diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2007-05-17 21:14:30 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2007-05-17 21:14:30 +0000 |
commit | 99842ac3ea998bbe81aeb4076ee583a53c076137 (patch) | |
tree | 72c619a71d643642c266106b3b6c543a975c2c35 /retired/CVE-2002-0704 | |
parent | 25dec8464d36974de6ad9033fbf1c79479a2b28a (diff) |
retire CVE-2002-0704
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@827 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2002-0704')
-rw-r--r-- | retired/CVE-2002-0704 | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/retired/CVE-2002-0704 b/retired/CVE-2002-0704 new file mode 100644 index 00000000..3dbe1d3a --- /dev/null +++ b/retired/CVE-2002-0704 @@ -0,0 +1,51 @@ +Candidate: CVE-2002-0704 +References: + BUGTRAQ:20020508 [CARTSA-20020402] Linux Netfilter NAT/ICMP code information leak + REDHAT:RHSA-2002:086 + MANDRAKE:MDKSA-2002:030 + HP:HPSBTL0205-039 + XF: linux-netfilter-information-leak(9043) + BID:4699 +Description: + The Network Address Translation (NAT) capability for Netfilter ("iptables") + 1.2.6a and earlier leaks translated IP addresses in ICMP error messages. +Notes: + There's a patch here: + http://www.securityfocus.com/bid/4699 + But it doesn't appear to have gone upstream. It doesn't look like RedHat + or Mandrake fixed it either; instead, they suggest a workaround: + http://rhn.redhat.com/errata/RHSA-2002-086.html + http://archives.mandrivalinux.com/security-announce/2002-02/msg00025.html + . + dannf> We plan to "fix" this by recommending the workaround as well. + horms> I believe that this problem was fixed as part of the following + horms> patch that was incuded in 2.6.11 + horms> http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=1e69ba3fa29b13fe5229d6e325aee91ae5abe298 + horms> However I believe a related bug was introduced by the following + horms> patch, also included in 2.6.11 + horms> http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=8d5f3377d48c74df38990688f09e773887ba4eb5 + horms> This new bugs allows discloser of the IP address of intermedate + horms> hops between the NATing box and the NAT'd box. + horms> This is easily demonstrated using tcptraceroute + horms> 1 10.0.1.7 61.524 ms 93.081 ms 22.982 ms + horms> 2 192.168.1.254 72.099 ms 66.899 ms 67.599 ms + horms> 3 10.0.1.7 [open] 67.188 ms 105.974 ms 104.873 ms + horms> I also believe that pretty much all kernels disclose + horms> enough information to work out if DNAT is in use or not. + horms> I wrote a long mail about this to netfilter-devel and will + horms> put a link here when it shows up + horms> In the mean time: (Message-ID: <20060202113824.GA4399@verge.net.au>) + horms> Given this seems to be an ongoing suite of problems, with little + horms> hope of a final solution, I'm marking it as ignore for all + horms> woody and sarge kernels, many of which i have reproduced the + horms> problem on allong with upstream's 2.4 (~2.4.33-pre1) +Bugs: +upstream: released (2.6.11) +linux-2.6: N/A +2.6.8-sarge-security: ignored (2.6.8-16sarge5) +2.4.27-sarge-security: ignored (2.4.27-10sarge5) +2.6.18-etch-security: N/A + + + + |