[kernel-sec-discuss] r732 - active

[Moritz Muehlenhoff]

Author: jmm
Date: 2007-04-05 11:20:13 +0000 (Thu, 05 Apr 2007)
New Revision: 732

Added:
   active/CVE-2007-1730
   active/CVE-2007-1734
Log:
new DCCP issues


Added: active/CVE-2007-1730
===================================================================
--- active/CVE-2007-1730	2007-04-04 07:50:48 UTC (rev 731)
+++ active/CVE-2007-1730	2007-04-05 11:20:13 UTC (rev 732)
@@ -0,0 +1,20 @@
+Candidate: CVE-2007-1730
+References: 
+ http://www.securityfocus.com/archive/1/archive/1/463934/100/0/threaded 
+ http://www.securityfocus.com/archive/1/archive/1/464144/100/0/threaded 
+ http://marc.info/?l=dccp&m=117509584316267&w=2 
+Description:
+ Integer signedness error in the DCCP support in the do_dccp_getsockopt function
+ in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read
+ kernel memory or cause a denial of service (oops) via a negative optlen value.
+Ubuntu-Description: 
+Notes: 
+Bugs: 
+upstream: 
+linux-2.6: 
+2.6.18-etch-security: 
+2.6.8-sarge-security: 
+2.4.27-sarge-security: 
+2.6.12-breezy-security: 
+2.6.15-dapper-security: 
+2.6.17-edgy-security: 

Added: active/CVE-2007-1734
===================================================================
--- active/CVE-2007-1734	2007-04-04 07:50:48 UTC (rev 731)
+++ active/CVE-2007-1734	2007-04-05 11:20:13 UTC (rev 732)
@@ -0,0 +1,19 @@
+Candidate: CVE-2007-1734
+References: 
+ http://www.securityfocus.com/archive/1/archive/1/463969/100/0/threaded
+Description: 
+ The DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in
+ Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen
+ value, which allows local users running on certain architectures to read
+ kernel memory or cause a denial of service (oops), a related issue to CVE-2007-1730
+Ubuntu-Description: 
+Notes: 
+Bugs: 
+upstream: 
+linux-2.6: 
+2.6.18-etch-security: 
+2.6.8-sarge-security: 
+2.4.27-sarge-security: 
+2.6.12-breezy-security: 
+2.6.15-dapper-security: 
+2.6.17-edgy-security: