[kernel-sec-discuss] r795 - active retired

[Moritz Muehlenhoff]

Author: jmm
Date: 2007-05-01 00:20:09 +0000 (Tue, 01 May 2007)
New Revision: 795

Added:
   retired/CVE-2005-3044
Removed:
   active/CVE-2005-3044
Log:
retire CVE-2005-3044


Deleted: active/CVE-2005-3044
===================================================================
--- active/CVE-2005-3044	2007-05-01 00:19:18 UTC (rev 794)
+++ active/CVE-2005-3044	2007-05-01 00:20:09 UTC (rev 795)
@@ -1,31 +0,0 @@
-Candidate: CVE-2005-3044
-References: 
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3044
- Final-Decision:
- Interim-Decision:
- Modified:
- Proposed:
- Assigned: 20050922
- Category: SF
- Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.2
-Description: 
- Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow loal
- users to cause a denial of service (kernel OOPS from null dereference)
- via (1) fput in a 32-bit ioctl on 64-bit x86 systems or (2) sockfd_put
- in the 32-bit routing_ioctl function on 64-bit systems.
-Notes: 
- http://lkml.org/lkml/2005/9/30/218
- horms> 2.4.27 code is vulnerable but there is no amd64 for 2.4 in Sarge
- dannf> Though, I guess its possible that someone would try to build an amd64
- dannf> kernel out of our tree, so I marked 2.4 "needed" below.  Lowest of the
- dannf> low priorities though...
- micah> there are actually two issues that are fixed in this CVE, so we
- micah> have two patches... if you look at them they look REALLY similar, but they aren't
- micah> dont be fooled
- jmm> marking 2.4 as N/A, 2.4 wasn't supported for amd64
-upstream: released (2.6.13.2)
-linux-2.6: released (2.6.12-7, 2.6.13-1) [lost-fput-in-32bit-ioctl-on-x86-64.patch, linux-2.6.13.2.patch]
-2.6.8-sarge-security: released (2.6.8-16sarge2) [lost-fput-in-32bit-ioctl-on-x86-64.dpatch, lost-sockfd_put-in-32bit-compat-routing_ioctl.patch]
-2.4.27-sarge-security: N/A
-2.6.18-etch-security: N/A
-

Copied: retired/CVE-2005-3044 (from rev 794, active/CVE-2005-3044)