retire more issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1142 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 28 insertions, 0 deletions

diff --git a/retired/CVE-2007-3105 b/retired/CVE-2007-3105
new file mode 100644
index 00000000..b04aab7e
--- /dev/null
+++ b/retired/CVE-2007-3105
@@ -0,0 +1,28 @@
+Candidate: CVE-2007-3105
+References: 
+Description: 
+ Stack-based buffer overflow in the random number generator (RNG)
+ implementation in the Linux kernel before 2.6.22 might allow local root
+ users to cause a denial of service or gain privileges by setting the
+ default wakeup threshold to a value greater than the output pool size,
+ which triggers writing random numbers to the stack by the pool transfer
+ function involving "bound check ordering". NOTE: this issue might only
+ cross privilege boundaries in environments that have granular assignment
+ of privileges for root.
+Ubuntu-Description: 
+ A buffer overflow was discovered in the random number generator.  In
+ environments with granular assignment of root privileges, a local attacker
+ could gain additional privileges.
+Notes: 
+ jmm> Vulnerable code not present in 2.4.27
+ jmm> 2.6.8 is affected, but since we don't have full SE Linux support in
+ jmm> Sarge, I don't believe this is an issue, which needs to be fixed
+Bugs: 
+upstream: released (2.6.21, 2.6.22.3)
+linux-2.6: released (2.6.21-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-13etch2) [bugfix/random-bound-check-ordering.patch]
+2.6.8-sarge-security: released (2.6.8-17sarge2) [random-bound-check-ordering.dpatch]
+2.4.27-sarge-security: N/A
+2.6.15-dapper-security: released (2.6.15-29.58) 
+2.6.17-edgy-security: released (2.6.17.1-12.40) [f22710043b7d89b496f7910e9c87ed62519dff14]
+2.6.20-feisty-security: released (2.6.20-16.31) [542a98d0809f0eccc5cf23ed402285e995e0b31e]