diff options
| author | Martin Pitt <mpitt@debian.org> | 2007-04-25 13:46:52 +0000 |
|---|---|---|
| committer | Martin Pitt <mpitt@debian.org> | 2007-04-25 13:46:52 +0000 |
| commit | 2ef64a029341ff45dfac4e10d9441b774fcdb50f (patch) | |
| tree | acd34150281d69dd5edfb109154d0f70654952db /active | |
| parent | 88a00f0a05c5c68f400b7f2b7812e51dfbea6067 (diff) | |
flesh out CVE-2007-1730
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@752 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'active')
| -rw-r--r-- | active/CVE-2007-1730 | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/active/CVE-2007-1730 b/active/CVE-2007-1730 index 46c448d7..68afb03f 100644 --- a/active/CVE-2007-1730 +++ b/active/CVE-2007-1730 @@ -3,18 +3,24 @@ References: http://www.securityfocus.com/archive/1/archive/1/463934/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/464144/100/0/threaded http://marc.info/?l=dccp&m=117509584316267&w=2 + http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.20.y.git;a=commit;h=4eb3dd593742225da375596564aca6aca2470999 Description: Integer signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value. Ubuntu-Description: + The do_dccp_getsockopt() function did not sufficiently verify the + optlen argument. A local attacker could exploit this to read kernel + memory (which might expose sensitive data) or cause a kernel crash. + This only affects Ubuntu 7.04. Notes: + Earlier kernels than 2.6.20 do not have these options. Bugs: -upstream: +upstream: released (2.6.20.7) linux-2.6: -2.6.18-etch-security: -2.6.8-sarge-security: -2.4.27-sarge-security: -2.6.12-breezy-security: -2.6.15-dapper-security: -2.6.17-edgy-security: +2.6.18-etch-security: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.6.15-dapper-security: N/A +2.6.17-edgy-security: N/A +2.6.20-feisty-security: needed |