[kernel-sec-discuss] r1036 - active
dannf at alioth.debian.org
dannf at alioth.debian.org
Sun Nov 25 19:03:11 UTC 2007
Author: dannf
Date: 2007-11-25 19:03:11 +0000 (Sun, 25 Nov 2007)
New Revision: 1036
Modified:
active/CVE-2007-5087
Log:
update debian 2.6 status and a pointer to the 2.4 fix
Modified: active/CVE-2007-5087
===================================================================
--- active/CVE-2007-5087 2007-11-25 05:00:43 UTC (rev 1035)
+++ active/CVE-2007-5087 2007-11-25 19:03:11 UTC (rev 1036)
@@ -1,5 +1,6 @@
Candidate: CVE-2007-5087
References:
+ http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.35.y.git;a=commitdiff;h=b7ae15e7707050baafe5a35e3d4f2d175197d222
Description:
The ATM module in the Linux kernel before 2.4.35.3, when CLIP support is
enabled, allows local users to cause a denial of service (kernel panic) by
@@ -10,10 +11,12 @@
dannf> Vulnerable code was added to 2.4 in:
http://linux.bkbits.net:8080/linux-2.4/?PAGE=gnupatch&REV=1.1448.44.17
which was after 2.4.27
+ dannf> The commit notes that 2.6 isn't vulnerable because teh arp entry is
+ handled in clip.c. I've verified this is true for both 2.6.8 and 2.6.18.
upstream: released (2.4.36-pre2)
-linux-2.6:
-2.6.18-etch-security:
-2.6.8-sarge-security:
+linux-2.6: N/A
+2.6.18-etch-security: N/A
+2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.6.15-dapper-security:
2.6.17-edgy-security:
More information about the kernel-sec-discuss
mailing list