diff options
author | Kees Cook <kees@outflux.net> | 2007-08-31 18:18:07 +0000 |
---|---|---|
committer | Kees Cook <kees@outflux.net> | 2007-08-31 18:18:07 +0000 |
commit | b8ebb0ef35d4a1636320467b58b83002e4670ed7 (patch) | |
tree | 7846c476b30e5554ebe59b153607636d9d6eccd1 /retired/CVE-2007-3642 | |
parent | 9fc54c900258773b07f2bb7e17fc557db96bef27 (diff) |
retiring inactive CVEs
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@939 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2007-3642')
-rw-r--r-- | retired/CVE-2007-3642 | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/retired/CVE-2007-3642 b/retired/CVE-2007-3642 new file mode 100644 index 00000000..f8c7d5be --- /dev/null +++ b/retired/CVE-2007-3642 @@ -0,0 +1,26 @@ +Candidate: CVE-2007-3642 +References: + http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=25845b5155b55cd77e42655ec24161ba3feffa47 + http://patchwork.netfilter.org/netfilter-devel/patch.pl?id=499 +Description: + The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c + in the Linux kernel before 2.6.20.15, 2.6.21.x before 2.6.21.6, and + before 2.6.22 allows remote attackers to cause a denial of service + (crash) via an encoded, out-of-range index value for a choice field, + which triggers a NULL pointer dereference. +Ubuntu-Description: + Zhongling Wen discovered that the h323 conntrack handler did not correctly + handle certain bitfields. A remote attacker could send a specially crafted + packet and cause a denial of service. +Notes: + pkl> [NETFILTER]: nf_conntrack_h323: add checking of out-of-range on choices' index values + dannf> file got renamed between 2.6.18 & 2.6.21 +Bugs: +upstream: +linux-2.6: released (2.6.21-6) [bugfix/all/stable/2.6.21.6.patch] +2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/nf_conntrack_h323-bounds-checking.patch] +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.6.15-dapper-security: N/A - code doesn't seem to exist +2.6.17-edgy-security: N/A - code doesn't seem to exist +2.6.20-feisty-security: released (2.6.20-16.31) [c411287f75b34e8cbeba8e7832c4cf1c235e8568] |