[FEISTY] CVE-2007-1357: [APPLETALK]: Fix a remotely triggerable crash

Ben Collins ben.collins at ubuntu.com
Thu May 3 14:57:03 UTC 2007

On Wed, 2007-05-02 at 00:49 +0100, Phillip lougher wrote:
> >From e07e67ac079deb5cd9b42bc110aa90a0119186db Mon Sep 17 00:00:00 2001
> From: Jean Delvare <jdelvare at suse.de>
> Date: Wed, 4 Apr 2007 23:52:46 -0700
> Subject: [PATCH] [APPLETALK]: Fix a remotely triggerable crash (CVE-2007-1357)
> When we receive an AppleTalk frame shorter than what its header says,
> we still attempt to verify its checksum, and trip on the BUG_ON() at
> the end of function atalk_sum_skb() because of the length mismatch.
> This has security implications because this can be triggered by simply
> sending a specially crafted ethernet frame to a target victim,
> effectively crashing that host. Thus this qualifies, I think, as a
> remote DoS. Here is the frame I used to trigger the crash, in npg
> format:


Ubuntu:    http://www.ubuntu.com/
Linux1394: http://www.linux1394.org/

More information about the kernel-team mailing list