| |||||||||||||
Fun SELinux remote DoS blast from the pastFun SELinux remote DoS blast from the pastPosted Jun 17, 2008 22:13 UTC (Tue) by spender (subscriber, #23067)Parent article: Stable kernel 2.6.25.7 released
Never mentioned as such in the public, as far as I can tell (I searched quite a bit). No CVE either, for that matter. It's old (2005), but this is the type of information I'm compiling. Here's the official fix: http://marc.info/?l=git-commits-head&m=11144414510467... Short message is "[SELINUX]: Fix ipv6_skip_exthdr() invocation causing OOPS." No mention of security in the short message or the detailed long message. Some months later Arjan van de Ven posts to vendor-sec and the kernel security list: From: Arjan van de Ven <arjanv@redhat.com> To: vendor-sec@lst.de, security@kernel.org Subject: [vendor-sec] remote kernel DoS X-Original-Date: Fri, 2 Sep 2005 10:30:58 +0200 Hi, just FYI: we have reason to believe that http://marc.theaimsgroup.com/?l=linux-netdev&m=111417... is beeing triggered from remote in the wild (two machines hitting it in the same public cluster within 3 days). It's fixed in kernel.org for a while now. Assume this issue to be public since it's heavily discussed on public irc already. ---- No replies, and I can't find any evidence of this post resulting in any sort of public announcement. I'm sure admitting SELinux *causing* a remote DoS was not something RedHat and others were willing to admit. -Brad
(Log in to post comments)
|
|||||||||||||