[kernel-sec-discuss] r747 - active
Martin Pitt
mpitt at alioth.debian.org
Wed Apr 25 11:35:44 UTC 2007
Author: mpitt
Date: 2007-04-25 11:35:44 +0000 (Wed, 25 Apr 2007)
New Revision: 747
Modified:
active/CVE-2007-1388
Log:
GIT url and Ubuntu status for CVE-2007-1388
Modified: active/CVE-2007-1388
===================================================================
--- active/CVE-2007-1388 2007-04-25 11:27:04 UTC (rev 746)
+++ active/CVE-2007-1388 2007-04-25 11:35:44 UTC (rev 747)
@@ -1,5 +1,6 @@
Candidate: CVE-2007-1388
References:
+ http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.20.y.git;a=commit;h=4cabf6ba5496bc4a5a59871693145880b240b07b
http://bugzilla.kernel.org/show_bug.cgi?id=8155
Description:
The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel
@@ -8,6 +9,9 @@
possibly a zero option length or invalid option value, which triggers a NULL
pointer dereference.
Ubuntu-Description:
+ Gabriel Campana discovered that the do_ipv6_setsockopt() function did
+ not sufficiently verifiy option values for IPV6_RTHDR. A local
+ attacker could exploit this to trigger a kernel crash.
Notes:
dannf> Reproducer in the RH bug doesn't work on debian as-is - you need
to use a hardcoded '57' instead of IPV6_RTHDR. That allows you
@@ -19,6 +23,6 @@
2.6.18-etch-security: pending (2.6.18.dfsg.1-11etch1) [bugfix/ipv6_setsockopt-NULL-deref.patch]
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
-2.6.12-breezy-security:
-2.6.15-dapper-security:
-2.6.17-edgy-security:
+2.6.15-dapper-security: needed
+2.6.17-edgy-security: needed
+2.6.20-feisty-security: needed
More information about the kernel-sec-discuss
mailing list