[kernel-sec-discuss] r755 - active
Martin Pitt
mpitt at alioth.debian.org
Thu Apr 26 21:15:52 UTC 2007
Author: mpitt
Date: 2007-04-26 21:15:52 +0000 (Thu, 26 Apr 2007)
New Revision: 755
Modified:
active/CVE-2007-2172
Log:
flesh out CVE-2007-2172
Modified: active/CVE-2007-2172
===================================================================
--- active/CVE-2007-2172 2007-04-26 07:56:12 UTC (rev 754)
+++ active/CVE-2007-2172 2007-04-26 21:15:52 UTC (rev 755)
@@ -1,14 +1,24 @@
Candidate: CVE-2007-2172
References:
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a979101106f549f4ed80d6dcbc35077be34d4346
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a0ee18b9b7d3847976c6fb315c06a34fb296de0e
Description:
+ A typo in Linux kernel 2.6 before 2.6.21-rc6 causes RTA_MAX to be
+ used as an array size instead of RTN_MAX, which leads to an "out of
+ bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2)
+ fib_props (fib_semantics.c, IPv4) functions.
Ubuntu-Description:
+ The IPv4 and DECnet network protocol handlers misdeclared an array
+ variable so that it became smaller than intended. By sending crafted
+ packets over a netlink socket, a local attacker could exploit this
+ to crash the kernel.
Notes:
Bugs:
upstream:
linux-2.6:
-2.6.18-etch-security:
+2.6.18-etch-security: needed
2.6.8-sarge-security:
2.4.27-sarge-security:
-2.6.15-dapper-security:
-2.6.17-edgy-security:
-2.6.20-feisty-security:
+2.6.15-dapper-security: needed
+2.6.17-edgy-security: needed
+2.6.20-feisty-security: needed
More information about the kernel-sec-discuss
mailing list