blob: 3b3066ce8277b2b4d235a07b2039edc2d6883443 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
Candidate: CVE-2005-2873
References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2873
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20050909
Category: SF
MISC:http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/
Description:
The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and
earlier does not properly perform certain time tests when the jiffies
value is greater than LONG_MAX, which can cause ipt_recent netfilter
rules to block too early, a different vulnerability than
CVE-2005-2872.
Notes:
horms> No patch that is acceptable upstream is available
http://lists.debian.org/debian-kernel/2005/09/msg00257.html
jmm> There's now a complete rewrite by Patrick McHardy in 2.6.18
jmm> This change won't be backported to Sarge, if this poses a problem an update
jmm> to Etch is required
upstream: released (2.6.18)
Bugs: 332381, 332231, 332228
linux-2.6: released (2.6.18-1)
2.6.8-sarge-security: ignored (2.6.8-16sarge5)
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
2.6.18-etch-security: N/A
|