[kernel-sec-discuss] r752 - active
Martin Pitt
mpitt at alioth.debian.org
Wed Apr 25 13:46:52 UTC 2007
Author: mpitt
Date: 2007-04-25 13:46:52 +0000 (Wed, 25 Apr 2007)
New Revision: 752
Modified:
active/CVE-2007-1730
Log:
flesh out CVE-2007-1730
Modified: active/CVE-2007-1730
===================================================================
--- active/CVE-2007-1730 2007-04-25 13:34:15 UTC (rev 751)
+++ active/CVE-2007-1730 2007-04-25 13:46:52 UTC (rev 752)
@@ -3,18 +3,24 @@
http://www.securityfocus.com/archive/1/archive/1/463934/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/464144/100/0/threaded
http://marc.info/?l=dccp&m=117509584316267&w=2
+ http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.20.y.git;a=commit;h=4eb3dd593742225da375596564aca6aca2470999
Description:
Integer signedness error in the DCCP support in the do_dccp_getsockopt function
in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read
kernel memory or cause a denial of service (oops) via a negative optlen value.
Ubuntu-Description:
+ The do_dccp_getsockopt() function did not sufficiently verify the
+ optlen argument. A local attacker could exploit this to read kernel
+ memory (which might expose sensitive data) or cause a kernel crash.
+ This only affects Ubuntu 7.04.
Notes:
+ Earlier kernels than 2.6.20 do not have these options.
Bugs:
-upstream:
+upstream: released (2.6.20.7)
linux-2.6:
-2.6.18-etch-security:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.12-breezy-security:
-2.6.15-dapper-security:
-2.6.17-edgy-security:
+2.6.18-etch-security: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.6.15-dapper-security: N/A
+2.6.17-edgy-security: N/A
+2.6.20-feisty-security: needed
More information about the kernel-sec-discuss
mailing list