linux/net/ipv4
pageexec 4da62fc70d [IPVS]: Fix for overflows
From: <pageexec@freemail.hu>

$subject was fixed in 2.4 already, 2.6 needs it as well.

The impact of the bugs is a kernel stack overflow and privilege escalation
from CAP_NET_ADMIN via the IP_VS_SO_SET_STARTDAEMON/IP_VS_SO_GET_DAEMON
ioctls.  People running with 'root=all caps' (i.e., most users) are not
really affected (there's nothing to escalate), but SELinux and similar
users should take it seriously if they grant CAP_NET_ADMIN to other users.

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-06-26 16:00:19 -07:00
..
ipvs [IPVS]: Fix for overflows 2005-06-26 16:00:19 -07:00
netfilter [NETFILTER]: Fix handling of ICMP packets (RELATED) in ipt_CLUSTERIP target. 2005-06-22 12:37:50 -07:00
af_inet.c [IPV4]: Add LC-Trie FIB lookup algorithm. 2005-06-21 12:43:18 -07:00
ah4.c [IPSEC]: Add xfrm_init_state 2005-06-20 13:18:08 -07:00
arp.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
datagram.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
devinet.c [PATCH] create a kstrdup library function 2005-06-23 09:45:18 -07:00
esp4.c [IPSEC]: Add xfrm_init_state 2005-06-20 13:18:08 -07:00
fib_frontend.c [NETLINK]: fib_lookup() via netlink 2005-06-20 13:36:39 -07:00
fib_hash.c [NETLINK]: Correctly set NLM_F_MULTI without checking the pid 2005-06-18 22:54:12 -07:00
fib_lookup.h [NETLINK]: Correctly set NLM_F_MULTI without checking the pid 2005-06-18 22:54:12 -07:00
fib_rules.c [NETLINK]: Correctly set NLM_F_MULTI without checking the pid 2005-06-18 22:54:12 -07:00
fib_semantics.c [NETLINK]: Set correct pid for ioctl originating netlink events 2005-06-18 22:55:51 -07:00
fib_trie.c [IPV4]: Fix fib_trie.c's args to fib_dump_info(). 2005-06-21 14:43:28 -07:00
icmp.c [IPV4]: Sysctl configurable icmp error source address. 2005-06-13 15:19:03 -07:00
igmp.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
inetpeer.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ip_forward.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ip_fragment.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ip_gre.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ip_input.c [NETFILTER]: Drop conntrack reference in ip_call_ra_chain()/ip_mr_input() 2005-06-21 14:06:24 -07:00
ip_options.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ip_output.c [NETFILTER]: Kill nf_debug 2005-06-21 14:01:57 -07:00
ip_sockglue.c [IPV4/IPV6]: Replace spin_lock_irq with spin_lock_bh 2005-06-18 22:56:18 -07:00
ipcomp.c [IPSEC]: Add xfrm_init_state 2005-06-20 13:18:08 -07:00
ipconfig.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ipip.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ipmr.c [NETFILTER]: Drop conntrack reference in ip_call_ra_chain()/ip_mr_input() 2005-06-21 14:06:24 -07:00
Kconfig [TCP]: Let TCP_CONG_ADVANCED default to n 2005-06-26 15:21:15 -07:00
Makefile [TCP]: Add Scalable TCP congestion control module. 2005-06-23 12:29:07 -07:00
multipath.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
multipath_drr.c [IPV4]: Multipath modules need a license to prevent kernel tainting. 2005-06-13 14:29:06 -07:00
multipath_random.c [IPV4]: Multipath modules need a license to prevent kernel tainting. 2005-06-13 14:29:06 -07:00
multipath_rr.c [IPV4]: Multipath modules need a license to prevent kernel tainting. 2005-06-13 14:29:06 -07:00
multipath_wrandom.c [IPV4]: Multipath modules need a license to prevent kernel tainting. 2005-06-13 14:29:06 -07:00
proc.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
protocol.c [PATCH] update Ross Biro bouncing email address 2005-05-05 16:36:49 -07:00
raw.c [IPV4]: [4/4] signed vs unsigned cleanup in net/ipv4/raw.c 2005-06-18 23:00:34 -07:00
route.c [IPV4]: Fix route.c gcc4 warnings 2005-06-22 22:10:23 -07:00
syncookies.c [NET] Rename open_request to request_sock 2005-06-18 22:47:21 -07:00
sysctl_net_ipv4.c [TCP]: Add pluggable congestion control algorithm infrastructure. 2005-06-23 12:19:55 -07:00
tcp.c [TCP]: Allow choosing TCP congestion control via sockopt. 2005-06-23 20:37:36 -07:00
tcp_bic.c [TCP]: Add TCP BIC congestion control module. 2005-06-23 12:23:25 -07:00
tcp_cong.c [TCP]: Allow choosing TCP congestion control via sockopt. 2005-06-23 20:37:36 -07:00
tcp_diag.c [TCP]: Report congestion control algorithm in tcp_diag. 2005-06-23 12:21:28 -07:00
tcp_highspeed.c [TCP]: Add High Speed TCP congestion control module. 2005-06-23 12:24:58 -07:00
tcp_htcp.c [TCP]: Add H-TCP congestion control module. 2005-06-23 12:28:11 -07:00
tcp_hybla.c [TCP]: Add TCP Hybla congestion control module. 2005-06-23 12:26:34 -07:00
tcp_input.c [TCP]: Add pluggable congestion control algorithm infrastructure. 2005-06-23 12:19:55 -07:00
tcp_ipv4.c [TCP]: Allow choosing TCP congestion control via sockopt. 2005-06-23 20:37:36 -07:00
tcp_minisocks.c [TCP]: Add pluggable congestion control algorithm infrastructure. 2005-06-23 12:19:55 -07:00
tcp_output.c [TCP]: Add pluggable congestion control algorithm infrastructure. 2005-06-23 12:19:55 -07:00
tcp_scalable.c [TCP]: Add Scalable TCP congestion control module. 2005-06-23 12:29:07 -07:00
tcp_timer.c [NET] rename struct tcp_listen_opt to struct listen_sock 2005-06-18 22:48:55 -07:00
tcp_vegas.c [TCP]: Add TCP Vegas congestion control module. 2005-06-23 12:27:19 -07:00
tcp_westwood.c [TCP]: Add TCP Westwood congestion control module. 2005-06-23 12:24:09 -07:00
udp.c [IPV4]: Fix BUG() in 2.6.x, udp_poll(), fragments + CONFIG_HIGHMEM 2005-05-30 15:50:15 -07:00
utils.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
xfrm4_input.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
xfrm4_output.c [IPSEC]: Add XFRM_STATE_NOPMTUDISC flag 2005-06-20 13:21:43 -07:00
xfrm4_policy.c [IPSEC]: Store idev entries 2005-05-03 16:27:10 -07:00
xfrm4_state.c [IPSEC]: Add XFRM_STATE_NOPMTUDISC flag 2005-06-20 13:21:43 -07:00
xfrm4_tunnel.c [IPSEC]: Add xfrm_init_state 2005-06-20 13:18:08 -07:00