[kernel-sec-discuss] r1033 - active
dannf at alioth.debian.org
dannf at alioth.debian.org
Sun Nov 25 04:39:08 UTC 2007
Author: dannf
Date: 2007-11-25 04:39:07 +0000 (Sun, 25 Nov 2007)
New Revision: 1033
Modified:
active/CVE-2007-5087
Log:
update description/upstream status
Modified: active/CVE-2007-5087
===================================================================
--- active/CVE-2007-5087 2007-11-23 23:00:16 UTC (rev 1032)
+++ active/CVE-2007-5087 2007-11-25 04:39:07 UTC (rev 1033)
@@ -1,14 +1,20 @@
Candidate: CVE-2007-5087
References:
Description:
+ The ATM module in the Linux kernel before 2.4.35.3, when CLIP support is
+ enabled, allows local users to cause a denial of service (kernel panic) by
+ reading /proc/net/atm/arp before the CLIP module has been loaded.
Ubuntu-Description:
Notes:
Bugs:
-upstream:
+ dannf> Vulnerable code was added to 2.4 in:
+ http://linux.bkbits.net:8080/linux-2.4/?PAGE=gnupatch&REV=1.1448.44.17
+ which was after 2.4.27
+upstream: released (2.4.36-pre2)
linux-2.6:
2.6.18-etch-security:
2.6.8-sarge-security:
-2.4.27-sarge-security:
+2.4.27-sarge-security: N/A
2.6.15-dapper-security:
2.6.17-edgy-security:
2.6.20-feisty-security:
More information about the kernel-sec-discuss
mailing list