[kernel-sec-discuss] r684 - active

Martin Pitt mpitt at alioth.debian.org
Tue Jan 16 11:07:29 CET 2007 

Author: mpitt
Date: 2007-01-16 11:07:29 +0100 (Tue, 16 Jan 2007)
New Revision: 684

Modified:
   active/CVE-2006-6054
   active/CVE-2006-6106
Log:
flesh out CVE-2006-6106

Modified: active/CVE-2006-6054
===================================================================
--- active/CVE-2006-6054	2007-01-16 10:00:43 UTC (rev 683)
+++ active/CVE-2006-6054	2007-01-16 10:07:29 UTC (rev 684)
@@ -8,13 +8,13 @@
  than the minimum.
 Ubuntu-Description: 
 Notes: 
+ Fixed by SuSE: http://www.novell.com/linux/security/advisories/2006_79_kernel.html
 Bugs: 
 upstream: 
 linux-2.6: 
-2.6.18-etch: 
-2.6.8-sarge-security: 
+2.6.18-etch: needed
+2.6.8-sarge-security: needed
 2.4.27-sarge-security: 
-2.6.12-breezy-security: 
-2.6.15-dapper-security: 
-2.6.17-edgy-security: 
-2.6.19-feisty: 
+2.6.12-breezy-security: needed
+2.6.15-dapper-security: needed
+2.6.17-edgy-security: needed

Modified: active/CVE-2006-6106
===================================================================
--- active/CVE-2006-6106	2007-01-16 10:00:43 UTC (rev 683)
+++ active/CVE-2006-6106	2007-01-16 10:07:29 UTC (rev 684)
@@ -1,15 +1,25 @@
 Candidate: CVE-2006-6106
-References: 
+References:
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f4777569204cb59f2f04fbe9ef4e9a6918209104
 Description: 
+ Multiple buffer overflows in the cmtp_recv_interopmsg function in the
+ Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel
+ 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow
+ remote attackers to cause a denial of service (crash) and possibly
+ execute arbitrary code via CAPI messages with a large value for the
+ length of the (1) manu (manufacturer) or (2) serial (serial number)
+ field.
 Ubuntu-Description: 
+ Marcel Holtman discovered several buffer overflows in the Bluetooth
+ driver. By sending Bluetooth packets with specially crafted CAPI
+ messages, a remote attacker could exploit these to crash the kernel.
 Notes: 
 Bugs: 
 upstream: released (2.6.33.5), released (2.6.18.6)
 linux-2.6: 
-2.6.18-etch: 
-2.6.8-sarge-security: 
+2.6.18-etch: needed
+2.6.8-sarge-security: needed
 2.4.27-sarge-security: 
-2.6.12-breezy-security: 
-2.6.15-dapper-security: 
-2.6.17-edgy-security: 
-2.6.19-feisty: 
+2.6.12-breezy-security: needed
+2.6.15-dapper-security: needed
+2.6.17-edgy-security: needed

More information about the kernel-sec-discuss mailing list