|
Message-ID: <5233640E.60102@redhat.com> Date: Fri, 13 Sep 2013 13:14:22 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request -- Linux kernel: net: sctp: ipv6 ipsec encryption bug in sctp_v6_xmit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/13/2013 07:38 AM, Petr Matousek wrote: > Alan Chester reported an issue with IPv6 on SCTP that IPsec traffic > is not being encrypted, whereas on IPv4 it is. Setting up an AH + > ESP transport does not seem to have the desired effect: > > SCTP + IPv4: > > 22:14:20.809645 IP (tos 0x2,ECT(0), ttl 64, id 0, offset 0, flags > [DF], proto AH (51), length 116) 192.168.0.2 > 192.168.0.5: > AH(spi=0x00000042,sumlen=16,seq=0x1):ESP(spi=0x00000044,seq=0x1), > length 72 22:14:20.813270 IP (tos 0x2,ECT(0), ttl 64, id 0, offset > 0, flags [DF],proto AH (51), length 340) 192.168.0.5 > 192.168.0.2: > AH(spi=0x00000043,sumlen=16,seq=0x1): > > SCTP + IPv6: > > 22:31:19.215029 IP6 (class 0x02, hlim 64, next-header SCTP > (132)payload length: 364) fe80::222:15ff:fe87:7fc.3333 > > fe80::92e6:baff:fe0d:5a54.36767:sctp 1) [INIT ACK] [init tag: > 747759530] [rwnd: 62464] [OS: 10] [MIS:10] > > References: https://bugzilla.kernel.org/show_bug.cgi?id=24412 > https://bugzilla.redhat.com/show_bug.cgi?id=1007872 > > Upstream fix: > http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=95ee62083cb6453e056562d91f597552021e6ae7 > > Thanks, > Please use CVE-2013-4350 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIbBAEBAgAGBQJSM2QOAAoJEBYNRVNeJnmTFd4P+O2iIuwkT/ufCulXrdvgmNRc x+H/25xgz6W55BbuM3ngHkYLbL8CGvVxhTt5ZloRLys3Fgrr87T9XQdKbM4e1Ead 7f/VGsMHOi3WjetMxXt19Cqd8YP7N3ewRaI1r+f5y1876/J6jUbLmXlKv0Kh132a /ov/rnRAZZyYrULcQbDJJEEfDsg7mjnrhG+BNN9GKudX5gPVenzLjWHmPWxFg6cC dyuPN01LpG2u9izep2/MNT8rd13YRh4LacU7qT8gQ3ge8cvvyl2gKyq/gy1x1VlY vhbDiyjrMPilnvZqw//J33UNK7lMq1DOs6UGSqEg0Sz8lCYJW0wN3XbRE9x+HGng bJdzZE7dCYa1ESpTe/KyZAWjtXb/hSB2E7pRy9HSK8IfN7UzSSCdsUl/QwUpBdsN IQhvqPc/JvgwVC1vOD7Hp2MQy88OHLXQyd63txqpVYcRJAmRvn1nLDEwc9fT1Wsd IaBU6YZOodZcahBWBlT2CEqiFd8PbqOurZa+EvzdRs7b9zJbLLiNOrwvevWqBlOo 0ZaajDdzy2Bwu57TNtn5283pm5VvvlsL/BhXEuEj1v0lNDrJNvA8XG0QB1NMKGu/ bSZOM34whqdEdt32PIfjKHQC+SQb1cghQl10ZB6TjYe1JGFXZSCmkux39CPkph8R zybGMnRQvtMJQWi1+zw= =mOpZ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.