[kernel-sec-discuss] r702 - active

Dann Frazier dannf at alioth.debian.org
Sat Feb 10 21:34:34 CET 2007


Author: dannf
Date: 2007-02-10 21:34:34 +0100 (Sat, 10 Feb 2007)
New Revision: 702

Modified:
   active/CVE-2006-5749
Log:
mark sarge N/A w/ an explanation as to why - etch is already fixed

Modified: active/CVE-2006-5749
===================================================================
--- active/CVE-2006-5749	2007-02-10 19:50:37 UTC (rev 701)
+++ active/CVE-2006-5749	2007-02-10 20:34:34 UTC (rev 702)
@@ -12,12 +12,19 @@
  reset state timer. By sending specially crafted ISDN packets, a
  remote attacker could exploit this to crash the kernel.
 Notes: 
+ dannf> According to Marcel Holtmann, 2.4 and 2.6 < 2.6.13 are not vulnerable.
+ dannf> Indeed, in 2.4.27 & 2.6.8, init_timer() just sets timer->base to NULL,
+ dannf> so the memset() is sufficient to avoid this crash.
+ dannf> However, in 2.6.8 init_timer() also sets a magic number. add_timer()
+ dannf> will call __mod_timer(), which calls check_timer(), which will cause
+ dannf> the kernel to whine if this magic number is not set. I don't think this
+ dannf> will cause a crash, so I'm considering a non-security issue
 Bugs: 
 upstream: released (2.6.20-rc5)
-linux-2.6: needed
-2.6.18-etch: needed
-2.6.8-sarge-security: needed
-2.4.27-sarge-security: needed
+linux-2.6: pending (2.6.20-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-10)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
 2.6.12-breezy-security: released (2.6.12-10.43)
 2.6.15-dapper-security: released (2.6.15-28.51)
 2.6.17-edgy-security: released (2.6.17.1-11.35)




More information about the kernel-sec-discuss mailing list