diff options
| author | dann frazier <dannf@debian.org> | 2006-12-17 23:44:19 +0000 |
|---|---|---|
| committer | dann frazier <dannf@debian.org> | 2006-12-17 23:44:19 +0000 |
| commit | 47791af568f127bc7c57648d8f6eb757a7e60003 (patch) | |
| tree | 03c043d34f1e416ccb5c0bf4233e9e10d3ad2976 /retired/CVE-2006-5751 | |
| parent | 880e731ea900d4e502c3064ade0d4757e5cc4e29 (diff) | |
retire CVE-2006-5751
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@667 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2006-5751')
| -rw-r--r-- | retired/CVE-2006-5751 | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/retired/CVE-2006-5751 b/retired/CVE-2006-5751 new file mode 100644 index 00000000..990e5501 --- /dev/null +++ b/retired/CVE-2006-5751 @@ -0,0 +1,34 @@ +Candidate: CVE-2006-5751 +References: + MISC:http://projects.info-pull.com/mokb/MOKB-29-11-2006.html + MISC:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=4c61a7e0a86e1ae9e16867f9f8e4b0412b8edbaf;hp=4e4119a1213925568b8a1acdef9bf52b98b19da3;hb=ba8379b220509e9448c00a77cf6c15ac2a559cc7;f=net/bridge/br_ioctl.c + CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ba8379b220509e9448c00a77cf6c15ac2a559cc7 + CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.18.4 + BID:21353 + URL:http://www.securityfocus.com/bid/21353 + FRSIRT:ADV-2006-4781 + URL:http://www.frsirt.com/english/advisories/2006/4781 + SECUNIA:23073 + XF:linux-getfdbentries-integer-overflow(30588) + URL:http://xforce.iss.net/xforce/xfdb/30588 +Description: + Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c in + the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code + via a large maxnum value in an ioctl request. +Ubuntu-Description: + An integer overflow was found in the get_fdb_entries() function of + the network bridging code. By executing a specially crafted ioctl, a + local attacker could exploit this to execute arbitrary code with root + privileges. +Notes: + dannf> Marking 2.4 as N/A - the code is much different now, and nothing + dannf> seemed to be checking PAGE_SIZE at all in 2.4 +Bugs: +upstream: released (2.6.18.4, 2.6.19) +linux-2.6: released (2.6.18-8) [bugfix/2.6.18.4] +2.6.18-etch: released (2.6.18-8) [bugfix/2.6.18.4] +2.6.8-sarge-security: released (2.6.8-16sarge6) [bridge-get_fdb_entries-overflow.dpatch] +2.4.27-sarge-security: N/A +2.6.12-breezy-security: released (2.6.12-10.41) +2.6.15-dapper-security: released (2.6.15-27.49) +2.6.17-edgy-security: released (2.6.17.1-10.34) |