commit b7d061792b4c09fe7c290ddccae3f998d5b513c0
Author: Chris Wright <
chrisw@sous-sol.org>
Date: Mon May 22 11:04:35 2006 -0700
Linux 2.6.16.18
commit 1db6b5a66e93ff125ab871d6b3f7363412cc87e8
Author: Patrick McHardy <
kaber@trash.net>
Date: Sat May 20 09:31:26 2006 +0200
[PATCH] NETFILTER: SNMP NAT: fix memory corruption (CVE-2006-2444)
CVE-2006-2444 - Potential remote DoS in SNMP NAT helper.
Fix memory corruption caused by snmp_trap_decode:
- When snmp_trap_decode fails before the id and address are allocated,
the pointers contain random memory, but are freed by the caller
(snmp_parse_mangle).
- When snmp_trap_decode fails after allocating just the ID, it tries
to free both address and ID, but the address pointer still contains
random memory. The caller frees both ID and random memory again.
- When snmp_trap_decode fails after allocating both, it frees both,
and the callers frees both again.
The corruption can be triggered remotely when the ip_nat_snmp_basic
module is loaded and traffic on port 161 or 162 is NATed.
Found by multiple testcases of the trap-app and trap-enc groups of the
PROTOS c06-snmpv1 testsuite.
Signed-off-by: Patrick McHardy <
kaber@trash.net>
Signed-off-by: Chris Wright <
chrisw@sous-sol.org>
以上內容, 都係關 SNMP 管理上 Security Bug, 如果沒有使用 SNMP 功能, 不用更新.
