Hi, In SuSE Security Announcement: kernel (SuSE-SA:2003:034) there is a list of fixes for the 2.4 kernel. Unfortunately, the descriptions of the different problems are very short and no CVE or Cert references are added :-/ I'm wondering whether the following two problems are security related, or actually just bugs: -fix problem with ecc reporting garbage in /proc/ram -fix console redirect bug Does anyone have any idea of what is actually the problem and what the security impact would be? Kind regards, Lise _________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
Hi,
In SuSE Security Announcement: kernel (SuSE-SA:2003:034) there is a list of fixes for the 2.4 kernel. Unfortunately, the descriptions of the different problems are very short and no CVE or Cert references are added :-/
I'm wondering whether the following two problems are security related, or actually just bugs:
-fix problem with ecc reporting garbage in /proc/ram -fix console redirect bug
Does anyone have any idea of what is actually the problem and what the security impact would be?
Both of them are only very loosely security-related. They have been mentioned in the description for completeness and for some people who have asked us to fix these bugs. This way they can easily see that the issues have been addressed. Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // Nail here | SuSE Linux AG - Security Phone: // for a new | Nürnberg, Germany +49-911-740530 // monitor! --> [x] | - -
Hi,
In SuSE Security Announcement: kernel (SuSE-SA:2003:034) there is a list of fixes for the 2.4 kernel. Unfortunately, the descriptions of the different problems are very short and no CVE or Cert references are added :-/
I'm wondering whether the following two problems are security related, or actually just bugs:
-fix problem with ecc reporting garbage in /proc/ram -fix console redirect bug
Does anyone have any idea of what is actually the problem and what the security impact would be?
Both of them are only very loosely security-related. They have been mentioned in the description for completeness and for some people who have asked us to fix these bugs. This way they can easily see that the issues have been addressed.
Thanks, Roman.
There are issues mentioned @ netfilter.org for 2.4.20 kernels: http://www.netfilter.org/security/2003-08-01-nat-sack.html http://www.netfilter.org/security/2003-08-01-listadd.html The first issue is with NAT (in use for routers with dsl), the second one with connection tracking (in use for simple or complex firewallscripts). With both issues you can crash a server, the connection tracking issue is the bigger problem, because many firewallscripts use this one! For further information you have to search here: http://www.securityfocus.com/ http://www.securiteam.com/ http://www.cert.org/ Philippe
Philippe Vogel wrote:
There are issues mentioned @ netfilter.org for 2.4.20 kernels:
http://www.netfilter.org/security/2003-08-01-nat-sack.html http://www.netfilter.org/security/2003-08-01-listadd.html
Content of this advisory: 1) security vulnerability resolved: a race condition in the ELF loader, a minor information leakage problem in the proc-fs, re-binding problem of UDP port 2049 sockets, -->>> DoS in netfilter <<<-- and NFSv3 code fixed.
participants (4)
-
Lise Moorveld -
Philippe Vogel -
Roman Drahtmueller -
Sven 'Darkman' Michels