[kernel-sec-discuss] r866 - active retired
jmm at alioth.debian.org
jmm at alioth.debian.org
Thu Jun 21 13:00:26 UTC 2007
Author: jmm
Date: 2007-06-21 13:00:25 +0000 (Thu, 21 Jun 2007)
New Revision: 866
Added:
retired/CVE-2007-1730
Removed:
active/CVE-2007-1730
Log:
retire CVE-2007-1730
Deleted: active/CVE-2007-1730
===================================================================
--- active/CVE-2007-1730 2007-06-21 12:58:59 UTC (rev 865)
+++ active/CVE-2007-1730 2007-06-21 13:00:25 UTC (rev 866)
@@ -1,26 +0,0 @@
-Candidate: CVE-2007-1730
-References:
- http://www.securityfocus.com/archive/1/archive/1/463934/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/464144/100/0/threaded
- http://marc.info/?l=dccp&m=117509584316267&w=2
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.20.y.git;a=commit;h=4eb3dd593742225da375596564aca6aca2470999
-Description:
- Integer signedness error in the DCCP support in the do_dccp_getsockopt function
- in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read
- kernel memory or cause a denial of service (oops) via a negative optlen value.
-Ubuntu-Description:
- The do_dccp_getsockopt() function did not sufficiently verify the
- optlen argument. A local attacker could exploit this to read kernel
- memory (which might expose sensitive data) or cause a kernel crash.
- This only affects Ubuntu 7.04.
-Notes:
- Earlier kernels than 2.6.20 do not have these options.
-Bugs:
-upstream: released (2.6.20.7)
-linux-2.6: released (2.6.21-1)
-2.6.18-etch-security: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.6.15-dapper-security: N/A
-2.6.17-edgy-security: N/A
-2.6.20-feisty-security: released (2.6.20-16.28)
Copied: retired/CVE-2007-1730 (from rev 862, active/CVE-2007-1730)
===================================================================
--- retired/CVE-2007-1730 (rev 0)
+++ retired/CVE-2007-1730 2007-06-21 13:00:25 UTC (rev 866)
@@ -0,0 +1,26 @@
+Candidate: CVE-2007-1730
+References:
+ http://www.securityfocus.com/archive/1/archive/1/463934/100/0/threaded
+ http://www.securityfocus.com/archive/1/archive/1/464144/100/0/threaded
+ http://marc.info/?l=dccp&m=117509584316267&w=2
+ http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.20.y.git;a=commit;h=4eb3dd593742225da375596564aca6aca2470999
+Description:
+ Integer signedness error in the DCCP support in the do_dccp_getsockopt function
+ in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read
+ kernel memory or cause a denial of service (oops) via a negative optlen value.
+Ubuntu-Description:
+ The do_dccp_getsockopt() function did not sufficiently verify the
+ optlen argument. A local attacker could exploit this to read kernel
+ memory (which might expose sensitive data) or cause a kernel crash.
+ This only affects Ubuntu 7.04.
+Notes:
+ Earlier kernels than 2.6.20 do not have these options.
+Bugs:
+upstream: released (2.6.20.7)
+linux-2.6: released (2.6.21-1)
+2.6.18-etch-security: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.6.15-dapper-security: N/A
+2.6.17-edgy-security: N/A
+2.6.20-feisty-security: released (2.6.20-16.28)
More information about the kernel-sec-discuss
mailing list