[kernel-sec-discuss] r562 - active

Martin Pitt mpitt at costa.debian.org
Fri Aug 25 13:04:36 UTC 2006


Author: mpitt
Date: 2006-08-25 13:04:36 +0000 (Fri, 25 Aug 2006)
New Revision: 562

Modified:
   active/CVE-2006-3745
Log:
add info and ubuntu status for CVE-2006-3735

Modified: active/CVE-2006-3745
===================================================================
--- active/CVE-2006-3745	2006-08-23 14:49:36 UTC (rev 561)
+++ active/CVE-2006-3745	2006-08-25 13:04:36 UTC (rev 562)
@@ -1,7 +1,12 @@
 Candidate: CVE-2006-3735
 References: 
+ http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=96ec9da385cf72c5f775e5f163420ea92e66ded2 
 Description: sctp potential local privilege escalation
 Ubuntu-Description:
+ Wei Wang of McAfee Avert Labs discovered a buffer overflow in the
+ sctp_make_abort_user() function of iptables' SCTP module. On
+ computers which use this module, a local attacker could expoit this
+ to execute arbitrary code with root privileges.
 Notes: 
 Bugs: 
 upstream: released (2.6.17.10)
@@ -9,7 +14,7 @@
 linux-2.6: needed
 2.6.8-sarge-security: needed
 2.4.27-sarge-security: needed
-2.6.10-hoary-security:
-2.6.12-breezy-security:
-2.6.15-dapper-security:
-2.6.17-edgy:
+2.6.10-hoary-security: needed
+2.6.12-breezy-security: needed
+2.6.15-dapper-security: needed
+2.6.17-edgy: needed




More information about the kernel-sec-discuss mailing list