Author: gilbert-guest Date: 2009-12-19 21:20:09 +0000 (Sat, 19 Dec 2009) New Revision: 13606 Modified: data/CVE/list Log: info on some old kernel issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-12-19 21:14:16 UTC (rev 13605) +++ data/CVE/list 2009-12-19 21:20:09 UTC (rev 13606) @@ -17645,11 +17645,12 @@ NOTE: just a crasher, no security implications known so far NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities CVE-2008-4609 (The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, ...) - - linux-2.6 <unfixed> (low) - [etch] - linux-2.6 <no-dsa> (no upstream fix available) - [lenny] - linux-2.6 <no-dsa> (no upstream fix available) - - linux-2.6.24 <removed> (low) - NOTE: lots of speculation, nothing very definitive (but fixed recently my microsoft) + - linux-2.6 <unfixed> (unimportant) + - linux-2.6.24 <removed> (unimportant) + NOTE: this is a design flaw in TCP itself; maximum impact is a denial-of-service + NOTE: there is no upstream solution + NOTE: see http://kbase.redhat.com/faq/docs/DOC-18730 for possible mitigation via iptables + NOTE: also see usage of ipt_connlimit as a mitigation strategy CVE-2008-4608 RESERVED CVE-2008-4607 @@ -72310,7 +72311,11 @@ - linux-2.6 2.6.10-1 (low) - linux-2.6.24 <not-affected> (fixed before initial upload) CVE-2004-2135 (cryptoloop on Linux kernel 2.6.x, when used on certain file systems ...) - TODO: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies + - linux-2.6 2.6.32-2 (unimportant) + - linux-2.6.24 <removed> (unimportant) + NOTE: minor issue; solution (removal of cryptoloop) would be a significant change + NOTE: if backported to the stable releases + NOTE: mitigation: use dm-crypt or loop-aes for disk encrytion instead of cryptoloop CVE-2004-2134 (Oracle toplink mapping workBench uses a weak encryption algorithm for ...) NOT-FOR-US: Oracle CVE-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE Linux, ...)