blob: 4ac936558fd205b9dbaf91e6cdae8c42b6837463 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Description: Denial of service by sending IPv6 UFO packet through tap
References:
Notes:
bwh> Bug was introduced in 3.2.63 (and 3.4.101) by the backport of
bwh> commit 73f156a6e8c1 ("inetpeer: get rid of ip_id_count") which
bwh> assumes ipv6_select_ident() is called with a non-null struct
bwh> rt6_info pointer. That was not true as they were missing commit
bwh> 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data").
bwh> Neither the upstream kernel nor any other stable branch had this
bwh> bug.
Bugs: #766195
upstream: N/A
2.6.32-upstream-stable: N/A
sid: N/A
3.2-wheezy-security: released (3.2.63-2+deb7u1) [bugfix/all/ipv6-reuse-ip6_frag_id-from-ip6_ufo_append_data.patch]
2.6.32-squeeze-security: N/A
3.16-upstream-stable: N/A
3.2-upstream-stable: released (3.2.64)
|
