retire two more issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1605 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 22 insertions, 0 deletions

diff --git a/retired/CVE-2009-3547 b/retired/CVE-2009-3547
new file mode 100644
index 00000000..7903c85c
--- /dev/null
+++ b/retired/CVE-2009-3547
@@ -0,0 +1,22 @@
+Candidate: CVE-2009-3547
+Description:
+ a NULL pointer dereference flaw was found in each of the following
+ functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and
+ pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could
+ be released by other processes before it is used to update the pipe's reader
+ and writer counters. This could lead to a local denial of service or 
+ privilege escalation.
+References:
+ http://www.openwall.com/lists/oss-security/2009/11/03/1
+Notes:
+ Brad Spengler *claims* to have already developed a working exploit.  Since
+ his previous work has been effective, it is probably true.  Hence, this 
+ should be treated with high urgency.
+ - May be not be exploitable on debian due to mmap_min_addr protections?
+jmm> ad3960243e55320d74195fb85c975e0a8cc4466c
+Bugs:
+upstream: released (2.6.32-rc6) [ad396024]
+linux-2.6: released (2.6.31-2)
+2.6.18-etch-security: released (2.6.18.dfsg.1-26etch1) [bugfix/all/fs-pipe-null-pointer-dereference.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch1) [bugfix/all/fs-pipe-null-pointer-dereference.patch]
+2.6.26-lenny-security: released (2.6.26-19lenny2) [bugfix/all/fs-pipe-null-pointer-dereference.patch]