[FEISTY] CVE-2007-1357: [APPLETALK]: Fix a remotely triggerable crash
Ben Collins
ben.collins at ubuntu.com
Thu May 3 14:57:03 UTC 2007
On Wed, 2007-05-02 at 00:49 +0100, Phillip lougher wrote:
> >From e07e67ac079deb5cd9b42bc110aa90a0119186db Mon Sep 17 00:00:00 2001
> From: Jean Delvare <jdelvare at suse.de>
> Date: Wed, 4 Apr 2007 23:52:46 -0700
> Subject: [PATCH] [APPLETALK]: Fix a remotely triggerable crash (CVE-2007-1357)
>
> When we receive an AppleTalk frame shorter than what its header says,
> we still attempt to verify its checksum, and trip on the BUG_ON() at
> the end of function atalk_sum_skb() because of the length mismatch.
>
> This has security implications because this can be triggered by simply
> sending a specially crafted ethernet frame to a target victim,
> effectively crashing that host. Thus this qualifies, I think, as a
> remote DoS. Here is the frame I used to trigger the crash, in npg
> format:
ACK
--
Ubuntu: http://www.ubuntu.com/
Linux1394: http://www.linux1394.org/
More information about the kernel-team
mailing list