r4354 - people/micah

[Micah Anderson]

Author: micah
Date: 2005-10-08 16:08:34 +0000 (Sat, 08 Oct 2005)
New Revision: 4354

Modified:
   people/micah/pending_CVE_requests
Log:
Updating draft CVE texts


Modified: people/micah/pending_CVE_requests
===================================================================
--- people/micah/pending_CVE_requests	2005-10-07 21:27:50 UTC (rev 4353)
+++ people/micah/pending_CVE_requests	2005-10-08 16:08:34 UTC (rev 4354)
@@ -1,38 +1,55 @@
-waiting on dannf:
+Draft text for CVE:
 A local denial of service was discovered in the ptrace code for ia64 in
 linux-2.6.8 enabling unprivledged users to trigger an oops when
 CONFIG_PREEMPT is enabled in the kernel configuration.
+TODO: dannf looking for reference
+TODO: is this included in 2.6.8-16sarge1?
 
+Patches included in 2.6.8-16sarge1:
+
+* fs-exec-posix-timers-leak-1.dpatch,
 Draft text for CVE:
-A local denial of service was discovered in the ptrace code for ia64 in
-linux-2.6.8 enabling unprivledged users to trigger an oops when
-CONFIG_PREEMPT is enabled in the kernel configuration.
+A potential local denial of service was discovered in the linux kernel
+2.6? due to exec failing to clean up posix-timers, leaving lingering
+timers around that could kill processes with unexpected signals. 
+URL: http://linux.bkbits.net:8080/linux-2.6/cset@414b332fsZQvEUsfzKJIo-q2_ZH0hg
+TODO: fixed in which version of upstream?
 
-from 2.6.8-16sarge1:
-  * fs-exec-posix-timers-leak-1.dpatch,
-    [Security] fs-exec-posix-timers-leak-2.dpatch
-    Make exec clean up posix timers.
-M: dannf tracked
+* fs-exec-posix-timers-leak-2.dpatch
+Draft CVE text:
+Leaks were discovered in the exec structure of linux-2.6, resulting in
+pending signal loss... how is this a security problem?
+URL: http://linux.bkbits.net:8080/linux-2.6/cset@4174ac1exFxpMg163OsRuPZLQrlBKg
+TODO: Description is weak, also what upstream version is this fixed in?
 
-  * net-bridge-forwarding-poison-2.dpatch,
-    net-bridge-forwarding-poison-2.dpatch:
-    [Security] Avoid poisoning of the bridge forwarding table by frames that
-    have been dropped by filtering. This prevents spoofed source addresses on
-    hostile side of bridge from causing packet leakage, a small but possible
-    security risk.
-M: dannf tracked
+* net-bridge-forwarding-poison-1.dpatch,
+  net-bridge-forwarding-poison-2.dpatch:
+Draft CVE text:
+Spoofed source addresses on the public facing side of a bridge can
+cause packet leaks due to poisoning of the bridge forwarding table by
+frames that have been dropped by filtering. 
+URL: http://linux.bkbits.net:8080/linux-2.6/cset@412d2246sXjFQD6OadAB57YWvqR9vQ
+URL: http://linux.bkbits.net:8080/linux-2.6/cset@1.3097.18.19?nav=index.html|src/|src/net|src/net/bridge|related/net/bridge/br_input.c
 M: the following are pre-requisites:
 M: net-bridge-mangle-oops-1.dpatch
 M: net-bridge-mangle-oops-2.dpatch
+TODO: What upstream version is affected by this, and which is fixed?
 
-  * [Security] net-rose-ndigis-verify.dpatch
-    Verify ndigis argument of a new route.
-M: dannf tracked
+* net-rose-ndigis-verify.dpatch
+Draft CVE text:
+ROSE wasn't verifying the ndigis argument of a new route resulting in
+a minor security hole.
+URL:
+http://linux.bkbits.net:8080/linux-2.6/diffs/net/rose/rose_route.c@1.16?nav=index.html|src/|src/net|src/net/rose|related/net/rose/rose_route.c|cset@1.2009.1.46
+TODO: description is weak, what kind of security hole? What versions
+are affected?
 
-  * sound-usb-usbaudio-unplug-oops.dpatch
+* sound-usb-usbaudio-unplug-oops.dpatch
     [Security] Prevent oops & dead keyboard on usb unplugging while the device
     is being used.
-M: dannf tracked
+TODO: How is this a security patch?
+TODO: URL
+TODO: CVE description
 
   * net-ipv4-ipvs-conn_tab-race.dpatch
     [Security] Fix race condition on ip_vs_conn_tab list modification