4.27-sarge-security: ignored (2.4.27-10sarge4)
+2.6.18-etch-security:
diff --git a/ignored/CVE-2005-4441 b/ignored/CVE-2005-4441
new file mode 100644
index 00000000..642e3a14
--- /dev/null
+++ b/ignored/CVE-2005-4441
@@ -0,0 +1,44 @@
+Candidate: CVE-2005-4441
+References:
+ BUGTRAQ:20051219 Making unidirectional VLAN and PVLAN jumping bidirectional
+ URL:http://www.securityfocus.com/archive/1/archive/1/419831/100/0/threaded
+ BUGTRAQ:20051219 Re: Making unidirectional VLAN and PVLAN jumping bidirectional
+ URL:http://www.securityfocus.com/archive/1/archive/1/419834/100/0/threaded
+ FULLDISC:20051219 Making unidirectional VLAN and PVLAN jumping bidirectional
+ URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040333.html
+Description:
+ The PVLAN protocol allows remote attackers to bypass network segmentation and
+ spoof PVLAN traffic via a PVLAN message with a target MAC address that is set
+ to a gateway router, which causes the packet to be sent to the router, where
+ the source MAC is modified, aka "Modification of the MAC spoofing PVLAN
+ jumping attack," as demonstrated by pvlan.c.
+Notes:
+ Quoting Horms:
+ I've taken a quick look at this. I don't think that 1. (VLAN jumping) effects
+ Linux because of the following line near the bottom of vlan_skb_recv().
+ .
+ skb->protocol = __constant_htons(ETH_P_802_2);
+ .
+ I'm looking at Linus' Git tree as of this morning,
+ but I don't think there have been any relevnant changes
+ since Git began at 2.6.12-rc2.
+ .
+ This seems to imply that further processing will treat the packet
+ as an ethernet frame. Though I need to double check that it
+ can't be passed back into the vlan code. I'm doing that now,
+ but in about 15 minutes I have to leave, and I'll be on
+ leave for 6 days. At home, and possibly looking into this problem,
+ but not at my desk working sensible hours.
+ .
+ As for 2 (PVLAN jumping). I haven't looked into that yet but
+ it seems quite plausible.
+ .
+ dannf> Horms believes these to be protocol bugs - they are legal
+ dannf> things to do. Therefore, we're gonna ignore them for the sarge2
+ dannf> series of kernels & follow what upstream does.
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security: ignored (2.6.8-16sarge5)
+2.4.27-sarge-security: ignored (2.4.27-10sarge4)
+2.6.18-etch-security:

© 2014-2024 Faster IT GmbH | imprint | privacy policy