Hi! JFYI, see the attachment. Securityfocus and some other news sites have spread rumour that the do_path() bug fixed with 2.6.16 is remotely exploitable. It is not. Unless you are using virtualization techniques like Virtuozzo or Vserver (where 'root' cannot neccessarily be trusted), there is not really any security risk caused by this bug. Stay cool. Cheers, Harald (for the netfilter core team) -- - Harald Welte <laforge@xxxxxxxxxxxxx> http://netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie
--- Begin Message ---
- Subject: Wrong information on http://www.securityfocus.com/bid/17178/discuss
- From: Harald Welte <laforge@xxxxxxxxxxxxx>
- Date: Wed, 22 Mar 2006 11:57:17 +0100
- Cc: coreteam@xxxxxxxxxxxxx
- User-agent: mutt-ng devel-20050619 (Debian)
Hi! As a member of the netfilter core team, I would like to ask you to immediately stop spreading false information about an allegeldy remotely exploitable vulnerability that simply doesn't exist. I don't know how you come to the conclusion at http://www.securityfocus.com/bid/17178/discuss, that "This issue allows remote attackers to overwrite kernel memory with arbitrary data, potentially allowing them to execute malicious machine code in the context of affected kernels." The respective bug [called do_replace() bug] is in a code path that can ONLY be executed by a local root user. In fact, it is a bug in the codepath for ruleset changes. So unless you have a locally malicious root user (which could change the ruleset anyway, and very likely load arbitrary code via kernel modules or patch /proc/kmem), there is nothing that can be exploited. Neither for local non-root users, not for any remote party. Please correct information in your vulnerability data base as soon as possible! Your wrong assessment has already been picked up by some other news sites, and users are starting to inquire the project about a security threat that doesn't even exist. Thanks in advance, Harald -- - Harald Welte <laforge@xxxxxxxxxxxxx> http://netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul VixieAttachment: pgpqlHPJN4QxP.pgp
Description: PGP signature
--- End Message ---
Attachment:
pgpHzIB2FTEPt.pgp
Description: PGP signature
