[kernel-sec-discuss] r1037 - active
dannf at alioth.debian.org
dannf at alioth.debian.org
Sun Nov 25 20:46:36 UTC 2007
Author: dannf
Date: 2007-11-25 20:46:36 +0000 (Sun, 25 Nov 2007)
New Revision: 1037
Modified:
active/CVE-2007-5908
Log:
flesh out
Modified: active/CVE-2007-5908
===================================================================
--- active/CVE-2007-5908 2007-11-25 19:03:11 UTC (rev 1036)
+++ active/CVE-2007-5908 2007-11-25 20:46:36 UTC (rev 1037)
@@ -1,6 +1,11 @@
Candidate: CVE-2007-5908
+Description:
+ Buffer overflow in the (1) sysfs_show_available_clocksources and (2)
+ sysfs_show_current_clocksources functions in Linux kernel 2.6.23 and earlier
+ might allow local users to cause a denial of service or execute arbitrary
+ code via crafted clock source names.
References:
-Description:
+ http://marc.info/?l=linux-kernel&m=119451922608530&w=2
Ubuntu-Description:
Notes:
kees> this is not actually an exploitable security issue. there is no way to add clock sources that could trigger the overflow.
More information about the kernel-sec-discuss
mailing list