[kernel-sec-discuss] r732 - active
Moritz Muehlenhoff
jmm at alioth.debian.org
Thu Apr 5 11:20:13 UTC 2007
Author: jmm
Date: 2007-04-05 11:20:13 +0000 (Thu, 05 Apr 2007)
New Revision: 732
Added:
active/CVE-2007-1730
active/CVE-2007-1734
Log:
new DCCP issues
Added: active/CVE-2007-1730
===================================================================
--- active/CVE-2007-1730 2007-04-04 07:50:48 UTC (rev 731)
+++ active/CVE-2007-1730 2007-04-05 11:20:13 UTC (rev 732)
@@ -0,0 +1,20 @@
+Candidate: CVE-2007-1730
+References:
+ http://www.securityfocus.com/archive/1/archive/1/463934/100/0/threaded
+ http://www.securityfocus.com/archive/1/archive/1/464144/100/0/threaded
+ http://marc.info/?l=dccp&m=117509584316267&w=2
+Description:
+ Integer signedness error in the DCCP support in the do_dccp_getsockopt function
+ in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read
+ kernel memory or cause a denial of service (oops) via a negative optlen value.
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.18-etch-security:
+2.6.8-sarge-security:
+2.4.27-sarge-security:
+2.6.12-breezy-security:
+2.6.15-dapper-security:
+2.6.17-edgy-security:
Added: active/CVE-2007-1734
===================================================================
--- active/CVE-2007-1734 2007-04-04 07:50:48 UTC (rev 731)
+++ active/CVE-2007-1734 2007-04-05 11:20:13 UTC (rev 732)
@@ -0,0 +1,19 @@
+Candidate: CVE-2007-1734
+References:
+ http://www.securityfocus.com/archive/1/archive/1/463969/100/0/threaded
+Description:
+ The DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in
+ Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen
+ value, which allows local users running on certain architectures to read
+ kernel memory or cause a denial of service (oops), a related issue to CVE-2007-1730
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.18-etch-security:
+2.6.8-sarge-security:
+2.4.27-sarge-security:
+2.6.12-breezy-security:
+2.6.15-dapper-security:
+2.6.17-edgy-security:
More information about the kernel-sec-discuss
mailing list