flesh out

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1007 e094ebfe-e918-0410-adfb-c712417f3574
author: dann frazier <dannf@debian.org> 2007-11-05 15:53:41 +0000
committer: dann frazier <dannf@debian.org> 2007-11-05 15:53:41 +0000
commit: cb0c03012207573ef706349c83a036ab497175a7 (patch)
tree: 3c4dcfd6fab63cbf1ef58c0d59f55d0af4dde003
parent: c71b44f1375cf56b285eec89bd8cc1acab67b069 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/active/CVE-2004-2731 b/active/CVE-2004-2731
index 30a8af34..c0f51748 100644
--- a/active/CVE-2004-2731
+++ b/active/CVE-2004-2731
@@ -1,8 +1,18 @@
 Candidate: CVE-2004-2731
 References: 
+ http://www.securityfocus.com/bid/10632
+ http://securitytracker.com/id?1010617
 Description: 
+ Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c)
+ for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly
+ later versions, allow local users to execute arbitrary code by specifying (1)
+ a small buffer size to the copyin_string function or (2) a negative buffer
+ size to the copyin function.
 Ubuntu-Description: 
 Notes: 
+ dannf> The securitytracker reference notes that the issue looks fixed in
+ dannf> 2.6.6; it does appear to be fixed in both 2.6.8 and 2.6.18. looks
+ dannf> like 2.4 upstream is missing the second fix; I'm working on patch
 Bugs: 
 upstream: 
 linux-2.6:
author	dann frazier <dannf@debian.org>	2007-11-05 15:53:41 +0000
committer	dann frazier <dannf@debian.org>	2007-11-05 15:53:41 +0000
commit	cb0c03012207573ef706349c83a036ab497175a7 (patch)
tree	3c4dcfd6fab63cbf1ef58c0d59f55d0af4dde003
parent	c71b44f1375cf56b285eec89bd8cc1acab67b069 (diff)