retire CVE-2005-3044

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@795 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 31 insertions, 0 deletions

diff --git a/retired/CVE-2005-3044 b/retired/CVE-2005-3044
new file mode 100644
index 00000000..ffa83aac
--- /dev/null
+++ b/retired/CVE-2005-3044
@@ -0,0 +1,31 @@
+Candidate: CVE-2005-3044
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3044
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050922
+ Category: SF
+ Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.2
+Description: 
+ Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow loal
+ users to cause a denial of service (kernel OOPS from null dereference)
+ via (1) fput in a 32-bit ioctl on 64-bit x86 systems or (2) sockfd_put
+ in the 32-bit routing_ioctl function on 64-bit systems.
+Notes: 
+ http://lkml.org/lkml/2005/9/30/218
+ horms> 2.4.27 code is vulnerable but there is no amd64 for 2.4 in Sarge
+ dannf> Though, I guess its possible that someone would try to build an amd64
+ dannf> kernel out of our tree, so I marked 2.4 "needed" below.  Lowest of the
+ dannf> low priorities though...
+ micah> there are actually two issues that are fixed in this CVE, so we
+ micah> have two patches... if you look at them they look REALLY similar, but they aren't
+ micah> dont be fooled
+ jmm> marking 2.4 as N/A, 2.4 wasn't supported for amd64
+upstream: released (2.6.13.2)
+linux-2.6: released (2.6.12-7, 2.6.13-1) [lost-fput-in-32bit-ioctl-on-x86-64.patch, linux-2.6.13.2.patch]
+2.6.8-sarge-security: released (2.6.8-16sarge2) [lost-fput-in-32bit-ioctl-on-x86-64.dpatch, lost-sockfd_put-in-32bit-compat-routing_ioctl.patch]
+2.4.27-sarge-security: N/A
+2.6.18-etch-security: N/A
+