r4467 - people/micah
Dann Frazier
dannf at costa.debian.org
Fri Oct 14 22:43:15 UTC 2005
Author: dannf
Date: 2005-10-14 22:43:14 +0000 (Fri, 14 Oct 2005)
New Revision: 4467
Modified:
people/micah/pending_CVE_requests
Log:
update rose issue
Modified: people/micah/pending_CVE_requests
===================================================================
--- people/micah/pending_CVE_requests 2005-10-14 19:43:23 UTC (rev 4466)
+++ people/micah/pending_CVE_requests 2005-10-14 22:43:14 UTC (rev 4467)
@@ -50,12 +50,15 @@
* net-rose-ndigis-verify.dpatch
Draft CVE text:
-ROSE wasn't verifying the ndigis argument of a new route resulting in
-a minor security hole.
-URL:
-http://linux.bkbits.net:8080/linux-2.6/diffs/net/rose/rose_route.c@1.16?nav=index.html|src/|src/net|src/net/rose|related/net/rose/rose_route.c|cset@1.2009.1.46
-TODO: description is weak, what kind of security hole? What versions
-are affected?
+rose_rt_ioctl() in Linux 2.6 kernels prior to 2.6.12 did not sanity check the
+number of digipeats passed it. A value too large can cause a couple of code
+paths to run off of the end of allocated arrays, creating a potential DoS
+attack vector.
+dannf> I ran the above draft text by Chris Wright & he agrees. Note that
+dannf> CAP_NET_ADMIN is required to use the interface, which makes this issue
+dannf> quite minor
+URL: http://linux.bkbits.net:8080/linux-2.6/diffs/net/rose/rose_route.c@1.16?nav=index.html|src/|src/net|src/net/rose|related/net/rose/rose_route.c|cset@1.2009.1.46
+URL: http://lkml.org/lkml/2005/5/23/169
* sound-usb-usbaudio-unplug-oops.dpatch
[Security] Prevent oops & dead keyboard on usb unplugging while the device
More information about the Kernel-svn-changes
mailing list