1. 22 Jun, 2006 5 commits
  2. 20 Jun, 2006 5 commits
  3. 05 Jun, 2006 13 commits
  4. 31 May, 2006 2 commits
  5. 22 May, 2006 2 commits
    • Chris Wright's avatar
      Linux 2.6.16.18 · b7d06179
      Chris Wright authored
      b7d06179
    • Patrick McHardy's avatar
      [PATCH] NETFILTER: SNMP NAT: fix memory corruption (CVE-2006-2444) · 1db6b5a6
      Patrick McHardy authored
      CVE-2006-2444 - Potential remote DoS in SNMP NAT helper.
      
      Fix memory corruption caused by snmp_trap_decode:
      
      - When snmp_trap_decode fails before the id and address are allocated,
        the pointers contain random memory, but are freed by the caller
        (snmp_parse_mangle).
      
      - When snmp_trap_decode fails after allocating just the ID, it tries
        to free both address and ID, but the address pointer still contains
        random memory. The caller frees both ID and random memory again.
      
      - When snmp_trap_decode fails after allocating both, it frees both,
        and the callers frees both again.
      
      The corruption can be triggered remotely when the ip_nat_snmp_basic
      module is loaded and traffic on port 161 or 162 is NATed.
      
      Found by multiple testcases of the trap-app and trap-enc groups of the
      PROTOS c06-snmpv1 testsuite.
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      Signed-off-by: default avatarChris Wright <chrisw@sous-sol.org>
      1db6b5a6
  6. 20 May, 2006 13 commits