retire some issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1140 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 31 insertions, 0 deletions

diff --git a/retired/CVE-2004-2731 b/retired/CVE-2004-2731
new file mode 100644
index 00000000..1de93562
--- /dev/null
+++ b/retired/CVE-2004-2731
@@ -0,0 +1,31 @@
+Candidate: CVE-2004-2731
+References: 
+ http://www.securityfocus.com/bid/10632
+ http://securitytracker.com/id?1010617
+ http://git.kernel.org/?p=linux/kernel/git/wtarreau/linux-2.4.git;a=commit;h=996bad4803a2ebfebe7b27a431fbcae591f7d199
+ http://git.kernel.org/?p=linux/kernel/git/wtarreau/linux-2.4.git;a=commit;h=a545dd4118eba7242bb390a76b2a1bb3dce0430e
+ http://git.kernel.org/?p=linux/kernel/git/wtarreau/linux-2.4.git;a=commit;h=6ab2cfa4f0a04c11932af701b5437879dd14d8bb
+ http://git.kernel.org/?p=linux/kernel/git/wtarreau/linux-2.4.git;a=commit;h=090a4d5713b462e039e2896ac8092769c42ea742
+Description: 
+ Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c)
+ for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly
+ later versions, allow local users to execute arbitrary code by specifying (1)
+ a small buffer size to the copyin_string function or (2) a negative buffer
+ size to the copyin function.
+Ubuntu-Description: 
+Notes: 
+ dannf> This appears to have been fixed in 2.5, but 2.4 is still
+ dannf> vulnerable to the second part. I've sent patches to
+ dannf> willy/davem for 2.4 consideration
+ dannf>
+ dannf> Patches have been accepted, see References section
+Bugs: 
+upstream: released (2.5.33), released (2.4.35.4)
+linux-2.6: N/A
+2.6.18-etch-security: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-10sarge6) [249_openpromfs-signedness-bug.diff, 250_openpromfs-checks-1.diff, 251_openpromfs-checks-2.diff, 252_openpromfs-checks-3.diff]
+2.6.15-dapper-security: N/A
+2.6.17-edgy-security: N/A
+2.6.20-feisty-security: N/A
+2.6.22-gutsy-security: N/A