diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2009-11-12 22:21:16 +0000 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2009-11-12 22:21:16 +0000 |
| commit | cc477ec772747ddbca5689b96e01f2d2a8369874 (patch) | |
| tree | d900fb1db139de30cb29c8c8b9b78243a2a92d0f /retired/CVE-2009-3002 | |
| parent | 827b49482152a993e92c7aed00ad40e9c57c89dc (diff) | |
retire issues
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1590 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2009-3002')
| -rw-r--r-- | retired/CVE-2009-3002 | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/retired/CVE-2009-3002 b/retired/CVE-2009-3002 new file mode 100644 index 00000000..73dccd88 --- /dev/null +++ b/retired/CVE-2009-3002 @@ -0,0 +1,25 @@ +Candidate: CVE-2009-3002 +Description: + The Linux kernel before 2.6.31-rc7 does not initialize certain data + structures within getname functions, which allows local users to read + the contents of some kernel memory locations by calling getsockname on + (1) an AF_APPLETALK socket, related to the atalk_getname function in + net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the + irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, + related to the econet_getname function in net/econet/af_econet.c; (4) + an AF_NETROM socket, related to the nr_getname function in + net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the + rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, + related to the raw_getname function in net/can/raw.c. +References: + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3002 + https://bugzilla.redhat.com/show_bug.cgi?id=519305 +Ubuntu-Description: +Notes: + gilbert> these are just minor info leaks, so not really very urgent +Bugs: +upstream: released (2.6.31-rc7) [09384dfc76e526c3993c09c42e016372dc9dd22c,17ac2e9c58b69a1e25460a568eae1b0dc0188c25,80922bbb12a105f858a8f0abb879cb4302d0ecaa,e84b90ae5eb3c112d1f208964df1d8156a538289,f6b97b29513950bfbf621a83d85b6f86b39ec8db] +linux-2.6: released (2.6.30-7) [bugfix/all/stable/2.6.30.6.patch] +2.6.18-etch-security: released (2.6.18.dfsg.1-26etch1) +2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch1) [bugfix/all/irda-fix-irda_getname-leak.patch, bugfix/all/rose-fix-rose_getname-leak.patch, bugfix/all/econet-fix-econet_getname-leak.patch, bugfix/all/netrom-fix-nr_getname-leak.patch] +2.6.26-lenny-security: released (2.6.26-19lenny1) [bugfix/all/irda-fix-irda_getname-leak.patch, bugfix/all/rose-fix-rose_getname-leak.patch, bugfix/all/econet-fix-econet_getname-leak.patch, bugfix/all/can-fix-raw_getname-leak.patch, bugfix/all/netrom-fix-nr_getname-leak.patch] |