[kernel-sec-discuss] r798 - active ignored
Moritz Muehlenhoff
jmm at alioth.debian.org
Tue May 1 00:24:08 UTC 2007
Author: jmm
Date: 2007-05-01 00:24:08 +0000 (Tue, 01 May 2007)
New Revision: 798
Added:
ignored/CVE-2005-3660
Removed:
active/CVE-2005-3660
Log:
CVE-2005-3660 is a known design limitation, moving to ignored
Deleted: active/CVE-2005-3660
===================================================================
--- active/CVE-2005-3660 2007-05-01 00:23:01 UTC (rev 797)
+++ active/CVE-2005-3660 2007-05-01 00:24:08 UTC (rev 798)
@@ -1,20 +0,0 @@
-Candidate: CVE-2005-3660
-References:
- http://www.idefense.com/intelligence/vulnerabilities/display.php?id=362
- http://www.securityfocus.com/bid/16041
-Description:
- Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service
- (memory exhaustion and panic) by creating a large number of connected
- file descriptors or socketpairs and setting a large data transfer
- buffer, then preventing Linux from being able to finish the transfer
- by causing the process to become a zombie, or closing the file
- descriptor without closing an associated reference.
-Notes:
-5~ dannf> The fix suggested by idefense includes adding a struct user reference
- dannf> to struct file. No such thing has gone upstream yet, however.
-Bugs:
-upstream:
-linux-2.6:
-2.6.8-sarge-security: ignored (2.6.8-16sarge5)
-2.4.27-sarge-security: ignored (2.4.27-10sarge4)
-2.6.18-etch-security:
Copied: ignored/CVE-2005-3660 (from rev 790, active/CVE-2005-3660)
More information about the kernel-sec-discuss
mailing list