diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2007-06-21 12:58:59 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2007-06-21 12:58:59 +0000 |
commit | f359eab080c47c6427c82f7a5e3fed6077a46ec7 (patch) | |
tree | 4785c537643677dc99faec6c4669a995ec9212f1 /retired/CVE-2007-1388 | |
parent | e9b19f08efe5a9dd48a98837f19e7c4bca6fe3fa (diff) |
retire CVE-2007-1407
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@865 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2007-1388')
-rw-r--r-- | retired/CVE-2007-1388 | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/retired/CVE-2007-1388 b/retired/CVE-2007-1388 new file mode 100644 index 00000000..592e2d89 --- /dev/null +++ b/retired/CVE-2007-1388 @@ -0,0 +1,28 @@ +Candidate: CVE-2007-1388 +References: + http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.20.y.git;a=commit;h=4cabf6ba5496bc4a5a59871693145880b240b07b + http://bugzilla.kernel.org/show_bug.cgi?id=8155 +Description: + The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel + 2.6.17, and possibly other versions, allows local users to cause a denial of + service (oops) by calling setsockopt with the IPV6_RTHDR option name and + possibly a zero option length or invalid option value, which triggers a NULL + pointer dereference. +Ubuntu-Description: + Gabriel Campana discovered that the do_ipv6_setsockopt() function did + not sufficiently verifiy option values for IPV6_RTHDR. A local + attacker could exploit this to trigger a kernel crash. +Notes: + dannf> Reproducer in the RH bug doesn't work on debian as-is - you need + to use a hardcoded '57' instead of IPV6_RTHDR. That allows you + to trigger an oops on unpatched 2.6.18-era kernels, but it is not + reproducible in 2.4.27/2.6.8 +Bugs: +upstream: released (2.6.21-rc4) +linux-2.6: released (2.6.21-1) +2.6.18-etch-security: released (2.6.18.dfsg.1-12) [bugfix/ipv6_getsockopt_sticky-null-opt.patch] +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.6.15-dapper-security: released (2.6.15-28.54) +2.6.17-edgy-security: released (2.6.17.1-11.38) +2.6.20-feisty-security: released (2.6.20-16.28) |