Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 11 Mar 2009 09:01:15 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE-2009-0778 kernel: rt_cache leak

Reported by Hector Herrera:
A "REJECT" route in a software router (ip_forward = 1) based on CentOS 
5.2 will cause the kernel to lose track of cached routes.  Once the 
number of allocated route cache objects (as indicated by the value of 
ip_dst_cache in /proc/slabinfo) reaches the value of 
/proc/sys/net/ipv4/route/max_size - 1, the kernel will complain with a 
'dst cache overflow' errors for every received packet and all network 
connectivity will cease.

But was introduced in upstream commit 8b7817f3a95. It was later fixed in 
upstream commit 7c0ecc4c4f.

Workaround:
- either remove or replace the "REJECT" route with a different 
alternative such as 'ip route add 10.10.0.0/16 via 127.0.0.1'.
- using iptables.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0778

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.