[kernel-sec-discuss] r1007 - active
dannf at alioth.debian.org
dannf at alioth.debian.org
Mon Nov 5 15:53:41 UTC 2007
Author: dannf
Date: 2007-11-05 15:53:41 +0000 (Mon, 05 Nov 2007)
New Revision: 1007
Modified:
active/CVE-2004-2731
Log:
flesh out
Modified: active/CVE-2004-2731
===================================================================
--- active/CVE-2004-2731 2007-11-05 01:52:55 UTC (rev 1006)
+++ active/CVE-2004-2731 2007-11-05 15:53:41 UTC (rev 1007)
@@ -1,8 +1,18 @@
Candidate: CVE-2004-2731
References:
+ http://www.securityfocus.com/bid/10632
+ http://securitytracker.com/id?1010617
Description:
+ Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c)
+ for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly
+ later versions, allow local users to execute arbitrary code by specifying (1)
+ a small buffer size to the copyin_string function or (2) a negative buffer
+ size to the copyin function.
Ubuntu-Description:
Notes:
+ dannf> The securitytracker reference notes that the issue looks fixed in
+ dannf> 2.6.6; it does appear to be fixed in both 2.6.8 and 2.6.18. looks
+ dannf> like 2.4 upstream is missing the second fix; I'm working on patch
Bugs:
upstream:
linux-2.6:
More information about the kernel-sec-discuss
mailing list