diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2007-04-30 17:22:37 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2007-04-30 17:22:37 +0000 |
commit | 8636667d731a70daee749ce1cfb879f6f65ab8e1 (patch) | |
tree | 628afa295ecae1a8804e42d9efb4f847bd760379 /active | |
parent | b995fda901e16dd7fc4a12d05c7d728ffb8797eb (diff) |
fill in information about CAPI overflow
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@778 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'active')
-rw-r--r-- | active/CVE-2007-1217 | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/active/CVE-2007-1217 b/active/CVE-2007-1217 index 2d72a2a2..9e97c347 100644 --- a/active/CVE-2007-1217 +++ b/active/CVE-2007-1217 @@ -3,9 +3,18 @@ References: Description: Ubuntu-Description: Notes: + jmm> Analysis by Karsten Keil (the Linux ISDN maintainer) pointed out, that this + jmm> is not exploitable over the ISDN network, as the generated CAPI messages + jmm> cannot reach a size allowing an overflow. + jmm> This could only be theoretically exploited if there's a pure CAPI server + jmm> and even then it's only DoS. + jmm> + jmm> I'm not convinced we need to fix this + jmm> + jmm> http://bugzilla.kernel.org/show_bug.cgi?id=8028 Bugs: -upstream: -linux-2.6: +upstream: released (2.6.21) +linux-2.6: needed 2.6.18-etch-security: 2.6.8-sarge-security: 2.4.27-sarge-security: |