[kernel-sec-discuss] r562 - active
Martin Pitt
mpitt at costa.debian.org
Fri Aug 25 13:04:36 UTC 2006
Author: mpitt
Date: 2006-08-25 13:04:36 +0000 (Fri, 25 Aug 2006)
New Revision: 562
Modified:
active/CVE-2006-3745
Log:
add info and ubuntu status for CVE-2006-3735
Modified: active/CVE-2006-3745
===================================================================
--- active/CVE-2006-3745 2006-08-23 14:49:36 UTC (rev 561)
+++ active/CVE-2006-3745 2006-08-25 13:04:36 UTC (rev 562)
@@ -1,7 +1,12 @@
Candidate: CVE-2006-3735
References:
+ http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=96ec9da385cf72c5f775e5f163420ea92e66ded2
Description: sctp potential local privilege escalation
Ubuntu-Description:
+ Wei Wang of McAfee Avert Labs discovered a buffer overflow in the
+ sctp_make_abort_user() function of iptables' SCTP module. On
+ computers which use this module, a local attacker could expoit this
+ to execute arbitrary code with root privileges.
Notes:
Bugs:
upstream: released (2.6.17.10)
@@ -9,7 +14,7 @@
linux-2.6: needed
2.6.8-sarge-security: needed
2.4.27-sarge-security: needed
-2.6.10-hoary-security:
-2.6.12-breezy-security:
-2.6.15-dapper-security:
-2.6.17-edgy:
+2.6.10-hoary-security: needed
+2.6.12-breezy-security: needed
+2.6.15-dapper-security: needed
+2.6.17-edgy: needed
More information about the kernel-sec-discuss
mailing list