[kernel-sec-discuss] r823 - active
dannf at alioth.debian.org
dannf at alioth.debian.org
Thu May 17 20:16:00 UTC 2007
Author: dannf
Date: 2007-05-17 20:15:59 +0000 (Thu, 17 May 2007)
New Revision: 823
Modified:
active/CVE-2007-2480
Log:
flesh out
Modified: active/CVE-2007-2480
===================================================================
--- active/CVE-2007-2480 2007-05-17 19:33:10 UTC (rev 822)
+++ active/CVE-2007-2480 2007-05-17 20:15:59 UTC (rev 823)
@@ -1,6 +1,11 @@
Candidate: CVE-2007-2480
References:
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=de34ed91c4ffa4727964a832c46e624dd1495cf5
Description:
+ The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.21 and
+ earlier does not prevent a bind to a port with a local address when there is
+ already a bind to that port with a wildcard local address, which might allow
+ local users to intercept local traffic for daemons or other applications.
Ubuntu-Description:
Notes:
Bugs:
More information about the kernel-sec-discuss
mailing list