[kernel-sec-discuss] r702 - active
Dann Frazier
dannf at alioth.debian.org
Sat Feb 10 21:34:34 CET 2007
Author: dannf
Date: 2007-02-10 21:34:34 +0100 (Sat, 10 Feb 2007)
New Revision: 702
Modified:
active/CVE-2006-5749
Log:
mark sarge N/A w/ an explanation as to why - etch is already fixed
Modified: active/CVE-2006-5749
===================================================================
--- active/CVE-2006-5749 2007-02-10 19:50:37 UTC (rev 701)
+++ active/CVE-2006-5749 2007-02-10 20:34:34 UTC (rev 702)
@@ -12,12 +12,19 @@
reset state timer. By sending specially crafted ISDN packets, a
remote attacker could exploit this to crash the kernel.
Notes:
+ dannf> According to Marcel Holtmann, 2.4 and 2.6 < 2.6.13 are not vulnerable.
+ dannf> Indeed, in 2.4.27 & 2.6.8, init_timer() just sets timer->base to NULL,
+ dannf> so the memset() is sufficient to avoid this crash.
+ dannf> However, in 2.6.8 init_timer() also sets a magic number. add_timer()
+ dannf> will call __mod_timer(), which calls check_timer(), which will cause
+ dannf> the kernel to whine if this magic number is not set. I don't think this
+ dannf> will cause a crash, so I'm considering a non-security issue
Bugs:
upstream: released (2.6.20-rc5)
-linux-2.6: needed
-2.6.18-etch: needed
-2.6.8-sarge-security: needed
-2.4.27-sarge-security: needed
+linux-2.6: pending (2.6.20-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-10)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
2.6.12-breezy-security: released (2.6.12-10.43)
2.6.15-dapper-security: released (2.6.15-28.51)
2.6.17-edgy-security: released (2.6.17.1-11.35)
More information about the kernel-sec-discuss
mailing list