[gentoo-announce] [ GLSA 200404-10 ] iproute local Denial of Service Vulnerability - gentoo-announce

From:	Kurt Lieber <klieber@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 200404-10 ] iproute local Denial of Service Vulnerability
Date:	Fri, 09 Apr 2004 12:09:55
Message-Id:	`20040409113246.GA16487@mail.lieber.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200404-10

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                             http://security.gentoo.org

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Low

8

     Title: iproute local Denial of Service vulnerability

9

10

      Date: April 09, 2004

11

      Bugs: #34294

12

        ID: 200404-10

13

14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

15

16

Synopsis

17

========

18

19

The iproute package allows local users to cause a denial of service.

20

21

Background

22

==========

23

24

iproute is a set of tools for managing linux network routing and

25

advanced features.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package           /     Vulnerable     /               Unaffected

32

    -------------------------------------------------------------------

33

     sys-apps/iproute      <= 20010824-r4               >= 20010824-r5

34

35

Description

36

===========

37

38

It has been reported that iproute can accept spoofed messages on the

39

kernel netlink interface from local users. This could lead to a local

40

Denial of Service condition.

41

42

Impact

43

======

44

45

Local users could cause a Denial of Service.

46

47

Workaround

48

==========

49

50

A workaround is not currently known for this issue. All users are

51

advised to upgrade to the latest version of the affected package.

52

53

Resolution

54

==========

55

56

All iproute users should upgrade to version 20010824-r5 or later:

57

58

    # emerge sync

59

60

    # emerge -pv ">=sys-apps/iproute-20010824-r5";

61

    # emerge ">=sys-apps/iproute-20010824-r5";

62

63

References

64

==========

65

66

  [ 1 ] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0856

67

68

Concerns?

69

=========

70

71

Security is a primary focus of Gentoo Linux and ensuring the

72

confidentiality and security of our users machines is of utmost

73

importance to us. Any security concerns should be addressed to

74

security@g.o or alternatively, you may file a bug at

75

http://bugs.gentoo.org.

76

77

Availability

78

============

79

80

This GLSA and any updates to it are available for viewing at

81

the Gentoo Security Website:

82

83

     http://security.gentoo.org/glsa/glsa-200404-10.xml

84

85

Copyright/License

86

==================

87

Copyright 2004 Gentoo Technologies, Inc.

88

89

The contents of this document are licensed under the

90

Creative Commons - Attribution / Share Alike license.

91

92

http://creativecommons.org/licenses/by-sa/1.0

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200404-10
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Low
8	Title: iproute local Denial of Service vulnerability
9
10	Date: April 09, 2004
11	Bugs: #34294
12	ID: 200404-10
13
14	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16	Synopsis
17	========
18
19	The iproute package allows local users to cause a denial of service.
20
21	Background
22	==========
23
24	iproute is a set of tools for managing linux network routing and
25	advanced features.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	sys-apps/iproute <= 20010824-r4 >= 20010824-r5
34
35	Description
36	===========
37
38	It has been reported that iproute can accept spoofed messages on the
39	kernel netlink interface from local users. This could lead to a local
40	Denial of Service condition.
41
42	Impact
43	======
44
45	Local users could cause a Denial of Service.
46
47	Workaround
48	==========
49
50	A workaround is not currently known for this issue. All users are
51	advised to upgrade to the latest version of the affected package.
52
53	Resolution
54	==========
55
56	All iproute users should upgrade to version 20010824-r5 or later:
57
58	# emerge sync
59
60	# emerge -pv ">=sys-apps/iproute-20010824-r5";
61	# emerge ">=sys-apps/iproute-20010824-r5";
62
63	References
64	==========
65
66	[ 1 ] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0856
67
68	Concerns?
69	=========
70
71	Security is a primary focus of Gentoo Linux and ensuring the
72	confidentiality and security of our users machines is of utmost
73	importance to us. Any security concerns should be addressed to
74	security@g.o or alternatively, you may file a bug at
75	http://bugs.gentoo.org.
76
77	Availability
78	============
79
80	This GLSA and any updates to it are available for viewing at
81	the Gentoo Security Website:
82
83	http://security.gentoo.org/glsa/glsa-200404-10.xml
84
85	Copyright/License
86	==================
87	Copyright 2004 Gentoo Technologies, Inc.
88
89	The contents of this document are licensed under the
90	Creative Commons - Attribution / Share Alike license.
91
92	http://creativecommons.org/licenses/by-sa/1.0

Gentoo Archives: gentoo-announce