From f3581ec9b2d48c6103c22fecb46f713217d834e8 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Thu, 17 Aug 2006 00:24:25 +0000 Subject: move retired to the top level hierarchy so people can easily checkout just the active issues git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@548 e094ebfe-e918-0410-adfb-c712417f3574 --- patch-tracking/retired/CVE-2002-0429 | 29 ------------ patch-tracking/retired/CVE-2003-0001 | 38 --------------- patch-tracking/retired/CVE-2003-0018 | 38 --------------- patch-tracking/retired/CVE-2003-0127 | 62 ------------------------- patch-tracking/retired/CVE-2003-0187 | 25 ---------- patch-tracking/retired/CVE-2003-0244 | 50 -------------------- patch-tracking/retired/CVE-2003-0246 | 50 -------------------- patch-tracking/retired/CVE-2003-0247 | 42 ----------------- patch-tracking/retired/CVE-2003-0248 | 42 ----------------- patch-tracking/retired/CVE-2003-0364 | 40 ---------------- patch-tracking/retired/CVE-2003-0418 | 21 --------- patch-tracking/retired/CVE-2003-0461 | 36 --------------- patch-tracking/retired/CVE-2003-0462 | 47 ------------------- patch-tracking/retired/CVE-2003-0464 | 27 ----------- patch-tracking/retired/CVE-2003-0465 | 34 -------------- patch-tracking/retired/CVE-2003-0467 | 25 ---------- patch-tracking/retired/CVE-2003-0476 | 37 --------------- patch-tracking/retired/CVE-2003-0501 | 33 ------------- patch-tracking/retired/CVE-2003-0550 | 26 ----------- patch-tracking/retired/CVE-2003-0551 | 28 ------------ patch-tracking/retired/CVE-2003-0552 | 28 ------------ patch-tracking/retired/CVE-2003-0643 | 25 ---------- patch-tracking/retired/CVE-2003-0699 | 24 ---------- patch-tracking/retired/CVE-2003-0700 | 24 ---------- patch-tracking/retired/CVE-2003-0961 | 67 --------------------------- patch-tracking/retired/CVE-2003-0984 | 46 ------------------- patch-tracking/retired/CVE-2003-0985 | 54 ---------------------- patch-tracking/retired/CVE-2003-1040 | 28 ------------ patch-tracking/retired/CVE-2004-0003 | 89 ------------------------------------ patch-tracking/retired/CVE-2004-0010 | 16 ------- patch-tracking/retired/CVE-2004-0077 | 57 ----------------------- patch-tracking/retired/CVE-2004-0109 | 16 ------- patch-tracking/retired/CVE-2004-0133 | 29 ------------ patch-tracking/retired/CVE-2004-0136 | 46 ------------------- patch-tracking/retired/CVE-2004-0138 | 23 ---------- patch-tracking/retired/CVE-2004-0177 | 28 ------------ patch-tracking/retired/CVE-2004-0178 | 40 ---------------- patch-tracking/retired/CVE-2004-0181 | 27 ----------- patch-tracking/retired/CVE-2004-0228 | 33 ------------- patch-tracking/retired/CVE-2004-0229 | 16 ------- patch-tracking/retired/CVE-2004-0394 | 39 ---------------- patch-tracking/retired/CVE-2004-0415 | 42 ----------------- patch-tracking/retired/CVE-2004-0427 | 70 ---------------------------- patch-tracking/retired/CVE-2004-0447 | 37 --------------- patch-tracking/retired/CVE-2004-0491 | 27 ----------- patch-tracking/retired/CVE-2004-0495 | 48 ------------------- patch-tracking/retired/CVE-2004-0496 | 26 ----------- patch-tracking/retired/CVE-2004-0497 | 33 ------------- patch-tracking/retired/CVE-2004-0535 | 44 ------------------ patch-tracking/retired/CVE-2004-0554 | 54 ---------------------- patch-tracking/retired/CVE-2004-0565 | 30 ------------ patch-tracking/retired/CVE-2004-0587 | 41 ----------------- patch-tracking/retired/CVE-2004-0596 | 24 ---------- patch-tracking/retired/CVE-2004-0619 | 28 ------------ patch-tracking/retired/CVE-2004-0626 | 27 ----------- patch-tracking/retired/CVE-2004-0685 | 36 --------------- patch-tracking/retired/CVE-2004-0790 | 44 ------------------ patch-tracking/retired/CVE-2004-0812 | 36 --------------- patch-tracking/retired/CVE-2004-0814 | 38 --------------- patch-tracking/retired/CVE-2004-0816 | 35 -------------- patch-tracking/retired/CVE-2004-0883 | 48 ------------------- patch-tracking/retired/CVE-2004-0887 | 23 ---------- patch-tracking/retired/CVE-2004-0949 | 40 ---------------- patch-tracking/retired/CVE-2004-1016 | 36 --------------- patch-tracking/retired/CVE-2004-1017 | 27 ----------- patch-tracking/retired/CVE-2004-1056 | 27 ----------- patch-tracking/retired/CVE-2004-1057 | 27 ----------- patch-tracking/retired/CVE-2004-1058 | 28 ------------ patch-tracking/retired/CVE-2004-1068 | 33 ------------- patch-tracking/retired/CVE-2004-1069 | 24 ---------- patch-tracking/retired/CVE-2004-1070 | 30 ------------ patch-tracking/retired/CVE-2004-1071 | 29 ------------ patch-tracking/retired/CVE-2004-1072 | 32 ------------- patch-tracking/retired/CVE-2004-1073 | 28 ------------ patch-tracking/retired/CVE-2004-1137 | 39 ---------------- patch-tracking/retired/CVE-2004-1144 | 27 ----------- patch-tracking/retired/CVE-2004-1151 | 28 ------------ patch-tracking/retired/CVE-2004-1234 | 35 -------------- patch-tracking/retired/CVE-2004-1235 | 43 ----------------- patch-tracking/retired/CVE-2004-1237 | 28 ------------ patch-tracking/retired/CVE-2004-1333 | 32 ------------- patch-tracking/retired/CVE-2004-1334 | 25 ---------- patch-tracking/retired/CVE-2004-1335 | 28 ------------ patch-tracking/retired/CVE-2004-1337 | 28 ------------ patch-tracking/retired/CVE-2004-2013 | 27 ----------- patch-tracking/retired/CVE-2004-2302 | 25 ---------- patch-tracking/retired/CVE-2004-2536 | 28 ------------ patch-tracking/retired/CVE-2004-2607 | 30 ------------ patch-tracking/retired/CVE-2005-0001 | 42 ----------------- patch-tracking/retired/CVE-2005-0003 | 34 -------------- patch-tracking/retired/CVE-2005-0090 | 22 --------- patch-tracking/retired/CVE-2005-0091 | 22 --------- patch-tracking/retired/CVE-2005-0092 | 22 --------- patch-tracking/retired/CVE-2005-0135 | 28 ------------ patch-tracking/retired/CVE-2005-0136 | 18 -------- patch-tracking/retired/CVE-2005-0137 | 23 ---------- patch-tracking/retired/CVE-2005-0176 | 27 ----------- patch-tracking/retired/CVE-2005-0177 | 26 ----------- patch-tracking/retired/CVE-2005-0178 | 30 ------------ patch-tracking/retired/CVE-2005-0180 | 28 ------------ patch-tracking/retired/CVE-2005-0204 | 23 ---------- patch-tracking/retired/CVE-2005-0207 | 27 ----------- patch-tracking/retired/CVE-2005-0209 | 25 ---------- patch-tracking/retired/CVE-2005-0210 | 25 ---------- patch-tracking/retired/CVE-2005-0384 | 31 ------------- patch-tracking/retired/CVE-2005-0400 | 32 ------------- patch-tracking/retired/CVE-2005-0449 | 20 -------- patch-tracking/retired/CVE-2005-0528 | 28 ------------ patch-tracking/retired/CVE-2005-0529 | 31 ------------- patch-tracking/retired/CVE-2005-0530 | 38 --------------- patch-tracking/retired/CVE-2005-0531 | 20 -------- patch-tracking/retired/CVE-2005-0532 | 29 ------------ patch-tracking/retired/CVE-2005-0736 | 22 --------- patch-tracking/retired/CVE-2005-0749 | 28 ------------ patch-tracking/retired/CVE-2005-0750 | 32 ------------- patch-tracking/retired/CVE-2005-0756 | 19 -------- patch-tracking/retired/CVE-2005-0757 | 21 --------- patch-tracking/retired/CVE-2005-0767 | 22 --------- patch-tracking/retired/CVE-2005-0815 | 28 ------------ patch-tracking/retired/CVE-2005-0839 | 23 ---------- patch-tracking/retired/CVE-2005-0867 | 22 --------- patch-tracking/retired/CVE-2005-0916 | 22 --------- patch-tracking/retired/CVE-2005-1041 | 22 --------- patch-tracking/retired/CVE-2005-1263 | 28 ------------ patch-tracking/retired/CVE-2005-1368 | 23 ---------- patch-tracking/retired/CVE-2005-1369 | 24 ---------- patch-tracking/retired/CVE-2005-1589 | 36 --------------- patch-tracking/retired/CVE-2005-1761 | 25 ---------- patch-tracking/retired/CVE-2005-1762 | 22 --------- patch-tracking/retired/CVE-2005-1764 | 30 ------------ patch-tracking/retired/CVE-2005-1765 | 24 ---------- patch-tracking/retired/CVE-2005-1767 | 23 ---------- patch-tracking/retired/CVE-2005-1768 | 34 -------------- patch-tracking/retired/CVE-2005-1913 | 37 --------------- patch-tracking/retired/CVE-2005-2098 | 33 ------------- patch-tracking/retired/CVE-2005-2099 | 32 ------------- patch-tracking/retired/CVE-2005-2100 | 24 ---------- patch-tracking/retired/CVE-2005-2456 | 32 ------------- patch-tracking/retired/CVE-2005-2457 | 27 ----------- patch-tracking/retired/CVE-2005-2458 | 32 ------------- patch-tracking/retired/CVE-2005-2459 | 31 ------------- patch-tracking/retired/CVE-2005-2490 | 36 --------------- patch-tracking/retired/CVE-2005-2492 | 35 -------------- patch-tracking/retired/CVE-2005-2548 | 27 ----------- patch-tracking/retired/CVE-2005-2553 | 24 ---------- patch-tracking/retired/CVE-2005-2555 | 21 --------- patch-tracking/retired/CVE-2005-2708 | 24 ---------- patch-tracking/retired/CVE-2005-2709 | 30 ------------ patch-tracking/retired/CVE-2005-2800 | 24 ---------- patch-tracking/retired/CVE-2005-2801 | 26 ----------- patch-tracking/retired/CVE-2005-2872 | 31 ------------- patch-tracking/retired/CVE-2005-2973 | 21 --------- patch-tracking/retired/CVE-2005-3053 | 28 ------------ patch-tracking/retired/CVE-2005-3055 | 33 ------------- patch-tracking/retired/CVE-2005-3106 | 33 ------------- patch-tracking/retired/CVE-2005-3107 | 33 ------------- patch-tracking/retired/CVE-2005-3108 | 31 ------------- patch-tracking/retired/CVE-2005-3109 | 32 ------------- patch-tracking/retired/CVE-2005-3110 | 32 ------------- patch-tracking/retired/CVE-2005-3119 | 30 ------------ patch-tracking/retired/CVE-2005-3179 | 27 ----------- patch-tracking/retired/CVE-2005-3180 | 31 ------------- patch-tracking/retired/CVE-2005-3181 | 24 ---------- patch-tracking/retired/CVE-2005-3257 | 25 ---------- patch-tracking/retired/CVE-2005-3271 | 24 ---------- patch-tracking/retired/CVE-2005-3272 | 20 -------- patch-tracking/retired/CVE-2005-3273 | 22 --------- patch-tracking/retired/CVE-2005-3274 | 24 ---------- patch-tracking/retired/CVE-2005-3275 | 23 ---------- patch-tracking/retired/CVE-2005-3276 | 21 --------- patch-tracking/retired/CVE-2005-3356 | 34 -------------- patch-tracking/retired/CVE-2005-3358 | 22 --------- patch-tracking/retired/CVE-2005-3359 | 35 -------------- patch-tracking/retired/CVE-2005-3623 | 21 --------- patch-tracking/retired/CVE-2005-3783 | 22 --------- patch-tracking/retired/CVE-2005-3784 | 21 --------- patch-tracking/retired/CVE-2005-3805 | 22 --------- patch-tracking/retired/CVE-2005-3806 | 23 ---------- patch-tracking/retired/CVE-2005-3807 | 24 ---------- patch-tracking/retired/CVE-2005-3808 | 19 -------- patch-tracking/retired/CVE-2005-3809 | 16 ------- patch-tracking/retired/CVE-2005-3810 | 20 -------- patch-tracking/retired/CVE-2005-3847 | 30 ------------ patch-tracking/retired/CVE-2005-3848 | 32 ------------- patch-tracking/retired/CVE-2005-3857 | 24 ---------- patch-tracking/retired/CVE-2005-3858 | 24 ---------- patch-tracking/retired/CVE-2005-4351 | 23 ---------- patch-tracking/retired/CVE-2005-4352 | 24 ---------- patch-tracking/retired/CVE-2005-4605 | 25 ---------- patch-tracking/retired/CVE-2005-4618 | 22 --------- patch-tracking/retired/CVE-2005-4635 | 29 ------------ patch-tracking/retired/CVE-2005-4639 | 25 ---------- patch-tracking/retired/CVE-2006-0035 | 19 -------- patch-tracking/retired/CVE-2006-0036 | 21 --------- patch-tracking/retired/CVE-2006-0037 | 21 --------- patch-tracking/retired/CVE-2006-0038 | 22 --------- patch-tracking/retired/CVE-2006-0039 | 13 ------ patch-tracking/retired/CVE-2006-0095 | 22 --------- patch-tracking/retired/CVE-2006-0096 | 34 -------------- patch-tracking/retired/CVE-2006-0456 | 20 -------- patch-tracking/retired/CVE-2006-0457 | 31 ------------- patch-tracking/retired/CVE-2006-0482 | 21 --------- patch-tracking/retired/CVE-2006-0554 | 18 -------- patch-tracking/retired/CVE-2006-0555 | 19 -------- patch-tracking/retired/CVE-2006-0557 | 20 -------- patch-tracking/retired/CVE-2006-0741 | 20 -------- patch-tracking/retired/CVE-2006-0742 | 21 --------- patch-tracking/retired/CVE-2006-1055 | 26 ----------- patch-tracking/retired/CVE-2006-1056 | 29 ------------ patch-tracking/retired/CVE-2006-1066 | 40 ---------------- patch-tracking/retired/CVE-2006-1242 | 38 --------------- patch-tracking/retired/CVE-2006-1342 | 25 ---------- patch-tracking/retired/CVE-2006-1368 | 23 ---------- patch-tracking/retired/CVE-2006-1522 | 16 ------- patch-tracking/retired/CVE-2006-1523 | 23 ---------- patch-tracking/retired/CVE-2006-1524 | 28 ------------ patch-tracking/retired/CVE-2006-1525 | 23 ---------- patch-tracking/retired/CVE-2006-1527 | 30 ------------ patch-tracking/retired/CVE-2006-1857 | 20 -------- patch-tracking/retired/CVE-2006-1858 | 20 -------- patch-tracking/retired/CVE-2006-1859 | 25 ---------- patch-tracking/retired/CVE-2006-1860 | 25 ---------- patch-tracking/retired/CVE-2006-1863 | 17 ------- patch-tracking/retired/CVE-2006-1864 | 21 --------- patch-tracking/retired/CVE-2006-2271 | 27 ----------- patch-tracking/retired/CVE-2006-2272 | 22 --------- patch-tracking/retired/CVE-2006-2274 | 25 ---------- patch-tracking/retired/CVE-2006-2451 | 15 ------ patch-tracking/retired/CVE-2006-3626 | 14 ------ retired/CVE-2002-0429 | 29 ++++++++++++ retired/CVE-2003-0001 | 38 +++++++++++++++ retired/CVE-2003-0018 | 38 +++++++++++++++ retired/CVE-2003-0127 | 62 +++++++++++++++++++++++++ retired/CVE-2003-0187 | 25 ++++++++++ retired/CVE-2003-0244 | 50 ++++++++++++++++++++ retired/CVE-2003-0246 | 50 ++++++++++++++++++++ retired/CVE-2003-0247 | 42 +++++++++++++++++ retired/CVE-2003-0248 | 42 +++++++++++++++++ retired/CVE-2003-0364 | 40 ++++++++++++++++ retired/CVE-2003-0418 | 21 +++++++++ retired/CVE-2003-0461 | 36 +++++++++++++++ retired/CVE-2003-0462 | 47 +++++++++++++++++++ retired/CVE-2003-0464 | 27 +++++++++++ retired/CVE-2003-0465 | 34 ++++++++++++++ retired/CVE-2003-0467 | 25 ++++++++++ retired/CVE-2003-0476 | 37 +++++++++++++++ retired/CVE-2003-0501 | 33 +++++++++++++ retired/CVE-2003-0550 | 26 +++++++++++ retired/CVE-2003-0551 | 28 ++++++++++++ retired/CVE-2003-0552 | 28 ++++++++++++ retired/CVE-2003-0643 | 25 ++++++++++ retired/CVE-2003-0699 | 24 ++++++++++ retired/CVE-2003-0700 | 24 ++++++++++ retired/CVE-2003-0961 | 67 +++++++++++++++++++++++++++ retired/CVE-2003-0984 | 46 +++++++++++++++++++ retired/CVE-2003-0985 | 54 ++++++++++++++++++++++ retired/CVE-2003-1040 | 28 ++++++++++++ retired/CVE-2004-0003 | 89 ++++++++++++++++++++++++++++++++++++ retired/CVE-2004-0010 | 16 +++++++ retired/CVE-2004-0077 | 57 +++++++++++++++++++++++ retired/CVE-2004-0109 | 16 +++++++ retired/CVE-2004-0133 | 29 ++++++++++++ retired/CVE-2004-0136 | 46 +++++++++++++++++++ retired/CVE-2004-0138 | 23 ++++++++++ retired/CVE-2004-0177 | 28 ++++++++++++ retired/CVE-2004-0178 | 40 ++++++++++++++++ retired/CVE-2004-0181 | 27 +++++++++++ retired/CVE-2004-0228 | 33 +++++++++++++ retired/CVE-2004-0229 | 16 +++++++ retired/CVE-2004-0394 | 39 ++++++++++++++++ retired/CVE-2004-0415 | 42 +++++++++++++++++ retired/CVE-2004-0427 | 70 ++++++++++++++++++++++++++++ retired/CVE-2004-0447 | 37 +++++++++++++++ retired/CVE-2004-0491 | 27 +++++++++++ retired/CVE-2004-0495 | 48 +++++++++++++++++++ retired/CVE-2004-0496 | 26 +++++++++++ retired/CVE-2004-0497 | 33 +++++++++++++ retired/CVE-2004-0535 | 44 ++++++++++++++++++ retired/CVE-2004-0554 | 54 ++++++++++++++++++++++ retired/CVE-2004-0565 | 30 ++++++++++++ retired/CVE-2004-0587 | 41 +++++++++++++++++ retired/CVE-2004-0596 | 24 ++++++++++ retired/CVE-2004-0619 | 28 ++++++++++++ retired/CVE-2004-0626 | 27 +++++++++++ retired/CVE-2004-0685 | 36 +++++++++++++++ retired/CVE-2004-0790 | 44 ++++++++++++++++++ retired/CVE-2004-0812 | 36 +++++++++++++++ retired/CVE-2004-0814 | 38 +++++++++++++++ retired/CVE-2004-0816 | 35 ++++++++++++++ retired/CVE-2004-0883 | 48 +++++++++++++++++++ retired/CVE-2004-0887 | 23 ++++++++++ retired/CVE-2004-0949 | 40 ++++++++++++++++ retired/CVE-2004-1016 | 36 +++++++++++++++ retired/CVE-2004-1017 | 27 +++++++++++ retired/CVE-2004-1056 | 27 +++++++++++ retired/CVE-2004-1057 | 27 +++++++++++ retired/CVE-2004-1058 | 28 ++++++++++++ retired/CVE-2004-1068 | 33 +++++++++++++ retired/CVE-2004-1069 | 24 ++++++++++ retired/CVE-2004-1070 | 30 ++++++++++++ retired/CVE-2004-1071 | 29 ++++++++++++ retired/CVE-2004-1072 | 32 +++++++++++++ retired/CVE-2004-1073 | 28 ++++++++++++ retired/CVE-2004-1137 | 39 ++++++++++++++++ retired/CVE-2004-1144 | 27 +++++++++++ retired/CVE-2004-1151 | 28 ++++++++++++ retired/CVE-2004-1234 | 35 ++++++++++++++ retired/CVE-2004-1235 | 43 +++++++++++++++++ retired/CVE-2004-1237 | 28 ++++++++++++ retired/CVE-2004-1333 | 32 +++++++++++++ retired/CVE-2004-1334 | 25 ++++++++++ retired/CVE-2004-1335 | 28 ++++++++++++ retired/CVE-2004-1337 | 28 ++++++++++++ retired/CVE-2004-2013 | 27 +++++++++++ retired/CVE-2004-2302 | 25 ++++++++++ retired/CVE-2004-2536 | 28 ++++++++++++ retired/CVE-2004-2607 | 30 ++++++++++++ retired/CVE-2005-0001 | 42 +++++++++++++++++ retired/CVE-2005-0003 | 34 ++++++++++++++ retired/CVE-2005-0090 | 22 +++++++++ retired/CVE-2005-0091 | 22 +++++++++ retired/CVE-2005-0092 | 22 +++++++++ retired/CVE-2005-0135 | 28 ++++++++++++ retired/CVE-2005-0136 | 18 ++++++++ retired/CVE-2005-0137 | 23 ++++++++++ retired/CVE-2005-0176 | 27 +++++++++++ retired/CVE-2005-0177 | 26 +++++++++++ retired/CVE-2005-0178 | 30 ++++++++++++ retired/CVE-2005-0180 | 28 ++++++++++++ retired/CVE-2005-0204 | 23 ++++++++++ retired/CVE-2005-0207 | 27 +++++++++++ retired/CVE-2005-0209 | 25 ++++++++++ retired/CVE-2005-0210 | 25 ++++++++++ retired/CVE-2005-0384 | 31 +++++++++++++ retired/CVE-2005-0400 | 32 +++++++++++++ retired/CVE-2005-0449 | 20 ++++++++ retired/CVE-2005-0528 | 28 ++++++++++++ retired/CVE-2005-0529 | 31 +++++++++++++ retired/CVE-2005-0530 | 38 +++++++++++++++ retired/CVE-2005-0531 | 20 ++++++++ retired/CVE-2005-0532 | 29 ++++++++++++ retired/CVE-2005-0736 | 22 +++++++++ retired/CVE-2005-0749 | 28 ++++++++++++ retired/CVE-2005-0750 | 32 +++++++++++++ retired/CVE-2005-0756 | 19 ++++++++ retired/CVE-2005-0757 | 21 +++++++++ retired/CVE-2005-0767 | 22 +++++++++ retired/CVE-2005-0815 | 28 ++++++++++++ retired/CVE-2005-0839 | 23 ++++++++++ retired/CVE-2005-0867 | 22 +++++++++ retired/CVE-2005-0916 | 22 +++++++++ retired/CVE-2005-1041 | 22 +++++++++ retired/CVE-2005-1263 | 28 ++++++++++++ retired/CVE-2005-1368 | 23 ++++++++++ retired/CVE-2005-1369 | 24 ++++++++++ retired/CVE-2005-1589 | 36 +++++++++++++++ retired/CVE-2005-1761 | 25 ++++++++++ retired/CVE-2005-1762 | 22 +++++++++ retired/CVE-2005-1764 | 30 ++++++++++++ retired/CVE-2005-1765 | 24 ++++++++++ retired/CVE-2005-1767 | 23 ++++++++++ retired/CVE-2005-1768 | 34 ++++++++++++++ retired/CVE-2005-1913 | 37 +++++++++++++++ retired/CVE-2005-2098 | 33 +++++++++++++ retired/CVE-2005-2099 | 32 +++++++++++++ retired/CVE-2005-2100 | 24 ++++++++++ retired/CVE-2005-2456 | 32 +++++++++++++ retired/CVE-2005-2457 | 27 +++++++++++ retired/CVE-2005-2458 | 32 +++++++++++++ retired/CVE-2005-2459 | 31 +++++++++++++ retired/CVE-2005-2490 | 36 +++++++++++++++ retired/CVE-2005-2492 | 35 ++++++++++++++ retired/CVE-2005-2548 | 27 +++++++++++ retired/CVE-2005-2553 | 24 ++++++++++ retired/CVE-2005-2555 | 21 +++++++++ retired/CVE-2005-2708 | 24 ++++++++++ retired/CVE-2005-2709 | 30 ++++++++++++ retired/CVE-2005-2800 | 24 ++++++++++ retired/CVE-2005-2801 | 26 +++++++++++ retired/CVE-2005-2872 | 31 +++++++++++++ retired/CVE-2005-2973 | 21 +++++++++ retired/CVE-2005-3053 | 28 ++++++++++++ retired/CVE-2005-3055 | 33 +++++++++++++ retired/CVE-2005-3106 | 33 +++++++++++++ retired/CVE-2005-3107 | 33 +++++++++++++ retired/CVE-2005-3108 | 31 +++++++++++++ retired/CVE-2005-3109 | 32 +++++++++++++ retired/CVE-2005-3110 | 32 +++++++++++++ retired/CVE-2005-3119 | 30 ++++++++++++ retired/CVE-2005-3179 | 27 +++++++++++ retired/CVE-2005-3180 | 31 +++++++++++++ retired/CVE-2005-3181 | 24 ++++++++++ retired/CVE-2005-3257 | 25 ++++++++++ retired/CVE-2005-3271 | 24 ++++++++++ retired/CVE-2005-3272 | 20 ++++++++ retired/CVE-2005-3273 | 22 +++++++++ retired/CVE-2005-3274 | 24 ++++++++++ retired/CVE-2005-3275 | 23 ++++++++++ retired/CVE-2005-3276 | 21 +++++++++ retired/CVE-2005-3356 | 34 ++++++++++++++ retired/CVE-2005-3358 | 22 +++++++++ retired/CVE-2005-3359 | 35 ++++++++++++++ retired/CVE-2005-3623 | 21 +++++++++ retired/CVE-2005-3783 | 22 +++++++++ retired/CVE-2005-3784 | 21 +++++++++ retired/CVE-2005-3805 | 22 +++++++++ retired/CVE-2005-3806 | 23 ++++++++++ retired/CVE-2005-3807 | 24 ++++++++++ retired/CVE-2005-3808 | 19 ++++++++ retired/CVE-2005-3809 | 16 +++++++ retired/CVE-2005-3810 | 20 ++++++++ retired/CVE-2005-3847 | 30 ++++++++++++ retired/CVE-2005-3848 | 32 +++++++++++++ retired/CVE-2005-3857 | 24 ++++++++++ retired/CVE-2005-3858 | 24 ++++++++++ retired/CVE-2005-4351 | 23 ++++++++++ retired/CVE-2005-4352 | 24 ++++++++++ retired/CVE-2005-4605 | 25 ++++++++++ retired/CVE-2005-4618 | 22 +++++++++ retired/CVE-2005-4635 | 29 ++++++++++++ retired/CVE-2005-4639 | 25 ++++++++++ retired/CVE-2006-0035 | 19 ++++++++ retired/CVE-2006-0036 | 21 +++++++++ retired/CVE-2006-0037 | 21 +++++++++ retired/CVE-2006-0038 | 22 +++++++++ retired/CVE-2006-0039 | 13 ++++++ retired/CVE-2006-0095 | 22 +++++++++ retired/CVE-2006-0096 | 34 ++++++++++++++ retired/CVE-2006-0456 | 20 ++++++++ retired/CVE-2006-0457 | 31 +++++++++++++ retired/CVE-2006-0482 | 21 +++++++++ retired/CVE-2006-0554 | 18 ++++++++ retired/CVE-2006-0555 | 19 ++++++++ retired/CVE-2006-0557 | 20 ++++++++ retired/CVE-2006-0741 | 20 ++++++++ retired/CVE-2006-0742 | 21 +++++++++ retired/CVE-2006-1055 | 26 +++++++++++ retired/CVE-2006-1056 | 29 ++++++++++++ retired/CVE-2006-1066 | 40 ++++++++++++++++ retired/CVE-2006-1242 | 38 +++++++++++++++ retired/CVE-2006-1342 | 25 ++++++++++ retired/CVE-2006-1368 | 23 ++++++++++ retired/CVE-2006-1522 | 16 +++++++ retired/CVE-2006-1523 | 23 ++++++++++ retired/CVE-2006-1524 | 28 ++++++++++++ retired/CVE-2006-1525 | 23 ++++++++++ retired/CVE-2006-1527 | 30 ++++++++++++ retired/CVE-2006-1857 | 20 ++++++++ retired/CVE-2006-1858 | 20 ++++++++ retired/CVE-2006-1859 | 25 ++++++++++ retired/CVE-2006-1860 | 25 ++++++++++ retired/CVE-2006-1863 | 17 +++++++ retired/CVE-2006-1864 | 21 +++++++++ retired/CVE-2006-2271 | 27 +++++++++++ retired/CVE-2006-2272 | 22 +++++++++ retired/CVE-2006-2274 | 25 ++++++++++ retired/CVE-2006-2451 | 15 ++++++ retired/CVE-2006-3626 | 14 ++++++ 458 files changed, 6672 insertions(+), 6672 deletions(-) delete mode 100644 patch-tracking/retired/CVE-2002-0429 delete mode 100644 patch-tracking/retired/CVE-2003-0001 delete mode 100644 patch-tracking/retired/CVE-2003-0018 delete mode 100644 patch-tracking/retired/CVE-2003-0127 delete mode 100644 patch-tracking/retired/CVE-2003-0187 delete mode 100644 patch-tracking/retired/CVE-2003-0244 delete mode 100644 patch-tracking/retired/CVE-2003-0246 delete mode 100644 patch-tracking/retired/CVE-2003-0247 delete mode 100644 patch-tracking/retired/CVE-2003-0248 delete mode 100644 patch-tracking/retired/CVE-2003-0364 delete mode 100644 patch-tracking/retired/CVE-2003-0418 delete mode 100644 patch-tracking/retired/CVE-2003-0461 delete mode 100644 patch-tracking/retired/CVE-2003-0462 delete mode 100644 patch-tracking/retired/CVE-2003-0464 delete mode 100644 patch-tracking/retired/CVE-2003-0465 delete mode 100644 patch-tracking/retired/CVE-2003-0467 delete mode 100644 patch-tracking/retired/CVE-2003-0476 delete mode 100644 patch-tracking/retired/CVE-2003-0501 delete mode 100644 patch-tracking/retired/CVE-2003-0550 delete mode 100644 patch-tracking/retired/CVE-2003-0551 delete mode 100644 patch-tracking/retired/CVE-2003-0552 delete mode 100644 patch-tracking/retired/CVE-2003-0643 delete mode 100644 patch-tracking/retired/CVE-2003-0699 delete mode 100644 patch-tracking/retired/CVE-2003-0700 delete mode 100644 patch-tracking/retired/CVE-2003-0961 delete mode 100644 patch-tracking/retired/CVE-2003-0984 delete mode 100644 patch-tracking/retired/CVE-2003-0985 delete mode 100644 patch-tracking/retired/CVE-2003-1040 delete mode 100644 patch-tracking/retired/CVE-2004-0003 delete mode 100644 patch-tracking/retired/CVE-2004-0010 delete mode 100644 patch-tracking/retired/CVE-2004-0077 delete mode 100644 patch-tracking/retired/CVE-2004-0109 delete mode 100644 patch-tracking/retired/CVE-2004-0133 delete mode 100644 patch-tracking/retired/CVE-2004-0136 delete mode 100644 patch-tracking/retired/CVE-2004-0138 delete mode 100644 patch-tracking/retired/CVE-2004-0177 delete mode 100644 patch-tracking/retired/CVE-2004-0178 delete mode 100644 patch-tracking/retired/CVE-2004-0181 delete mode 100644 patch-tracking/retired/CVE-2004-0228 delete mode 100644 patch-tracking/retired/CVE-2004-0229 delete mode 100644 patch-tracking/retired/CVE-2004-0394 delete mode 100644 patch-tracking/retired/CVE-2004-0415 delete mode 100644 patch-tracking/retired/CVE-2004-0427 delete mode 100644 patch-tracking/retired/CVE-2004-0447 delete mode 100644 patch-tracking/retired/CVE-2004-0491 delete mode 100644 patch-tracking/retired/CVE-2004-0495 delete mode 100644 patch-tracking/retired/CVE-2004-0496 delete mode 100644 patch-tracking/retired/CVE-2004-0497 delete mode 100644 patch-tracking/retired/CVE-2004-0535 delete mode 100644 patch-tracking/retired/CVE-2004-0554 delete mode 100644 patch-tracking/retired/CVE-2004-0565 delete mode 100644 patch-tracking/retired/CVE-2004-0587 delete mode 100644 patch-tracking/retired/CVE-2004-0596 delete mode 100644 patch-tracking/retired/CVE-2004-0619 delete mode 100644 patch-tracking/retired/CVE-2004-0626 delete mode 100644 patch-tracking/retired/CVE-2004-0685 delete mode 100644 patch-tracking/retired/CVE-2004-0790 delete mode 100644 patch-tracking/retired/CVE-2004-0812 delete mode 100644 patch-tracking/retired/CVE-2004-0814 delete mode 100644 patch-tracking/retired/CVE-2004-0816 delete mode 100644 patch-tracking/retired/CVE-2004-0883 delete mode 100644 patch-tracking/retired/CVE-2004-0887 delete mode 100644 patch-tracking/retired/CVE-2004-0949 delete mode 100644 patch-tracking/retired/CVE-2004-1016 delete mode 100644 patch-tracking/retired/CVE-2004-1017 delete mode 100644 patch-tracking/retired/CVE-2004-1056 delete mode 100644 patch-tracking/retired/CVE-2004-1057 delete mode 100644 patch-tracking/retired/CVE-2004-1058 delete mode 100644 patch-tracking/retired/CVE-2004-1068 delete mode 100644 patch-tracking/retired/CVE-2004-1069 delete mode 100644 patch-tracking/retired/CVE-2004-1070 delete mode 100644 patch-tracking/retired/CVE-2004-1071 delete mode 100644 patch-tracking/retired/CVE-2004-1072 delete mode 100644 patch-tracking/retired/CVE-2004-1073 delete mode 100644 patch-tracking/retired/CVE-2004-1137 delete mode 100644 patch-tracking/retired/CVE-2004-1144 delete mode 100644 patch-tracking/retired/CVE-2004-1151 delete mode 100644 patch-tracking/retired/CVE-2004-1234 delete mode 100644 patch-tracking/retired/CVE-2004-1235 delete mode 100644 patch-tracking/retired/CVE-2004-1237 delete mode 100644 patch-tracking/retired/CVE-2004-1333 delete mode 100644 patch-tracking/retired/CVE-2004-1334 delete mode 100644 patch-tracking/retired/CVE-2004-1335 delete mode 100644 patch-tracking/retired/CVE-2004-1337 delete mode 100644 patch-tracking/retired/CVE-2004-2013 delete mode 100644 patch-tracking/retired/CVE-2004-2302 delete mode 100644 patch-tracking/retired/CVE-2004-2536 delete mode 100644 patch-tracking/retired/CVE-2004-2607 delete mode 100644 patch-tracking/retired/CVE-2005-0001 delete mode 100644 patch-tracking/retired/CVE-2005-0003 delete mode 100644 patch-tracking/retired/CVE-2005-0090 delete mode 100644 patch-tracking/retired/CVE-2005-0091 delete mode 100644 patch-tracking/retired/CVE-2005-0092 delete mode 100644 patch-tracking/retired/CVE-2005-0135 delete mode 100644 patch-tracking/retired/CVE-2005-0136 delete mode 100644 patch-tracking/retired/CVE-2005-0137 delete mode 100644 patch-tracking/retired/CVE-2005-0176 delete mode 100644 patch-tracking/retired/CVE-2005-0177 delete mode 100644 patch-tracking/retired/CVE-2005-0178 delete mode 100644 patch-tracking/retired/CVE-2005-0180 delete mode 100644 patch-tracking/retired/CVE-2005-0204 delete mode 100644 patch-tracking/retired/CVE-2005-0207 delete mode 100644 patch-tracking/retired/CVE-2005-0209 delete mode 100644 patch-tracking/retired/CVE-2005-0210 delete mode 100644 patch-tracking/retired/CVE-2005-0384 delete mode 100644 patch-tracking/retired/CVE-2005-0400 delete mode 100644 patch-tracking/retired/CVE-2005-0449 delete mode 100644 patch-tracking/retired/CVE-2005-0528 delete mode 100644 patch-tracking/retired/CVE-2005-0529 delete mode 100644 patch-tracking/retired/CVE-2005-0530 delete mode 100644 patch-tracking/retired/CVE-2005-0531 delete mode 100644 patch-tracking/retired/CVE-2005-0532 delete mode 100644 patch-tracking/retired/CVE-2005-0736 delete mode 100644 patch-tracking/retired/CVE-2005-0749 delete mode 100644 patch-tracking/retired/CVE-2005-0750 delete mode 100644 patch-tracking/retired/CVE-2005-0756 delete mode 100644 patch-tracking/retired/CVE-2005-0757 delete mode 100644 patch-tracking/retired/CVE-2005-0767 delete mode 100644 patch-tracking/retired/CVE-2005-0815 delete mode 100644 patch-tracking/retired/CVE-2005-0839 delete mode 100644 patch-tracking/retired/CVE-2005-0867 delete mode 100644 patch-tracking/retired/CVE-2005-0916 delete mode 100644 patch-tracking/retired/CVE-2005-1041 delete mode 100644 patch-tracking/retired/CVE-2005-1263 delete mode 100644 patch-tracking/retired/CVE-2005-1368 delete mode 100644 patch-tracking/retired/CVE-2005-1369 delete mode 100644 patch-tracking/retired/CVE-2005-1589 delete mode 100644 patch-tracking/retired/CVE-2005-1761 delete mode 100644 patch-tracking/retired/CVE-2005-1762 delete mode 100644 patch-tracking/retired/CVE-2005-1764 delete mode 100644 patch-tracking/retired/CVE-2005-1765 delete mode 100644 patch-tracking/retired/CVE-2005-1767 delete mode 100644 patch-tracking/retired/CVE-2005-1768 delete mode 100644 patch-tracking/retired/CVE-2005-1913 delete mode 100644 patch-tracking/retired/CVE-2005-2098 delete mode 100644 patch-tracking/retired/CVE-2005-2099 delete mode 100644 patch-tracking/retired/CVE-2005-2100 delete mode 100644 patch-tracking/retired/CVE-2005-2456 delete mode 100644 patch-tracking/retired/CVE-2005-2457 delete mode 100644 patch-tracking/retired/CVE-2005-2458 delete mode 100644 patch-tracking/retired/CVE-2005-2459 delete mode 100644 patch-tracking/retired/CVE-2005-2490 delete mode 100644 patch-tracking/retired/CVE-2005-2492 delete mode 100644 patch-tracking/retired/CVE-2005-2548 delete mode 100644 patch-tracking/retired/CVE-2005-2553 delete mode 100644 patch-tracking/retired/CVE-2005-2555 delete mode 100644 patch-tracking/retired/CVE-2005-2708 delete mode 100644 patch-tracking/retired/CVE-2005-2709 delete mode 100644 patch-tracking/retired/CVE-2005-2800 delete mode 100644 patch-tracking/retired/CVE-2005-2801 delete mode 100644 patch-tracking/retired/CVE-2005-2872 delete mode 100644 patch-tracking/retired/CVE-2005-2973 delete mode 100644 patch-tracking/retired/CVE-2005-3053 delete mode 100644 patch-tracking/retired/CVE-2005-3055 delete mode 100644 patch-tracking/retired/CVE-2005-3106 delete mode 100644 patch-tracking/retired/CVE-2005-3107 delete mode 100644 patch-tracking/retired/CVE-2005-3108 delete mode 100644 patch-tracking/retired/CVE-2005-3109 delete mode 100644 patch-tracking/retired/CVE-2005-3110 delete mode 100644 patch-tracking/retired/CVE-2005-3119 delete mode 100644 patch-tracking/retired/CVE-2005-3179 delete mode 100644 patch-tracking/retired/CVE-2005-3180 delete mode 100644 patch-tracking/retired/CVE-2005-3181 delete mode 100644 patch-tracking/retired/CVE-2005-3257 delete mode 100644 patch-tracking/retired/CVE-2005-3271 delete mode 100644 patch-tracking/retired/CVE-2005-3272 delete mode 100644 patch-tracking/retired/CVE-2005-3273 delete mode 100644 patch-tracking/retired/CVE-2005-3274 delete mode 100644 patch-tracking/retired/CVE-2005-3275 delete mode 100644 patch-tracking/retired/CVE-2005-3276 delete mode 100644 patch-tracking/retired/CVE-2005-3356 delete mode 100644 patch-tracking/retired/CVE-2005-3358 delete mode 100644 patch-tracking/retired/CVE-2005-3359 delete mode 100644 patch-tracking/retired/CVE-2005-3623 delete mode 100644 patch-tracking/retired/CVE-2005-3783 delete mode 100644 patch-tracking/retired/CVE-2005-3784 delete mode 100644 patch-tracking/retired/CVE-2005-3805 delete mode 100644 patch-tracking/retired/CVE-2005-3806 delete mode 100644 patch-tracking/retired/CVE-2005-3807 delete mode 100644 patch-tracking/retired/CVE-2005-3808 delete mode 100644 patch-tracking/retired/CVE-2005-3809 delete mode 100644 patch-tracking/retired/CVE-2005-3810 delete mode 100644 patch-tracking/retired/CVE-2005-3847 delete mode 100644 patch-tracking/retired/CVE-2005-3848 delete mode 100644 patch-tracking/retired/CVE-2005-3857 delete mode 100644 patch-tracking/retired/CVE-2005-3858 delete mode 100644 patch-tracking/retired/CVE-2005-4351 delete mode 100644 patch-tracking/retired/CVE-2005-4352 delete mode 100644 patch-tracking/retired/CVE-2005-4605 delete mode 100644 patch-tracking/retired/CVE-2005-4618 delete mode 100644 patch-tracking/retired/CVE-2005-4635 delete mode 100644 patch-tracking/retired/CVE-2005-4639 delete mode 100644 patch-tracking/retired/CVE-2006-0035 delete mode 100644 patch-tracking/retired/CVE-2006-0036 delete mode 100644 patch-tracking/retired/CVE-2006-0037 delete mode 100644 patch-tracking/retired/CVE-2006-0038 delete mode 100644 patch-tracking/retired/CVE-2006-0039 delete mode 100644 patch-tracking/retired/CVE-2006-0095 delete mode 100644 patch-tracking/retired/CVE-2006-0096 delete mode 100644 patch-tracking/retired/CVE-2006-0456 delete mode 100644 patch-tracking/retired/CVE-2006-0457 delete mode 100644 patch-tracking/retired/CVE-2006-0482 delete mode 100644 patch-tracking/retired/CVE-2006-0554 delete mode 100644 patch-tracking/retired/CVE-2006-0555 delete mode 100644 patch-tracking/retired/CVE-2006-0557 delete mode 100644 patch-tracking/retired/CVE-2006-0741 delete mode 100644 patch-tracking/retired/CVE-2006-0742 delete mode 100644 patch-tracking/retired/CVE-2006-1055 delete mode 100644 patch-tracking/retired/CVE-2006-1056 delete mode 100644 patch-tracking/retired/CVE-2006-1066 delete mode 100644 patch-tracking/retired/CVE-2006-1242 delete mode 100644 patch-tracking/retired/CVE-2006-1342 delete mode 100644 patch-tracking/retired/CVE-2006-1368 delete mode 100644 patch-tracking/retired/CVE-2006-1522 delete mode 100644 patch-tracking/retired/CVE-2006-1523 delete mode 100644 patch-tracking/retired/CVE-2006-1524 delete mode 100644 patch-tracking/retired/CVE-2006-1525 delete mode 100644 patch-tracking/retired/CVE-2006-1527 delete mode 100644 patch-tracking/retired/CVE-2006-1857 delete mode 100644 patch-tracking/retired/CVE-2006-1858 delete mode 100644 patch-tracking/retired/CVE-2006-1859 delete mode 100644 patch-tracking/retired/CVE-2006-1860 delete mode 100644 patch-tracking/retired/CVE-2006-1863 delete mode 100644 patch-tracking/retired/CVE-2006-1864 delete mode 100644 patch-tracking/retired/CVE-2006-2271 delete mode 100644 patch-tracking/retired/CVE-2006-2272 delete mode 100644 patch-tracking/retired/CVE-2006-2274 delete mode 100644 patch-tracking/retired/CVE-2006-2451 delete mode 100644 patch-tracking/retired/CVE-2006-3626 create mode 100644 retired/CVE-2002-0429 create mode 100644 retired/CVE-2003-0001 create mode 100644 retired/CVE-2003-0018 create mode 100644 retired/CVE-2003-0127 create mode 100644 retired/CVE-2003-0187 create mode 100644 retired/CVE-2003-0244 create mode 100644 retired/CVE-2003-0246 create mode 100644 retired/CVE-2003-0247 create mode 100644 retired/CVE-2003-0248 create mode 100644 retired/CVE-2003-0364 create mode 100644 retired/CVE-2003-0418 create mode 100644 retired/CVE-2003-0461 create mode 100644 retired/CVE-2003-0462 create mode 100644 retired/CVE-2003-0464 create mode 100644 retired/CVE-2003-0465 create mode 100644 retired/CVE-2003-0467 create mode 100644 retired/CVE-2003-0476 create mode 100644 retired/CVE-2003-0501 create mode 100644 retired/CVE-2003-0550 create mode 100644 retired/CVE-2003-0551 create mode 100644 retired/CVE-2003-0552 create mode 100644 retired/CVE-2003-0643 create mode 100644 retired/CVE-2003-0699 create mode 100644 retired/CVE-2003-0700 create mode 100644 retired/CVE-2003-0961 create mode 100644 retired/CVE-2003-0984 create mode 100644 retired/CVE-2003-0985 create mode 100644 retired/CVE-2003-1040 create mode 100644 retired/CVE-2004-0003 create mode 100644 retired/CVE-2004-0010 create mode 100644 retired/CVE-2004-0077 create mode 100644 retired/CVE-2004-0109 create mode 100644 retired/CVE-2004-0133 create mode 100644 retired/CVE-2004-0136 create mode 100644 retired/CVE-2004-0138 create mode 100644 retired/CVE-2004-0177 create mode 100644 retired/CVE-2004-0178 create mode 100644 retired/CVE-2004-0181 create mode 100644 retired/CVE-2004-0228 create mode 100644 retired/CVE-2004-0229 create mode 100644 retired/CVE-2004-0394 create mode 100644 retired/CVE-2004-0415 create mode 100644 retired/CVE-2004-0427 create mode 100644 retired/CVE-2004-0447 create mode 100644 retired/CVE-2004-0491 create mode 100644 retired/CVE-2004-0495 create mode 100644 retired/CVE-2004-0496 create mode 100644 retired/CVE-2004-0497 create mode 100644 retired/CVE-2004-0535 create mode 100644 retired/CVE-2004-0554 create mode 100644 retired/CVE-2004-0565 create mode 100644 retired/CVE-2004-0587 create mode 100644 retired/CVE-2004-0596 create mode 100644 retired/CVE-2004-0619 create mode 100644 retired/CVE-2004-0626 create mode 100644 retired/CVE-2004-0685 create mode 100644 retired/CVE-2004-0790 create mode 100644 retired/CVE-2004-0812 create mode 100644 retired/CVE-2004-0814 create mode 100644 retired/CVE-2004-0816 create mode 100644 retired/CVE-2004-0883 create mode 100644 retired/CVE-2004-0887 create mode 100644 retired/CVE-2004-0949 create mode 100644 retired/CVE-2004-1016 create mode 100644 retired/CVE-2004-1017 create mode 100644 retired/CVE-2004-1056 create mode 100644 retired/CVE-2004-1057 create mode 100644 retired/CVE-2004-1058 create mode 100644 retired/CVE-2004-1068 create mode 100644 retired/CVE-2004-1069 create mode 100644 retired/CVE-2004-1070 create mode 100644 retired/CVE-2004-1071 create mode 100644 retired/CVE-2004-1072 create mode 100644 retired/CVE-2004-1073 create mode 100644 retired/CVE-2004-1137 create mode 100644 retired/CVE-2004-1144 create mode 100644 retired/CVE-2004-1151 create mode 100644 retired/CVE-2004-1234 create mode 100644 retired/CVE-2004-1235 create mode 100644 retired/CVE-2004-1237 create mode 100644 retired/CVE-2004-1333 create mode 100644 retired/CVE-2004-1334 create mode 100644 retired/CVE-2004-1335 create mode 100644 retired/CVE-2004-1337 create mode 100644 retired/CVE-2004-2013 create mode 100644 retired/CVE-2004-2302 create mode 100644 retired/CVE-2004-2536 create mode 100644 retired/CVE-2004-2607 create mode 100644 retired/CVE-2005-0001 create mode 100644 retired/CVE-2005-0003 create mode 100644 retired/CVE-2005-0090 create mode 100644 retired/CVE-2005-0091 create mode 100644 retired/CVE-2005-0092 create mode 100644 retired/CVE-2005-0135 create mode 100644 retired/CVE-2005-0136 create mode 100644 retired/CVE-2005-0137 create mode 100644 retired/CVE-2005-0176 create mode 100644 retired/CVE-2005-0177 create mode 100644 retired/CVE-2005-0178 create mode 100644 retired/CVE-2005-0180 create mode 100644 retired/CVE-2005-0204 create mode 100644 retired/CVE-2005-0207 create mode 100644 retired/CVE-2005-0209 create mode 100644 retired/CVE-2005-0210 create mode 100644 retired/CVE-2005-0384 create mode 100644 retired/CVE-2005-0400 create mode 100644 retired/CVE-2005-0449 create mode 100644 retired/CVE-2005-0528 create mode 100644 retired/CVE-2005-0529 create mode 100644 retired/CVE-2005-0530 create mode 100644 retired/CVE-2005-0531 create mode 100644 retired/CVE-2005-0532 create mode 100644 retired/CVE-2005-0736 create mode 100644 retired/CVE-2005-0749 create mode 100644 retired/CVE-2005-0750 create mode 100644 retired/CVE-2005-0756 create mode 100644 retired/CVE-2005-0757 create mode 100644 retired/CVE-2005-0767 create mode 100644 retired/CVE-2005-0815 create mode 100644 retired/CVE-2005-0839 create mode 100644 retired/CVE-2005-0867 create mode 100644 retired/CVE-2005-0916 create mode 100644 retired/CVE-2005-1041 create mode 100644 retired/CVE-2005-1263 create mode 100644 retired/CVE-2005-1368 create mode 100644 retired/CVE-2005-1369 create mode 100644 retired/CVE-2005-1589 create mode 100644 retired/CVE-2005-1761 create mode 100644 retired/CVE-2005-1762 create mode 100644 retired/CVE-2005-1764 create mode 100644 retired/CVE-2005-1765 create mode 100644 retired/CVE-2005-1767 create mode 100644 retired/CVE-2005-1768 create mode 100644 retired/CVE-2005-1913 create mode 100644 retired/CVE-2005-2098 create mode 100644 retired/CVE-2005-2099 create mode 100644 retired/CVE-2005-2100 create mode 100644 retired/CVE-2005-2456 create mode 100644 retired/CVE-2005-2457 create mode 100644 retired/CVE-2005-2458 create mode 100644 retired/CVE-2005-2459 create mode 100644 retired/CVE-2005-2490 create mode 100644 retired/CVE-2005-2492 create mode 100644 retired/CVE-2005-2548 create mode 100644 retired/CVE-2005-2553 create mode 100644 retired/CVE-2005-2555 create mode 100644 retired/CVE-2005-2708 create mode 100644 retired/CVE-2005-2709 create mode 100644 retired/CVE-2005-2800 create mode 100644 retired/CVE-2005-2801 create mode 100644 retired/CVE-2005-2872 create mode 100644 retired/CVE-2005-2973 create mode 100644 retired/CVE-2005-3053 create mode 100644 retired/CVE-2005-3055 create mode 100644 retired/CVE-2005-3106 create mode 100644 retired/CVE-2005-3107 create mode 100644 retired/CVE-2005-3108 create mode 100644 retired/CVE-2005-3109 create mode 100644 retired/CVE-2005-3110 create mode 100644 retired/CVE-2005-3119 create mode 100644 retired/CVE-2005-3179 create mode 100644 retired/CVE-2005-3180 create mode 100644 retired/CVE-2005-3181 create mode 100644 retired/CVE-2005-3257 create mode 100644 retired/CVE-2005-3271 create mode 100644 retired/CVE-2005-3272 create mode 100644 retired/CVE-2005-3273 create mode 100644 retired/CVE-2005-3274 create mode 100644 retired/CVE-2005-3275 create mode 100644 retired/CVE-2005-3276 create mode 100644 retired/CVE-2005-3356 create mode 100644 retired/CVE-2005-3358 create mode 100644 retired/CVE-2005-3359 create mode 100644 retired/CVE-2005-3623 create mode 100644 retired/CVE-2005-3783 create mode 100644 retired/CVE-2005-3784 create mode 100644 retired/CVE-2005-3805 create mode 100644 retired/CVE-2005-3806 create mode 100644 retired/CVE-2005-3807 create mode 100644 retired/CVE-2005-3808 create mode 100644 retired/CVE-2005-3809 create mode 100644 retired/CVE-2005-3810 create mode 100644 retired/CVE-2005-3847 create mode 100644 retired/CVE-2005-3848 create mode 100644 retired/CVE-2005-3857 create mode 100644 retired/CVE-2005-3858 create mode 100644 retired/CVE-2005-4351 create mode 100644 retired/CVE-2005-4352 create mode 100644 retired/CVE-2005-4605 create mode 100644 retired/CVE-2005-4618 create mode 100644 retired/CVE-2005-4635 create mode 100644 retired/CVE-2005-4639 create mode 100644 retired/CVE-2006-0035 create mode 100644 retired/CVE-2006-0036 create mode 100644 retired/CVE-2006-0037 create mode 100644 retired/CVE-2006-0038 create mode 100644 retired/CVE-2006-0039 create mode 100644 retired/CVE-2006-0095 create mode 100644 retired/CVE-2006-0096 create mode 100644 retired/CVE-2006-0456 create mode 100644 retired/CVE-2006-0457 create mode 100644 retired/CVE-2006-0482 create mode 100644 retired/CVE-2006-0554 create mode 100644 retired/CVE-2006-0555 create mode 100644 retired/CVE-2006-0557 create mode 100644 retired/CVE-2006-0741 create mode 100644 retired/CVE-2006-0742 create mode 100644 retired/CVE-2006-1055 create mode 100644 retired/CVE-2006-1056 create mode 100644 retired/CVE-2006-1066 create mode 100644 retired/CVE-2006-1242 create mode 100644 retired/CVE-2006-1342 create mode 100644 retired/CVE-2006-1368 create mode 100644 retired/CVE-2006-1522 create mode 100644 retired/CVE-2006-1523 create mode 100644 retired/CVE-2006-1524 create mode 100644 retired/CVE-2006-1525 create mode 100644 retired/CVE-2006-1527 create mode 100644 retired/CVE-2006-1857 create mode 100644 retired/CVE-2006-1858 create mode 100644 retired/CVE-2006-1859 create mode 100644 retired/CVE-2006-1860 create mode 100644 retired/CVE-2006-1863 create mode 100644 retired/CVE-2006-1864 create mode 100644 retired/CVE-2006-2271 create mode 100644 retired/CVE-2006-2272 create mode 100644 retired/CVE-2006-2274 create mode 100644 retired/CVE-2006-2451 create mode 100644 retired/CVE-2006-3626 diff --git a/patch-tracking/retired/CVE-2002-0429 b/patch-tracking/retired/CVE-2002-0429 deleted file mode 100644 index 6d6e59f55..000000000 --- a/patch-tracking/retired/CVE-2002-0429 +++ /dev/null @@ -1,29 +0,0 @@ -Candidate: CVE-2002-0429 -References: - CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@3dd4f4b1MbvSSVddY8E_Yx0bGPux8w?nav=index.html|src/|src/arch|src/arch/i386|src/arch/i386/kernel|related/arch/i386/kernel/entry.S - BUGTRAQ:20020308 linux <=2.4.18 x86 traps.c problem - CONFIRM:http://www.openwall.com/linux/ - DEBIAN:DSA-311 - DEBIAN:DSA-312 - DEBIAN:DSA-332 - DEBIAN:DSA-336 - DEBIAN:DSA-442 - REDHAT:RHSA-2002:158 - BID:4259 - XF:linux-ibcs-lcall-process(8420) -Description: - The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local - users to kill arbitrary processes via a a binary compatibility interface (lcall). -Notes: -Bugs: -upstream: released (2.4.20) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-6) -2.4.17-woody-security: released (2.4.17-1woody1) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2003-0001 b/patch-tracking/retired/CVE-2003-0001 deleted file mode 100644 index 7cd7abbd1..000000000 --- a/patch-tracking/retired/CVE-2003-0001 +++ /dev/null @@ -1,38 +0,0 @@ -Candidate: CVE-2003-0001 -References: - ATSTAKE:A010603-1 - URL:http://www.atstake.com/research/advisories/2003/a010603-1.txt - BUGTRAQ:20030110 More information regarding Etherleak - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104222046632243&w=2 - VULNWATCH:20030110 More information regarding Etherleak - URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html - MISC:http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf - CERT-VN:VU#412115 - URL:http://www.kb.cert.org/vuls/id/412115 - REDHAT:RHSA-2003:025 - URL:http://www.redhat.com/support/errata/RHSA-2003-025.html - OVAL:OVAL2665 - URL:http://oval.mitre.org/oval/definitions/data/oval2665.html -Description: - Multiple ethernet Network Interface Card (NIC) device drivers do not pad - frames with null bytes, which allows remote attackers to obtain information - from previous packets or kernel memory by using malformed packets, as - demonstrated by Etherleak. -Notes: - dannf> A number of drivers had to be fixed, but when looking to see where this - dannf> patch had been applied, I just tracked the de600.c file changes. My - dannf> assumption is that all of the other drivers got fixed at the same time. - . - dannf> I've e-mailed the security team + mdz, asking for a patch -Bugs: -upstream: released (2.4.21-pre4) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: needed -2.4.18-woody-security: released (2.4.18-7) -2.4.17-woody-security: released (2.4.17-1woody1) -2.4.16-woody-security: needed -2.4.17-woody-security-hppa: needed -2.4.17-woody-security-ia64: needed -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2003-0018 b/patch-tracking/retired/CVE-2003-0018 deleted file mode 100644 index d89c0b09f..000000000 --- a/patch-tracking/retired/CVE-2003-0018 +++ /dev/null @@ -1,38 +0,0 @@ -Candidate: CVE-2003-0018 -References: - DEBIAN:DSA-358 - DEBIAN:DSA-423 - MANDRAKE:MDKSA-2003:014 - REDHAT:RHSA-2003:025 - BID:6763 - XF:linux-odirect-information-leak(11249) -Description: - Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the - O_DIRECT feature, which allows local attackers with write privileges to - read portions of previously deleted files, or cause file system - corruption. -Notes: - dannf> It looks like the fix that was used in woody is to diable - dannf> O_DIRECT. Is this the upstream fix? - dannf> http://linux.bkbits.net:8080/linux-2.4/cset@3da0af3a87N78_-K9uAzGF_5cLsRkA?nav=index.html|tags|ChangeSet@..1.717.1.11 - dannf> I've asked hch via e-mail - . - dannf> and here's his response: - . - The big O_DIRECT issues we had a while ago involved redoing large parts of - the locking so it's definitily not the patch above. It was fixed in 2.4.2x - for x = 2 or 3 IIRC. The 2.5.27 kernels in sarge ff are definitly okay. - . - dannf> Therefore, I'm marking >= sarge kernels N/A -Bugs: -upstream: -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-10) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.14.1) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2003-0127 b/patch-tracking/retired/CVE-2003-0127 deleted file mode 100644 index b1b4b1cd7..000000000 --- a/patch-tracking/retired/CVE-2003-0127 +++ /dev/null @@ -1,62 +0,0 @@ -Candidate: CVE-2003-0127 -References: - VULNWATCH:20030317 Fwd: Ptrace hole / Linux 2.2.25 - URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html - REDHAT:RHSA-2003:098 - URL:http://rhn.redhat.com/errata/RHSA-2003-098.html - REDHAT:RHSA-2003:088 - URL:http://rhn.redhat.com/errata/RHSA-2003-088.html - SUSE:SuSE-SA:2003:021 - ENGARDE:ESA-20030318-009 - DEBIAN:DSA-270 - URL:http://www.debian.org/security/2003/dsa-270 - DEBIAN:DSA-276 - URL:http://www.debian.org/security/2003/dsa-276 - DEBIAN:DSA-311 - URL:http://www.debian.org/security/2003/dsa-311 - DEBIAN:DSA-312 - URL:http://www.debian.org/security/2003/dsa-312 - DEBIAN:DSA-332 - URL:http://www.debian.org/security/2003/dsa-332 - DEBIAN:DSA-336 - URL:http://www.debian.org/security/2003/dsa-336 - DEBIAN:DSA-423 - URL:http://www.debian.org/security/2004/dsa-423 - DEBIAN:DSA-495 - URL:http://www.debian.org/security/2004/dsa-495 - MANDRAKE:MDKSA-2003:038 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:038 - MANDRAKE:MDKSA-2003:039 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:039 - CALDERA:CSSA-2003-020.0 - URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-020.0.txt - ENGARDE:ESA-20030515-017 - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2 - REDHAT:RHSA-2003:145 - URL:http://www.redhat.com/support/errata/RHSA-2003-145.html - GENTOO:GLSA-200303-17 - URL:http://security.gentoo.org/glsa/glsa-200303-17.xml - CERT-VN:VU#628849 - URL:http://www.kb.cert.org/vuls/id/628849 - OVAL:OVAL254 - URL:http://oval.mitre.org/oval/definitions/data/oval254.html -Description: - The kernel module loader in Linux kernel 2.2.x before 2.2.25, and - 2.4.x before 2.4.21, allows local users to gain root privileges by - using ptrace to attach to a child process that is spawned by the - kernel. -Notes: - Changeset comments say "Linux 2.5 is not believed to be vulnerable.", - so marking this issue as N/A for 2.6. -Bugs: -upstream: released (2.4.21-pre6) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody2) -2.4.18-woody-security: released (2.4.18-7) -2.4.17-woody-security: released (2.4.17-1woody1) -2.4.16-woody-security: released (2.4.16-1woody2) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.14.1) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2003-0187 b/patch-tracking/retired/CVE-2003-0187 deleted file mode 100644 index 44f104289..000000000 --- a/patch-tracking/retired/CVE-2003-0187 +++ /dev/null @@ -1,25 +0,0 @@ -Candidate: CVE-2003-0187 -References: - http://marc.theaimsgroup.com/?l=bugtraq&m=105986028426824&w=2 - http://oval.mitre.org/oval/definitions/data/oval260.html -Description: - The connection tracking core of Netfilter for Linux 2.4.20, with - CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote - attackers to cause a denial of service (resource consumption) due to an - inconsistency with Linux 2.4.20's support of linked lists, which causes - Netfilter to fail to identify connections with an UNCONFIRMED status and - use large timeouts. -Notes: - This was fixed before 2.6.0: - http://linux.bkbits.net:8080/linux-2.6/cset@3e631f9evO15b8EcYa8btEi07F2mYQ?nav=index.html|src/|src/include|src/include/linux|src/include/linux/netfilter_ipv4|related/include/linux/netfilter_ipv4/ip_conntrack.h -Bugs: -upstream: released (2.4.21) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2003-0244 b/patch-tracking/retired/CVE-2003-0244 deleted file mode 100644 index 50f548482..000000000 --- a/patch-tracking/retired/CVE-2003-0244 +++ /dev/null @@ -1,50 +0,0 @@ -Candidate: CVE-2003-0244 -References: - VULNWATCH:20030517 Algorithmic Complexity Attacks and the Linux Networking Code - URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0073.html - MISC:http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html - MISC:http://marc.theaimsgroup.com/?l=linux-kernel&m=104956079213417 - REDHAT:RHSA-2003:145 - URL:http://www.redhat.com/support/errata/RHSA-2003-145.html - REDHAT:RHSA-2003:147 - URL:http://www.redhat.com/support/errata/RHSA-2003-147.html - REDHAT:RHSA-2003:172 - URL:http://www.redhat.com/support/errata/RHSA-2003-172.html - ENGARDE:ESA-20030515-017 - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2 - DEBIAN:DSA-311 - URL:http://www.debian.org/security/2003/dsa-311 - DEBIAN:DSA-312 - URL:http://www.debian.org/security/2003/dsa-312 - DEBIAN:DSA-332 - URL:http://www.debian.org/security/2003/dsa-332 - DEBIAN:DSA-336 - URL:http://www.debian.org/security/2003/dsa-336 - DEBIAN:DSA-442 - URL:http://www.debian.org/security/2004/dsa-442 - MANDRAKE:MDKSA-2003:066 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:066 - MANDRAKE:MDKSA-2003:074 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074 - BUGTRAQ:20030618 [slackware-security] 2.4.21 kernels available (SSA:2003-168-01) - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105595901923063&w=2 - OVAL:OVAL261 - URL:http://oval.mitre.org/oval/definitions/data/oval261.html -Description: - The route cache implementation in Linux 2.4, and the Netfilter IP conntrack - module, allows remote attackers to cause a denial of service (CPU consumption) - via packets with forged source addresses that cause a large number of hash - table collisions. -Notes: -Bugs: -upstream: released (2.4.21-rc2) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released -2.4.18-woody-security: released (2.4.18-8) -2.4.17-woody-security: released (2.4.17-1woody1) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.14.1) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2003-0246 b/patch-tracking/retired/CVE-2003-0246 deleted file mode 100644 index 6ad4dddd8..000000000 --- a/patch-tracking/retired/CVE-2003-0246 +++ /dev/null @@ -1,50 +0,0 @@ -Candidate: CVE-2003-0246 -References: - REDHAT:RHSA-2003:172 - URL:http://www.redhat.com/support/errata/RHSA-2003-172.html - REDHAT:RHSA-2003:147 - URL:http://www.redhat.com/support/errata/RHSA-2003-147.html - ENGARDE:ESA-20030515-017 - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2 - DEBIAN:DSA-311 - URL:http://www.debian.org/security/2003/dsa-311 - DEBIAN:DSA-312 - URL:http://www.debian.org/security/2003/dsa-312 - DEBIAN:DSA-332 - URL:http://www.debian.org/security/2003/dsa-332 - DEBIAN:DSA-336 - URL:http://www.debian.org/security/2003/dsa-336 - DEBIAN:DSA-442 - URL:http://www.debian.org/security/2004/dsa-442 - MANDRAKE:MDKSA-2003:066 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:066 - MANDRAKE:MDKSA-2003:074 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074 - TURBO:TLSA-2003-41 - URL:http://www.turbolinux.com/security/TLSA-2003-41.txt - VULNWATCH:20030520 Linux 2.4 kernel ioperm vuln - URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0076.html - OVAL:OVAL278 - URL:http://oval.mitre.org/oval/definitions/data/oval278.html -Description: - The ioperm system call in Linux kernel 2.4.20 and earlier does not properly - restrict privileges, which allows local users to gain read or write access to - certain I/O ports. -Notes: - It looks like the patch originally included in woody was just a one line - change; whereas there were two larger patches that went upstream. I'm - moving our trees forward to the upstream one. - . - Patch is x86 only. -Bugs: -upstream: released (2.4.21-rc4) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: pending (2.4.18-14.5) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: released (011226.14.1) -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2003-0247 b/patch-tracking/retired/CVE-2003-0247 deleted file mode 100644 index 45159ec02..000000000 --- a/patch-tracking/retired/CVE-2003-0247 +++ /dev/null @@ -1,42 +0,0 @@ -Candidate: CVE-2003-0247 -References: - REDHAT:RHSA-2003:187 - URL:http://www.redhat.com/support/errata/RHSA-2003-187.html - REDHAT:RHSA-2003:195 - URL:http://www.redhat.com/support/errata/RHSA-2003-195.html - REDHAT:RHSA-2003:198 - URL:http://www.redhat.com/support/errata/RHSA-2003-198.html - DEBIAN:DSA-311 - URL:http://www.debian.org/security/2003/dsa-311 - DEBIAN:DSA-312 - URL:http://www.debian.org/security/2003/dsa-312 - DEBIAN:DSA-332 - URL:http://www.debian.org/security/2003/dsa-332 - DEBIAN:DSA-336 - URL:http://www.debian.org/security/2003/dsa-336 - DEBIAN:DSA-442 - URL:http://www.debian.org/security/2004/dsa-442 - MANDRAKE:MDKSA-2003:066 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:066 - MANDRAKE:MDKSA-2003:074 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074 - TURBO:TLSA-2003-41 - URL:http://www.turbolinux.com/security/TLSA-2003-41.txt - OVAL:OVAL284 - URL:http://oval.mitre.org/oval/definitions/data/oval284.html -Description: - Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows - attackers to cause a denial of service ("kernel oops"). -Notes: -Bugs: -upstream: released (2.4.21-rc3) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-9) -2.4.17-woody-security: released (2.4.17-1woody1) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.14.1) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2003-0248 b/patch-tracking/retired/CVE-2003-0248 deleted file mode 100644 index 9ce634f6e..000000000 --- a/patch-tracking/retired/CVE-2003-0248 +++ /dev/null @@ -1,42 +0,0 @@ -Candidate: CVE-2003-0248 -References: - REDHAT:RHSA-2003:187 - URL:http://www.redhat.com/support/errata/RHSA-2003-187.html - REDHAT:RHSA-2003:195 - URL:http://www.redhat.com/support/errata/RHSA-2003-195.html - DEBIAN:DSA-311 - URL:http://www.debian.org/security/2003/dsa-311 - DEBIAN:DSA-312 - URL:http://www.debian.org/security/2003/dsa-312 - DEBIAN:DSA-332 - URL:http://www.debian.org/security/2003/dsa-332 - DEBIAN:DSA-336 - URL:http://www.debian.org/security/2003/dsa-336 - DEBIAN:DSA-442 - URL:http://www.debian.org/security/2004/dsa-442 - MANDRAKE:MDKSA-2003:066 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:066 - MANDRAKE:MDKSA-2003:074 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074 - TURBO:TLSA-2003-41 - URL:http://www.turbolinux.com/security/TLSA-2003-41.txt - OVAL:OVAL292 - URL:http://oval.mitre.org/oval/definitions/data/oval292.html -Description: - The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state - registers via a malformed address. -Notes: - dannf> I think this is the patch: - dannf> http://linux.bkbits.net:8080/linux-2.4/cset@3f293760h0HL1XxaPHNYxPXmpO1k8g?nav=index.html|src/|src/arch|src/arch/i386|src/arch/i386/kernel|related/arch/i386/kernel/i387.c -Bugs: -upstream: released (2.4.22-pre10) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-9) -2.4.17-woody-security: released (2.4.17-1woody1) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: released (011226.14.1) -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2003-0364 b/patch-tracking/retired/CVE-2003-0364 deleted file mode 100644 index 1cc1ba9b3..000000000 --- a/patch-tracking/retired/CVE-2003-0364 +++ /dev/null @@ -1,40 +0,0 @@ -Candidate: CVE-2003-0364 -References: - REDHAT:RHSA-2003:187 - URL:http://www.redhat.com/support/errata/RHSA-2003-187.html - REDHAT:RHSA-2003:195 - URL:http://www.redhat.com/support/errata/RHSA-2003-195.html - REDHAT:RHSA-2003:198 - URL:http://www.redhat.com/support/errata/RHSA-2003-198.html - DEBIAN:DSA-311 - URL:http://www.debian.org/security/2003/dsa-311 - DEBIAN:DSA-312 - URL:http://www.debian.org/security/2003/dsa-312 - DEBIAN:DSA-332 - URL:http://www.debian.org/security/2003/dsa-332 - DEBIAN:DSA-336 - URL:http://www.debian.org/security/2003/dsa-336 - DEBIAN:DSA-442 - URL:http://www.debian.org/security/2004/dsa-442 - TURBO:TLSA-2003-41 - URL:http://www.turbolinux.com/security/TLSA-2003-41.txt - OVAL:OVAL295 - URL:http://oval.mitre.org/oval/definitions/data/oval295.html -Description: - The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote - attackers to cause a denial of service (CPU consumption) via certain packets that - cause a large number of hash table collisions. -Notes: -Bugs: -upstream: released (2.4.21-rc7) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.2.20-woody-security: released (2.2.20-5woody2) -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-9) -2.4.17-woody-security: released (2.4.17-1woody1) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.14.1) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2003-0418 b/patch-tracking/retired/CVE-2003-0418 deleted file mode 100644 index f20986e7e..000000000 --- a/patch-tracking/retired/CVE-2003-0418 +++ /dev/null @@ -1,21 +0,0 @@ -Candidate: CVE-2003-0418 -References: - http://marc.theaimsgroup.com/?l=bugtraq&m=105519179005065&w=2 - http://www.cartel-securite.fr/pbiondi/adv/CARTSA-20030314-icmpleak.txt - http://www.kb.cert.org/vuls/id/471084 -Description: - The Linux 2.0 kernel IP stack does not properly calculate the size of an ICMP - citation, which causes it to include portions of unauthorized memory in ICMP - error responses. -Notes: -Bugs: -upstream: -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2003-0461 b/patch-tracking/retired/CVE-2003-0461 deleted file mode 100644 index c947ee683..000000000 --- a/patch-tracking/retired/CVE-2003-0461 +++ /dev/null @@ -1,36 +0,0 @@ -Candidate: CVE-2003-0461 -References: - MISC:http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html - REDHAT:RHSA-2003:238 - URL:http://www.redhat.com/support/errata/RHSA-2003-238.html - REDHAT:RHSA-2004:188 - URL:http://www.redhat.com/support/errata/RHSA-2004-188.html - DEBIAN:DSA-358 - URL:http://www.debian.org/security/2004/dsa-358 - DEBIAN:DSA-423 - URL:http://www.debian.org/security/2004/dsa-423 - OVAL:OVAL304 - URL:http://oval.mitre.org/oval/definitions/data/oval304.html - OVAL:OVAL997 - URL:http://oval.mitre.org/oval/definitions/data/oval997.html - Description: - /proc/tty/driver/serial in Linux 2.4.x reveals the exact number - of characters used in serial links, which could allow local users - to obtain potentially sensitive information such as the length of - passwords. -Notes: - dannf> Here's the patches I used: - http://linux.bkbits.net:8080/linux-2.4/cset@41a6020dX1GoVx_Eydy1jUOqc11tpw?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/proc_tty.c - http://linux.bkbits.net:8080/linux-2.4/cset@41aca810DvutJ8aEj43OuUqJ4e1EIw?nav=index.html|src/|src/include|src/include/linux|related/include/linux/proc_fs.h -Bugs: -upstream: released (2.4.29-pre2, 2.6.1) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: released (2.4.27-1) [025_proc_tty_security.diff] -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-10) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.14.1) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2003-0462 b/patch-tracking/retired/CVE-2003-0462 deleted file mode 100644 index b5d9c8b42..000000000 --- a/patch-tracking/retired/CVE-2003-0462 +++ /dev/null @@ -1,47 +0,0 @@ -Candidate: CVE-2003-0462 -References: - REDHAT:RHSA-2003:198 - URL:http://www.redhat.com/support/errata/RHSA-2003-198.html - REDHAT:RHSA-2003:238 - URL:http://www.redhat.com/support/errata/RHSA-2003-238.html - DEBIAN:DSA-358 - URL:http://www.debian.org/security/2004/dsa-358 - DEBIAN:DSA-423 - URL:http://www.debian.org/security/2004/dsa-423 - OVAL:OVAL309 - URL:http://oval.mitre.org/oval/definitions/data/oval309.html -Description: - A race condition in the way env_start and env_end pointers are - initialized in the execve system call and used in fs/proc/base.c - on Linux 2.4 allows local users to cause a denial of service - (crash). -Notes: - The fix for 2.4 went into a larger patch: - http://linux.bkbits.net:8080/linux-2.4/cset@41c68e9bogrpceA9rUJa-xHwBd-P6g?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/base.c - However, the patch for 2.6 is much simpler: - http://linux.bkbits.net:8080/linux-2.6/cset@3ff1101fZfOZMtqtcvKc_s-agJpLrQ?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/base.c - Unfortunately, it doesn't apply cleanly to 2.4. It looks like - the fix included in 2.4.18-10 just re-typed len in - proc_pid_environ; while in 2.6 len was also retyped in - proc_pid_cmdline. Only the former deals with evn_end/env_start - pointers and the latter doesn't apply cleanly to 2.4, so I'm - just making the proc_pid_environ change. - . - hrm.. maybe there was an earlier patch to 2.4; the above 2.4 - patch didn't go in till 2.4.29, yet it looks like this was - already fixed in our 2.4.27 .orig.tar.gz - . - jmm> I assume this was fixed upstream in 2.4.22-pre10? - jmm> o Fix /proc/self security issue -Bugs: -upstream: released (2.6.1), released (2.4.22-pre10) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-10) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.14.1) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2003-0464 b/patch-tracking/retired/CVE-2003-0464 deleted file mode 100644 index 6fe42cf63..000000000 --- a/patch-tracking/retired/CVE-2003-0464 +++ /dev/null @@ -1,27 +0,0 @@ -Candidate: CVE-2003-0464 -References: - http://www.redhat.com/support/errata/RHSA-2003-238.html - http://oval.mitre.org/oval/definitions/data/oval311.html -Description: - The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, - which could allow local users to bind to UDP ports that are used by privileged - services such as nfsd. -Notes: - I couldn't locate the patches RedHat & SuSE used, but Connectiva apparently - just #if 0'd out the sock->sk->reuse = 1; line in svcsock.c:svc_create_socket. - Upstream didn't disable it altogether; just for UDP - http://linux.bkbits.net:8080/linux-2.4/cset@3f1bdcc9r8An_GKkjlXeHBYDYOY11A?nav=index.html|src/|src/net|src/net/sunrpc|related/net/sunrpc/svcsock.c - I'm guessing this is a UDP-only problem, so that is probably the fix we want. - . - This fix was in before 2.6.0. -Bugs: -upstream: released (2.4.22-pre8) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: diff --git a/patch-tracking/retired/CVE-2003-0465 b/patch-tracking/retired/CVE-2003-0465 deleted file mode 100644 index 8ef0a9540..000000000 --- a/patch-tracking/retired/CVE-2003-0465 +++ /dev/null @@ -1,34 +0,0 @@ -Candidate: CVE-2003-0465 -References: - CONFIRM:http://marc.theaimsgroup.com/?l=linux-kernel&m=105796021120436&w=2 - CONFIRM:http://marc.theaimsgroup.com/?l=linux-kernel&m=105796415223490&w=2 - REDHAT:RHSA-2004:188 - URL:http://www.redhat.com/support/errata/RHSA-2004-188.html -Description: - The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad - the buffer on architectures other than x86, as opposed to the expected - behavior of strncpy as implemented in libc, which could lead to - information leaks. -Notes: - 2.4.27-8 fixes s390x, ppc64 and s390 but leaves mips & alpha unfixed. - . - horms> N.B. This bug appears to be minor at best - horms> http://marc.theaimsgroup.com/?l=linux-kernel&m=105796021120436&w=2 - . - dannf> Since this is minor, I'm gonna consider the existing patch "good enough" - dannf> and mark the 2.4 issues as complete. - jmm> Alan Cox wrote in above URL that these will be addressed during the 2.5 - jmm> cycle, so I guess it's pretty safe to make all the 2.6 kernels as fixed - jmm> The ramifications are minor anyway -Bugs: -upstream: -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: released (2.4.27-8) -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: needed -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2003-0467 b/patch-tracking/retired/CVE-2003-0467 deleted file mode 100644 index b51f352f4..000000000 --- a/patch-tracking/retired/CVE-2003-0467 +++ /dev/null @@ -1,25 +0,0 @@ -Candidate: CVE-2003-0467 -References: - http://marc.theaimsgroup.com/?l=bugtraq&m=105985703724758&w=2 -Description: - Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels - 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is - enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote - attackers to cause a denial of service (crash) in systems using NAT, possibly - due to an integer signedness error. -Notes: - http://linux.bkbits.net:8080/linux-2.4/cset@3ea42919d7UMn5WVhEYYcN5hnvM6fA?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_helper.c - . - Looks like this was fixed before 2.6.0: - http://linux.bkbits.net:8080/linux-2.6/cset@3eb76c8aWimEpZAEU5Xbu-LPK-NxeA?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_helper.c -Bugs: -upstream: released (2.4.21-rc1) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: diff --git a/patch-tracking/retired/CVE-2003-0476 b/patch-tracking/retired/CVE-2003-0476 deleted file mode 100644 index 03d471c1a..000000000 --- a/patch-tracking/retired/CVE-2003-0476 +++ /dev/null @@ -1,37 +0,0 @@ -Candidate: CVE-2003-0476 -References: - BUGTRAQ:20030626 Linux 2.4.x execve() file read race vulnerability - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105664924024009&w=2 - MANDRAKE:MDKSA-2003:074 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074 - REDHAT:RHSA-2003:238 - URL:http://www.redhat.com/support/errata/RHSA-2003-238.html - REDHAT:RHSA-2003:368 - URL:http://www.redhat.com/support/errata/RHSA-2003-368.html - REDHAT:RHSA-2003:408 - URL:http://www.redhat.com/support/errata/RHSA-2003-408.html - SUSE:SuSE-SA:2003:034 - DEBIAN:DSA-358 - URL:http://www.debian.org/security/2004/dsa-358 - DEBIAN:DSA-423 - URL:http://www.debian.org/security/2004/dsa-423 - OVAL:OVAL327 - URL:http://oval.mitre.org/oval/definitions/data/oval327.html -Description: - The execve system call in Linux 2.4.x records the file - descriptor of the executable process in the file table of the - calling process, which allows local users to gain read access to - restricted file descriptors. -Notes: -Bugs: -upstream: released (2.4.22-pre4, 2.6.1) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-10) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.14.1) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2003-0501 b/patch-tracking/retired/CVE-2003-0501 deleted file mode 100644 index abd9ec504..000000000 --- a/patch-tracking/retired/CVE-2003-0501 +++ /dev/null @@ -1,33 +0,0 @@ -Candidate: CVE-2003-0501 -References: - BUGTRAQ:20030620 Linux /proc sensitive information disclosure - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105621758104242 - REDHAT:RHSA-2003:198 - URL:http://www.redhat.com/support/errata/RHSA-2003-198.html - REDHAT:RHSA-2003:238 - URL:http://www.redhat.com/support/errata/RHSA-2003-238.html - SUSE:SuSE-SA:2003:034 - DEBIAN:DSA-358 - URL:http://www.debian.org/security/2004/dsa-358 - DEBIAN:DSA-423 - URL:http://www.debian.org/security/2004/dsa-423 - OVAL:OVAL328 - URL:http://oval.mitre.org/oval/definitions/data/oval328.html -Description: - The /proc filesystem in Linux allows local users to obtain - sensitive information by opening various entries in /proc/self - before executing a setuid program, which causes the program to - fail to change the ownership and permissions of those entries. -Notes: -Bugs: -upstream: released (2.4.22-pre10) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-10) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.14.1) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2003-0550 b/patch-tracking/retired/CVE-2003-0550 deleted file mode 100644 index ab06812f2..000000000 --- a/patch-tracking/retired/CVE-2003-0550 +++ /dev/null @@ -1,26 +0,0 @@ -Candidate: CVE-2003-0550 -References: - REDHAT:RHSA-2003:238 - URL:http://www.redhat.com/support/errata/RHSA-2003-238.html - DEBIAN:DSA-358 - URL:http://www.debian.org/security/2004/dsa-358 - DEBIAN:DSA-423 - URL:http://www.debian.org/security/2004/dsa-423 - OVAL:OVAL380 - URL:http://oval.mitre.org/oval/definitions/data/oval380.html -Description: - The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient - security by design, which allows attackers to modify the bridge topology. -Notes: -Bugs: -upstream: released (2.4.22-pre3) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-10) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.14.1) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2003-0551 b/patch-tracking/retired/CVE-2003-0551 deleted file mode 100644 index 7e5161bcc..000000000 --- a/patch-tracking/retired/CVE-2003-0551 +++ /dev/null @@ -1,28 +0,0 @@ -Candidate: CVE-2003-0551 -References: - REDHAT:RHSA-2003:198 - URL:http://www.redhat.com/support/errata/RHSA-2003-198.html - REDHAT:RHSA-2003:238 - URL:http://www.redhat.com/support/errata/RHSA-2003-238.html - DEBIAN:DSA-358 - URL:http://www.debian.org/security/2004/dsa-358 - DEBIAN:DSA-423 - URL:http://www.debian.org/security/2004/dsa-423 - OVAL:OVAL384 - URL:http://oval.mitre.org/oval/definitions/data/oval384.html -Description: - The STP protocol implementation in Linux 2.4.x does not properly verify - certain lengths, which could allow attackers to cause a denial of service. -Notes: -Bugs: -upstream: released (2.4.22-pre3) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-10) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.14.1) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2003-0552 b/patch-tracking/retired/CVE-2003-0552 deleted file mode 100644 index c3f39485f..000000000 --- a/patch-tracking/retired/CVE-2003-0552 +++ /dev/null @@ -1,28 +0,0 @@ -Candidate: CVE-2003-0552 -References: - REDHAT:RHSA-2003:198 - URL:http://www.redhat.com/support/errata/RHSA-2003-198.html - REDHAT:RHSA-2003:238 - URL:http://www.redhat.com/support/errata/RHSA-2003-238.html - DEBIAN:DSA-358 - URL:http://www.debian.org/security/2004/dsa-358 - DEBIAN:DSA-423 - URL:http://www.debian.org/security/2004/dsa-423 - OVAL:OVAL385 - URL:http://oval.mitre.org/oval/definitions/data/oval385.html -Description: - Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table - via forged packets whose source addresses are the same as the target. -Notes: -Bugs: -upstream: released (2.4.22-pre3) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-10) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.14.1) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2003-0643 b/patch-tracking/retired/CVE-2003-0643 deleted file mode 100644 index 64a7d8b11..000000000 --- a/patch-tracking/retired/CVE-2003-0643 +++ /dev/null @@ -1,25 +0,0 @@ -Candidate: CVE-2003-0643 -References: - http://www.ultramonkey.org/bugs/cve/CAN-2003-0643.shtml - http://www.ultramonkey.org/bugs/cve-patch/CAN-2003-0643.patch - http://gentoo.kems.net/gentoo-x86-portage/sys-kernel/gentoo-sources/ChangeLog - http://mirror.clarkson.edu/pub/distributions/gentoo-portage/sys-kernel/wolk-sources/ChangeLog - http://ftp.belnet.be/linux/gentoo-portage/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2003-0643.patch -Description: - Integer signedness error in the Linux Socket Filter implementation (filter.c) - in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of - service (crash). -Notes: - Fixed before 2.6.0: - http://linux.bkbits.net:8080/linux-2.4/cset@3f216072qjoeL8BVUjH-swPkd1CRgA?nav=index.html|src/|src/net|src/net/core|related/net/core/filter.c -Bugs: -upstream: released (2.4.22-pre10) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: diff --git a/patch-tracking/retired/CVE-2003-0699 b/patch-tracking/retired/CVE-2003-0699 deleted file mode 100644 index 615d05884..000000000 --- a/patch-tracking/retired/CVE-2003-0699 +++ /dev/null @@ -1,24 +0,0 @@ -Candidate: CVE-2003-0699 -References: - http://www.redhat.com/support/errata/RHSA-2003-198.html - http://www.redhat.com/support/errata/RHSA-2003-238.html - http://oval.mitre.org/oval/definitions/data/oval387.html -Description: - The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user - function to access userspace, which crosses security boundaries and may - facilitate the exploitation of vulnerabilities, a different vulnerability than - CVE-2003-0700. -Notes: - Fixed before 2.6.0. 2.4 patch: - http://linux.bkbits.net:8080/linux-2.4/cset@3eb6f77bdzIdwwIbhYPVK6Cu16OhBQ?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/cmpci.c -Bugs: -upstream: released (2.4.21-rc2) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: diff --git a/patch-tracking/retired/CVE-2003-0700 b/patch-tracking/retired/CVE-2003-0700 deleted file mode 100644 index 9e0299e59..000000000 --- a/patch-tracking/retired/CVE-2003-0700 +++ /dev/null @@ -1,24 +0,0 @@ -Candidate: CVE-2003-0700 -References: - http://www.redhat.com/support/errata/RHSA-2003-238.html - http://www.redhat.com/support/errata/RHSA-2004-044.html - http://oval.mitre.org/oval/definitions/data/oval401.html -Description: - The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user - function to access userspace in certain conditions, which crosses security - boundaries and may facilitate the exploitation of vulnerabilities, a different - vulnerability than CVE-2003-0699. -Notes: - Fixed before 2.6.0. 2.4 patch: - http://linux.bkbits.net:8080/linux-2.4/cset@3f0350ec7Wnpix3ihDCUMMnS-czskg?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/cmpci.c -Bugs: -upstream: released (2.4.22-pre3) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: diff --git a/patch-tracking/retired/CVE-2003-0961 b/patch-tracking/retired/CVE-2003-0961 deleted file mode 100644 index 6db82f645..000000000 --- a/patch-tracking/retired/CVE-2003-0961 +++ /dev/null @@ -1,67 +0,0 @@ -Candidate: CVE-2003-0961 -References: - BUGTRAQ:20031204 [iSEC] Linux kernel do_brk() vulnerability details - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107064798706473&w=2 - MISC:http://isec.pl/papers/linux_kernel_do_brk.pdf - REDHAT:RHSA-2003:368 - URL:http://www.redhat.com/support/errata/RHSA-2003-368.html - REDHAT:RHSA-2003:389 - URL:http://www.redhat.com/support/errata/RHSA-2003-389.html - DEBIAN:DSA-403 - URL:http://www.debian.org/security/2003/dsa-403 - DEBIAN:DSA-417 - URL:http://www.debian.org/security/2004/dsa-417 - DEBIAN:DSA-423 - URL:http://www.debian.org/security/2004/dsa-423 - DEBIAN:DSA-433 - URL:http://www.debian.org/security/2004/dsa-433 - DEBIAN:DSA-439 - URL:http://www.debian.org/security/2004/dsa-439 - DEBIAN:DSA-440 - URL:http://www.debian.org/security/2004/dsa-440 - DEBIAN:DSA-442 - URL:http://www.debian.org/security/2004/dsa-442 - DEBIAN:DSA-450 - URL:http://www.debian.org/security/2004/dsa-450 - DEBIAN:DSA-470 - URL:http://www.debian.org/security/2004/dsa-470 - DEBIAN:DSA-475 - URL:http://www.debian.org/security/2004/dsa-475 - MANDRAKE:MDKSA-2003:110 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:110 - CONECTIVA:CLA-2003:796 - URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000796 - SUSE:SuSE-SA:2003:049 - URL:http://www.novell.com/linux/security/advisories/2003_049_kernel.html - BUGTRAQ:20031204 Hot fix for do_brk bug - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107064830206816&w=2 - BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001 - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107394143105081&w=2 - CERT-VN:VU#301156 - URL:http://www.kb.cert.org/vuls/id/301156 - SECUNIA:10328 - URL:http://secunia.com/advisories/10328 - SECUNIA:10329 - URL:http://secunia.com/advisories/10329 - SECUNIA:10330 - URL:http://secunia.com/advisories/10330 - SECUNIA:10333 - URL:http://secunia.com/advisories/10333 - SECUNIA:10338 - URL:http://secunia.com/advisories/10338 -Description: - Integer overflow in the do_brk function for the brk system call in Linux - kernel 2.4.22 and earlier allows local users to gain root privileges. -Notes: -Bugs: -upstream: released (2.4.23-pre7) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody1) -2.4.18-woody-security: released (2.4.18-14) -2.4.17-woody-security: released (2.4.17-1woody2) -2.4.16-woody-security: released (2.4.16-1woody2) -2.4.17-woody-security-hppa: released (32.3) -2.4.17-woody-security-ia64: released (011226.14.1) -2.4.18-woody-security-hppa: released (62.2) diff --git a/patch-tracking/retired/CVE-2003-0984 b/patch-tracking/retired/CVE-2003-0984 deleted file mode 100644 index 73760da7d..000000000 --- a/patch-tracking/retired/CVE-2003-0984 +++ /dev/null @@ -1,46 +0,0 @@ -Candidate: CVE-2003-0984 -References: - SUSE:SuSE-SA:2003:049 - URL:http://www.novell.com/linux/security/advisories/2003_049_kernel.html - CONECTIVA:CLA-2004:799 - URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799 - ENGARDE:ESA-20040105-001 - URL:http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html - REDHAT:RHSA-2003:417 - URL:http://www.redhat.com/support/errata/RHSA-2003-417.html - REDHAT:RHSA-2004:188 - URL:http://www.redhat.com/support/errata/RHSA-2004-188.html - MANDRAKE:MDKSA-2004:001 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:001 - BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001 - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107394143105081&w=2 - XF:linux-rtc-memory-leak(13943) - URL:http://xforce.iss.net/xforce/xfdb/13943 - OVAL:OVAL1013 - URL:http://oval.mitre.org/oval/definitions/data/oval1013.html - OVAL:OVAL859 - URL:http://oval.mitre.org/oval/definitions/data/oval859.html -Description: - Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not - properly initialize their structures, which could leak kernel data to user - space. -Notes: - backport from dilinger; though it isn't quite what appears to have gone - upstream: - http://linux.bkbits.net:8080/linux-2.4/cset@3fd7827aNFUTifwp7_u4babSUA8Bkg?nav=index.html|src/|src/drivers|src/drivers/sbus|src/drivers/sbus/char|related/drivers/sbus/char/rtc.c - http://linux.bkbits.net:8080/linux-2.4/cset@3ff8697bFIYfsvIbsqw27h6C_rbCEA?nav=index.html|src/|src/drivers|src/drivers/sbus|src/drivers/sbus/char|related/drivers/sbus/char/rtc.c - jmm> This was fixed upstream in 2.4.24-rc1: - jmm> | : - jmm> | o /dev/rtc can leak parts of kernel memory to unpriviledged users -Bugs: -upstream: released (2.4.24-rc1, 2.6.2) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2003-0985 b/patch-tracking/retired/CVE-2003-0985 deleted file mode 100644 index 16f58f01e..000000000 --- a/patch-tracking/retired/CVE-2003-0985 +++ /dev/null @@ -1,54 +0,0 @@ -Candidate: CVE-2003-0985 -References: - BUGTRAQ:20040105 Linux kernel mremap vulnerability - MISC:http://isec.pl/vulnerabilities/isec-0013-mremap.txt - BUGTRAQ:20040105 Linux kernel do_mremap() proof-of-concept exploit code - BUGTRAQ:20040106 Linux mremap bug correction - DEBIAN:DSA-423 - DEBIAN:DSA-450 - SUSE:SuSE-SA:2004:001 - SUSE:SuSE-SA:2004:003 - CONECTIVA:CLA-2004:799 - ENGARDE:ESA-20040105-001 - REDHAT:RHSA-2003:416 - REDHAT:RHSA-2003:417 - REDHAT:RHSA-2003:418 - REDHAT:RHSA-2003:419 - DEBIAN:DSA-413 - DEBIAN:DSA-417 - DEBIAN:DSA-427 - DEBIAN:DSA-439 - DEBIAN:DSA-440 - DEBIAN:DSA-442 - DEBIAN:DSA-470 - DEBIAN:DSA-475 - IMMUNIX:IMNX-2004-73-001-01 - MANDRAKE:MDKSA-2004:001 - SGI:20040102-01-U - TRUSTIX:2004-0001 - BUGTRAQ:20040107 [slackware-security] Kernel security update (SSA:2004-006-01) - BUGTRAQ:20040108 [slackware-security] Slackware 8.1 kernel security update (SSA:2004-008-01) - BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001 - XF:linux-domremap-gain-privileges(14135) - OSVDB:3315 - OVAL:OVAL860 - OVAL:OVAL867 -Description: - The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21 - does not properly perform bounds checks, which allows local users to - cause a denial of service and possibly gain privileges by causing a - remapping of a virtual memory area (VMA) to create a zero length VMA, - a different vulnerability than CAN-2004-0077. -Notes: -Bugs: -upstream: released (2.4.24-rc1), released (2.6.1) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody1) -2.4.18-woody-security: released (2.4.18-14.1) -2.4.17-woody-security: released (2.4.17-1woody2) -2.4.16-woody-security: released (2.4.16-1woody2) -2.4.17-woody-security-hppa: released (32.3, 62.3) -2.4.17-woody-security-ia64: released (011226.15) -2.4.18-woody-security-hppa: released (62.2) diff --git a/patch-tracking/retired/CVE-2003-1040 b/patch-tracking/retired/CVE-2003-1040 deleted file mode 100644 index b4e7a03e5..000000000 --- a/patch-tracking/retired/CVE-2003-1040 +++ /dev/null @@ -1,28 +0,0 @@ -Candidate: CVE-2003-1040 -References: - ftp://patches.sgi.com/support/free/security/advisories/20040204-01-U.asc - http://www.novell.com/linux/security/advisories/2003_049_kernel.html - http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820 - http://www.redhat.com/support/errata/RHSA-2004-065.html - http://www.redhat.com/support/errata/RHSA-2004-069.html - http://www.redhat.com/support/errata/RHSA-2004-106.html - http://www.redhat.com/support/errata/RHSA-2004-188.html - http://linux.bkbits.net:8080/linux-2.4/diffs/kernel/kmod.c@1.6?nav=index.html|src/|src/kernel|hist/kernel/kmod.c - http://xforce.iss.net/xforce/xfdb/15577 -Description: - kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which - allows local users to cause a denial of service (crash) by sending certain - signals to kmod. -Notes: - fixed before 2.6 released -Bugs: -upstream: released (2.4.23) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: needed -2.4.18-woody-security: needed -2.4.17-woody-security: needed -2.4.16-woody-security: needed -2.4.17-woody-security-hppa: needed -2.4.17-woody-security-ia64: needed diff --git a/patch-tracking/retired/CVE-2004-0003 b/patch-tracking/retired/CVE-2004-0003 deleted file mode 100644 index 730024725..000000000 --- a/patch-tracking/retired/CVE-2004-0003 +++ /dev/null @@ -1,89 +0,0 @@ -Candidate: CVE-2004-0003 -References: - CONFIRM:http://www.linuxcompatible.org/print25630.html - DEBIAN:DSA-479 - URL:http://www.debian.org/security/2004/dsa-479 - DEBIAN:DSA-480 - URL:http://www.debian.org/security/2004/dsa-480 - DEBIAN:DSA-481 - URL:http://www.debian.org/security/2004/dsa-481 - DEBIAN:DSA-482 - URL:http://www.debian.org/security/2004/dsa-482 - DEBIAN:DSA-489 - URL:http://www.debian.org/security/2004/dsa-489 - DEBIAN:DSA-491 - URL:http://www.debian.org/security/2004/dsa-491 - DEBIAN:DSA-495 - URL:http://www.debian.org/security/2004/dsa-495 - MANDRAKE:MDKSA-2004:029 - URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:029 - REDHAT:RHSA-2004:044 - URL:http://www.redhat.com/support/errata/RHSA-2004-044.html - REDHAT:RHSA-2004:065 - URL:http://www.redhat.com/support/errata/RHSA-2004-065.html - REDHAT:RHSA-2004:106 - URL:http://www.redhat.com/support/errata/RHSA-2004-106.html - REDHAT:RHSA-2004:166 - URL:http://www.redhat.com/support/errata/RHSA-2004-166.html - SUSE:SuSE-SA:2004:005 - URL:http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html - TURBO:TLSA-2004-14 - URL:http://www.turbolinux.com/security/2004/TLSA-2004-14.txt - CIAC:O-082 - URL:http://www.ciac.org/ciac/bulletins/o-082.shtml - CIAC:O-121 - URL:http://www.ciac.org/ciac/bulletins/o-121.shtml - CIAC:O-126 - URL:http://www.ciac.org/ciac/bulletins/o-126.shtml - CIAC:O-127 - URL:http://www.ciac.org/ciac/bulletins/o-127.shtml - CIAC:O-145 - URL:http://www.ciac.org/ciac/bulletins/o-145.shtml - BID:9570 - URL:http://www.securityfocus.com/bid/9570 - SECUNIA:10782 - URL:http://secunia.com/advisories/10782 - SECUNIA:10911 - URL:http://secunia.com/advisories/10911 - SECUNIA:10912 - URL:http://secunia.com/advisories/10912 - SECUNIA:11202 - URL:http://secunia.com/advisories/11202 - SECUNIA:11361 - URL:http://secunia.com/advisories/11361 - SECUNIA:11362 - URL:http://secunia.com/advisories/11362 - SECUNIA:11369 - URL:http://secunia.com/advisories/11369 - SECUNIA:11370 - URL:http://secunia.com/advisories/11370 - SECUNIA:11376 - URL:http://secunia.com/advisories/11376 - SECUNIA:11464 - URL:http://secunia.com/advisories/11464 - SECUNIA:11891 - URL:http://secunia.com/advisories/11891 - SECUNIA:12075 - URL:http://secunia.com/advisories/12075 - OVAL:OVAL1017 - URL:http://oval.mitre.org/oval/definitions/data/oval1017.html - OVAL:OVAL834 - URL:http://oval.mitre.org/oval/definitions/data/oval834.html - XF:linux-r128-gain-priviliges(15029) - URL:http://xforce.iss.net/xforce/xfdb/15029 -Description: - Unknown vulnerability in Linux kernel before 2.4.22 allows local users to - gain privileges, related to "R128 DRI limits checking." -Notes: -Bugs: -upstream: released (2.4.26-rc4, 2.6.4) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody2) -2.4.18-woody-security: released (2.4.18-14.3) -2.4.17-woody-security: released (2.4.17-1woody3) -2.4.16-woody-security: released (2.4.16-1woody2) -2.4.17-woody-security-hppa: released (32.4, 62.3) -2.4.17-woody-security-ia64: released (011226.17) -2.4.18-woody-security-hppa: released (62.3) diff --git a/patch-tracking/retired/CVE-2004-0010 b/patch-tracking/retired/CVE-2004-0010 deleted file mode 100644 index 5420ca926..000000000 --- a/patch-tracking/retired/CVE-2004-0010 +++ /dev/null @@ -1,16 +0,0 @@ -Candidate: CVE-2004-0010 -References: -Description: -Notes: -Bugs: -upstream: released (2.4.25-pre7), released (2.6.3) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody2) -2.4.18-woody-security: released (2.4.18-14.3) -2.4.17-woody-security: released (2.4.17-1woody3) -2.4.16-woody-security: released (2.4.16-1woody2) -2.4.17-woody-security-hppa: released (32.4, 62.3) -2.4.17-woody-security-ia64: released (011226.17) -2.4.18-woody-security-hppa: released (62.3) diff --git a/patch-tracking/retired/CVE-2004-0077 b/patch-tracking/retired/CVE-2004-0077 deleted file mode 100644 index 02f16cd4c..000000000 --- a/patch-tracking/retired/CVE-2004-0077 +++ /dev/null @@ -1,57 +0,0 @@ -Candidate: CVE-2004-0077 -References: - BUGTRAQ:20040218 Second critical mremap() bug found in all Linux kernels - VULNWATCH:20040218 Second critical mremap() bug found in all Linux kernels - MISC:http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt - CONECTIVA:CLA-2004:820 - DEBIAN:DSA-438 - DEBIAN:DSA-439 - DEBIAN:DSA-440 - DEBIAN:DSA-441 - DEBIAN:DSA-442 - DEBIAN:DSA-444 - DEBIAN:DSA-450 - DEBIAN:DSA-453 - DEBIAN:DSA-454 - DEBIAN:DSA-456 - DEBIAN:DSA-466 - DEBIAN:DSA-470 - DEBIAN:DSA-514 - DEBIAN:DSA-475 - REDHAT:RHSA-2004:065 - REDHAT:RHSA-2004:066 - REDHAT:RHSA-2004:069 - REDHAT:RHSA-2004:106 - SLACKWARE:SSA:2004-049 - SUSE:SuSE-SA:2004:005 - TRUSTIX:2004-0007 - TRUSTIX:2004-0008 - GENTOO:GLSA-200403-02 - CERT-VN:VU#981222 - XF:linux-mremap-gain-privileges(15244) - BID:9686 - OSVDB:3986 - OVAL:OVAL825 - OVAL:OVAL837 -Description: - The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 - to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the - do_munmap function when the maximum number of VMA descriptors is exceeded, - which allows local users to gain root privileges, a different vulnerability - than CAN-2003-0985. -Notes: - dannf> we think these are the patches: - 2.6: http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=59287e5eef8d33dcd842852a898b43a81fe0b2c2 - 2.4: http://linux.bkbits.net:8080/linux-2.4/cset@40327d9fxQLz7BU9yAATPsFlWiSG0A?nav=index.html|src/|src/mm|related/mm/mremap.c -Bugs: -upstream: released (2.4.25-rc4, 2.6.3) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody1) -2.4.18-woody-security: released (2.4.18-14.2) -2.4.17-woody-security: released (2.4.17-1woody2) -2.4.16-woody-security: released (2.4.16-1woody2) -2.4.17-woody-security-hppa: released (32.3, 62.3) -2.4.17-woody-security-ia64: released (011226.16) -2.4.18-woody-security-hppa: released (62.2) diff --git a/patch-tracking/retired/CVE-2004-0109 b/patch-tracking/retired/CVE-2004-0109 deleted file mode 100644 index fc67f7535..000000000 --- a/patch-tracking/retired/CVE-2004-0109 +++ /dev/null @@ -1,16 +0,0 @@ -Candidate: -References: -Description: -Notes: -Bugs: -upstream: released (2.4.26-rc4), released (2.6.6) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody2) -2.4.18-woody-security: released (2.4.18-14.3) -2.4.17-woody-security: released (2.4.17-1woody3) -2.4.16-woody-security: released (2.4.16-1woody2) -2.4.17-woody-security-hppa: released (32.4, 62.3) -2.4.17-woody-security-ia64: released (011226.17) -2.4.18-woody-security-hppa: released (62.3) diff --git a/patch-tracking/retired/CVE-2004-0133 b/patch-tracking/retired/CVE-2004-0133 deleted file mode 100644 index dd6420aad..000000000 --- a/patch-tracking/retired/CVE-2004-0133 +++ /dev/null @@ -1,29 +0,0 @@ -Candidate: CVE-2004-0133 -References: - http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html - http://security.gentoo.org/glsa/glsa-200407-02.xml - http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:029 - ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc - http://marc.theaimsgroup.com/?l=bugtraq&m=108213675028441&w=2 - http://www.securityfocus.com/bid/10151 - http://secunia.com/advisories/11362 - http://xforce.iss.net/xforce/xfdb/15901 -Description: - The XFS file system code in Linux 2.4.x has an information leak in which - in-memory data is written to the device for the XFS file system, which - allows local users to obtain sensitive information by reading the raw device. -Notes: - jmm> Woody is not affected, as XFS was only added to the kernel in 2.4.25 - dannf> I never did find the actual patch - upstream fixed versions are - dannf> based on the securityfocus page above. -Bugs: -upstream: released (2.4.26-rc2, 2.6.5) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2004-0136 b/patch-tracking/retired/CVE-2004-0136 deleted file mode 100644 index 77047ee20..000000000 --- a/patch-tracking/retired/CVE-2004-0136 +++ /dev/null @@ -1,46 +0,0 @@ -Candidate: CVE-2004-0136 -References: - REDHAT:RHSA-2004:549 - URL:http://www.redhat.com/support/errata/RHSA-2004-549.html - SGI:20040601-01-P - URL:ftp://patches.sgi.com/support/free/security/advisories/20040601-01-P.asc - XF:irix-mapelf32exec-dos(16416) - URL:http://xforce.iss.net/xforce/xfdb/16416 - BID:10547 - URL:http://www.securityfocus.com/bid/10547 -Description: - The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local - users to cause a denial of service (system crash) via a "corrupted binary." -Notes: - Strange description, but I think this is actually a Linux issue; note the - RedHat URLs above. - dannf> I think I've traced this issue back to a flawed bug report, and that - dannf> this is really CAN-2004-0138. - + mitre references a RedHat advisory for this, RHSA-2004:504-13 - + RHSA-2004:504-13 does in fact reference CVE-2004-0136 - + RedHat notes that their fixed src.rpm is kernel-2.4.18-e.52.src.rpm - + The changelog in the spec file in the above .src.rpm contains the following - entry: - * Tue Nov 16 2004 Jim Paradis - - Fixes for security holes in binfmt_elf loader (Dave Anderson, - Jim Paradis), bugs 127916, 134876 - + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127916 references - CVE-2004-0136, but the patches it links to are the fixes for - CVE-2004-0138 - jmm> Red Hat accidentally used CVE-2004-0138 for this in an advisory, pulling - jmm> over the entries from it - jmm> I've verified that the fix from - jmm> http://linux.bkbits.net:8080/linux-2.4/gnupatch@4021346f79nBb-4X_usRikR3Iyb4Vg - jmm> is included in 2.6.8, thus marking 2.6.8 and linux-2.6 N/A -Bugs: -upstream: released (2.4.25-rc1) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2004-0138 b/patch-tracking/retired/CVE-2004-0138 deleted file mode 100644 index e2f1e3b58..000000000 --- a/patch-tracking/retired/CVE-2004-0138 +++ /dev/null @@ -1,23 +0,0 @@ -Candidate: CVE-2004-0138 -References: -Description: -Notes: - Still marked **RESERVED** - dannf> However, it was already fixed in woody, whose changelog says: - * Applied patch by Chris Wright to denial of service in the ELF loader - when the interpreter architecture doesn't match the current one - - [fs/binfmt_elf.c, CAN-2004-0138] - jmm> This was a previous Red Hat internal name for CVE-2004-0136, so - jmm> Red hat advisories, which fix this are in fact for CVE-2004-0136 -Bugs: -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2004-0177 b/patch-tracking/retired/CVE-2004-0177 deleted file mode 100644 index f42298e4e..000000000 --- a/patch-tracking/retired/CVE-2004-0177 +++ /dev/null @@ -1,28 +0,0 @@ -Candidate: CVE-2004-0177 -References: -Description: -Notes: - jmm> This is resolved by the following patch by tytso: - jmm>--- kernel-source-2.4.18-2.4.18.orig/fs/jbd/journal.c - jmm>+++ kernel-source-2.4.18-2.4.18/fs/jbd/journal.c - jmm>@@ -671,6 +671,7 @@ - jmm> - jmm> bh = getblk(journal->j_dev, blocknr, journal->j_blocksize); - jmm> lock_buffer(bh); - jmm>+ memset(bh->b_data, 0, journal->j_blocksize); - jmm> BUFFER_TRACE(bh, "return this buffer"); - jmm> return journal_add_journal_head(bh); - jmm> } - jmm> This fix is present in 2.4.27 and 2.6.8, so marking them and l-2.6 N/A -Bugs: -upstream: released (2.4.26-pre4) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody2) -2.4.18-woody-security: released (2.4.18-14.3) -2.4.17-woody-security: released (2.4.17-1woody3) -2.4.16-woody-security: released (2.4.16-1woody2) -2.4.17-woody-security-hppa: released (32.4, 62.3) -2.4.17-woody-security-ia64: released (011226.17) -2.4.18-woody-security-hppa: released (62.3) diff --git a/patch-tracking/retired/CVE-2004-0178 b/patch-tracking/retired/CVE-2004-0178 deleted file mode 100644 index 3594c976e..000000000 --- a/patch-tracking/retired/CVE-2004-0178 +++ /dev/null @@ -1,40 +0,0 @@ -Candidate: CVE-2004-0178 -References: - http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846 - http://www.debian.org/security/2004/dsa-479 - http://www.debian.org/security/2004/dsa-480 - http://www.debian.org/security/2004/dsa-481 - http://www.debian.org/security/2004/dsa-482 - http://www.debian.org/security/2004/dsa-489 - http://www.debian.org/security/2004/dsa-491 - http://www.debian.org/security/2004/dsa-495 - http://security.gentoo.org/glsa/glsa-200407-02.xml - http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:029 - http://www.redhat.com/support/errata/RHSA-2004-413.html - http://www.redhat.com/support/errata/RHSA-2004-437.html - ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc - http://linux.bkbits.net:8080/linux-2.4/cset@404ce5967rY2Ryu6Z_uNbYh643wuFA - http://www.ciac.org/ciac/bulletins/o-121.shtml - http://www.ciac.org/ciac/bulletins/o-127.shtml - http://www.ciac.org/ciac/bulletins/o-193.shtml - http://www.securityfocus.com/bid/9985 - http://xforce.iss.net/xforce/xfdb/15868 -Description: - The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x - before 2.4.26, when operating in 16 bit mode, does not properly - handle certain sample sizes, which allows local users to cause a - denial of service (crash) via a sample with an odd number of bytes. -Notes: - jmm> I've verified that above patch is included in 2.6.8 -Bugs: -upstream: released (2.4.26-pre3) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody2) -2.4.18-woody-security: released (2.4.18-14.3) -2.4.17-woody-security: released (2.4.17-1woody3) -2.4.16-woody-security: released (2.4.16-1woody2) -2.4.17-woody-security-hppa: released (32.4, 62.3) -2.4.17-woody-security-ia64: released (011226.17) -2.4.18-woody-security-hppa: released (62.3) diff --git a/patch-tracking/retired/CVE-2004-0181 b/patch-tracking/retired/CVE-2004-0181 deleted file mode 100644 index 0d56ff397..000000000 --- a/patch-tracking/retired/CVE-2004-0181 +++ /dev/null @@ -1,27 +0,0 @@ -Candidate: CVE-2004-0181 -References: - http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html - http://security.gentoo.org/glsa/glsa-200407-02.xml - http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:029 - http://marc.theaimsgroup.com/?l=bugtraq&m=108213675028441&w=2 - http://www.turbolinux.com/security/2004/TLSA-2004-14.txt - http://www.securityfocus.com/bid/10143 - http://xforce.iss.net/xforce/xfdb/15902 -Description: - The JFS file system code in Linux 2.4.x has an information leak in which - in-memory data is written to the device for the JFS file system, which allows - local users to obtain sensitive information by reading the raw device. -Notes: - jmm> JFS was merged into the 2.4 kernel in 2.4.20-pre4 and into 2.6 at 2.6.5-rc2, - jmm> so I'm marking all versions N/A -Bugs: -upstream: released (2.4.26-pre5), released (2.6.5-rc2) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2004-0228 b/patch-tracking/retired/CVE-2004-0228 deleted file mode 100644 index 4b6758bb7..000000000 --- a/patch-tracking/retired/CVE-2004-0228 +++ /dev/null @@ -1,33 +0,0 @@ -Candidate: CVE-2004-0228 -References: - http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852 - http://www.redhat.com/archives/fedora-announce-list/2004-April/msg00010.html - http://security.gentoo.org/glsa/glsa-200407-02.xml - http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:050 - http://www.novell.com/linux/security/advisories/2004_10_kernel.html - http://secunia.com/advisories/11429 - http://secunia.com/advisories/11464 - http://secunia.com/advisories/11486 - http://secunia.com/advisories/11491 - http://secunia.com/advisories/11683 - http://xforce.iss.net/xforce/xfdb/15951 -Description: - Integer signedness error in the cpufreq proc handler (cpufreq_procctl) in - Linux kernel 2.6 allows local users to gain privileges. -Notes: - jmm> 2.4 does not have cpufreq - jmm> In 2.6 the affected code has changed to drivers/cpufreq/cpufreq_userspace.c - jmm> I've verified that the isolated patch from - jmm> http://www.ultramonkey.org/bugs/cve-patch/CAN-2004-0228.patch - jmm> is included in 2.6.8 -Bugs: -upstream: -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2004-0229 b/patch-tracking/retired/CVE-2004-0229 deleted file mode 100644 index 08ee50796..000000000 --- a/patch-tracking/retired/CVE-2004-0229 +++ /dev/null @@ -1,16 +0,0 @@ -Candidate: CVE-2004-0229 -References: -Description: -Notes: - jmm> 2.4 is not affected by this problem. -Bugs: -upstream: released (2.6.6) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2004-0394 b/patch-tracking/retired/CVE-2004-0394 deleted file mode 100644 index 438a46004..000000000 --- a/patch-tracking/retired/CVE-2004-0394 +++ /dev/null @@ -1,39 +0,0 @@ -Candidate: CVE-2004-0394 -References: - CONECTIVA:CLA-2004:846 - URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846 - GENTOO:GLSA-200407-02 - URL:http://security.gentoo.org/glsa/glsa-200407-02.xml - MANDRAKE:MDKSA-2004:037 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:037 - MLIST:[fedora-announce] 20040422 Fedora alert FEDORA-2004-111 (kernel) - URL:http://lwn.net/Articles/81773/ - ENGARDE:ESA-20040428-004 - URL:http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html - SGI:20040504-01-U - URL:ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc - SGI:20040505-01-U - URL:ftp://patches.sgi.com/support/free/security/advisories/20040505-01-U.asc - SUSE:SuSE-SA:2004:010 - URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html - XF:linux-panic-bo(15953) - URL:http://xforce.iss.net/xforce/xfdb/15953 -Description: - A "potential" buffer overflow exists in the panic() function in Linux 2.4.x, - although it may not be exploitable due to the functionality of panic. -Notes: - jmm> I've verified 2.6.8 to contain the correct vsnprintf() call - jmm> For 2.4 it's fixed in 2.4.32, but unfixed in 2.4.27. I'm marking it - jmm> needed, although I guess it's not exploitable -Bugs: -upstream: released (2.4.28-pre1) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: released (2.4.27-1) -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2004-0415 b/patch-tracking/retired/CVE-2004-0415 deleted file mode 100644 index 89c5fdc05..000000000 --- a/patch-tracking/retired/CVE-2004-0415 +++ /dev/null @@ -1,42 +0,0 @@ -Candidate: CVE-2004-0415 -References: - CONECTIVA:CLA-2004:879 - URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000879 - GENTOO:GLSA-200408-24 - URL:http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml - MANDRAKE:MDKSA-2004:087 - URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:087 - REDHAT:RHSA-2004:413 - URL:http://www.redhat.com/support/errata/RHSA-2004-413.html - REDHAT:RHSA-2004:418 - URL:http://www.redhat.com/support/errata/RHSA-2004-418.html - SGI:20040804-01-U - URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc - XF:linux-pointer-info-disclosure(16877) - URL:http://xforce.iss.net/xforce/xfdb/16877 -Description: - Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, - which allows local users to access portions of kernel memory. -Notes: - dannf> Based on the 2.4.27 changelog, I think this is the 2.4 fix: - http://linux.bkbits.net:8080/linux-2.4/cset@411064f7uz3rKDb73dEb4vCqbjEIdw?nav=index.html|src/|src/drivers|src/drivers/char|related/drivers/char/i8k.c - and - http://linux.bkbits.net:8080/linux-2.4/cset@41113629fBqsXgKVAey-EzhZOkS2Lw?nav=index.html|src/|src/net|src/net/atm|related/net/atm/br2684.c - Which doesn't look like it ever made 2.6. - . - dannf> I've asked Al Viro & Marcelo for more info - dannf> Marcelo says: - 2.6 avoids the file offset race by having a copy of it at the high - level VFS functions, its safe. -Bugs: -upstream: released (2.4.27-rc5) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2004-0427 b/patch-tracking/retired/CVE-2004-0427 deleted file mode 100644 index 048cc7e6f..000000000 --- a/patch-tracking/retired/CVE-2004-0427 +++ /dev/null @@ -1,70 +0,0 @@ -Candidate: CVE-2004-0427 -References: - MLIST:[linux-kernel] 20040408 [PATCH]: 2.4/2.6 do_fork() error path memory leak - URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=108139073506983&w=2 - CONECTIVA:CLA-2004:846 - URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846 - ENGARDE:ESA-20040428-004 - FEDORA:FEDORA-2004-111 - URL:http://fedoranews.org/updates/FEDORA-2004-111.shtml - GENTOO:GLSA-200407-02 - URL:http://security.gentoo.org/glsa/glsa-200407-02.xml - MANDRAKE:MDKSA-2004:037 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:037 - REDHAT:RHSA-2004:255 - URL:http://www.redhat.com/support/errata/RHSA-2004-255.html - REDHAT:RHSA-2004:260 - URL:http://www.redhat.com/support/errata/RHSA-2004-260.html - REDHAT:RHSA-2004:327 - URL:http://www.redhat.com/support/errata/RHSA-2004-327.html - SGI:20040504-01-U - URL:ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc - SGI:20040505-01-U - URL:ftp://patches.sgi.com/support/free/security/advisories/20040505-01-U.asc - SUSE:SuSE-SA:2004:010 - URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html - TURBO:TLSA-2004-14 - URL:http://www.turbolinux.com/security/2004/TLSA-2004-14.txt - MISC:http://linux.bkbits.net:8080/linux-2.4/cset@407bf20eDeeejm8t36_tpvSE-8EFHA - MISC:http://linux.bkbits.net:8080/linux-2.6/cset@407b1217x4jtqEkpFW2g_-RcF0726A - CIAC:O-164 - URL:http://www.ciac.org/ciac/bulletins/o-164.shtml - BID:10221 - URL:http://www.securityfocus.com/bid/10221 - SECUNIA:11429 - URL:http://secunia.com/advisories/11429 - SECUNIA:11464 - URL:http://secunia.com/advisories/11464 - SECUNIA:11486 - URL:http://secunia.com/advisories/11486 - SECUNIA:11541 - URL:http://secunia.com/advisories/11541 - SECUNIA:11861 - URL:http://secunia.com/advisories/11861 - SECUNIA:11891 - URL:http://secunia.com/advisories/11891 - SECUNIA:11892 - URL:http://secunia.com/advisories/11892 - OVAL:OVAL2819 - URL:http://oval.mitre.org/oval/definitions/data/oval2819.html - XF:linux-dofork-memory-leak(16002) - URL:http://xforce.iss.net/xforce/xfdb/16002 -Description: - The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, - does not properly decrement the mm_count counter when an error occurs after - the mm_struct for a child process has been activated, which triggers a memory - leak that allows local users to cause a denial of service (memory exhaustion) - via the clone (CLONE_VM) system call. -Notes: -Bugs: -upstream: released (2.4.26, 2.6.6) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2004-0447 b/patch-tracking/retired/CVE-2004-0447 deleted file mode 100644 index b3c51eef0..000000000 --- a/patch-tracking/retired/CVE-2004-0447 +++ /dev/null @@ -1,37 +0,0 @@ -Candidate: CVE-2004-0447 -References: - MLIST:[owl-users] 20040619 Linux 2.4.26-ow2 - URL:http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html - GENTOO:GLSA-200407-16 - URL:http://security.gentoo.org/glsa/glsa-200407-16.xml - REDHAT:RHSA-2004:413 - URL:http://www.redhat.com/support/errata/RHSA-2004-413.html - SGI:20040804-01-U - URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc - CIAC:O-193 - URL:http://www.ciac.org/ciac/bulletins/o-193.shtml - BID:10783 - URL:http://www.securityfocus.com/bid/10783 - XF:linux-ia64-dos(16661) - URL:http://xforce.iss.net/xforce/xfdb/16661 -Description: - Unknown vulnerability in Linux before 2.4.26 for IA64 allows local users to - cause a denial of service, with unknown impact. NOTE: due to a typo, this - issue was accidentally assigned CVE-2004-0477. This is the proper candidate to - use for the Linux local DoS. -Notes: - jmm> I've verified that the patch from David Mosberger available at - jmm> http://marc.theaimsgroup.com/?l=linux-ia64&m=108026377907667&w=2 - jmm> is included in stock 2.4.27 and 2.6.8, so it's N/A. -Bugs: -upstream: -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2004-0491 b/patch-tracking/retired/CVE-2004-0491 deleted file mode 100644 index 245dac3b2..000000000 --- a/patch-tracking/retired/CVE-2004-0491 +++ /dev/null @@ -1,27 +0,0 @@ -Candidate: CVE-2004-0491 -References: - CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126411 - MLIST:[linux-kernel] 20040402 Re: disable-cap-mlock - URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=108087017610947&w=2 - OVAL:OVAL1117 - URL:http://oval.mitre.org/oval/definitions/data/oval1117.html -Description: - The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly - maintain the mlock page count when one process unlocks pages that belong to - another process, which allows local users to mlock more memory than specified - by the rlimit. -Notes: - dannf> It doesn't look like the code in linux-2.4.21-mlock.patch was ever - dannf> accepted upstream in 2.4 or 2.6, so it doesn't apply to us. -Bugs: -upstream: N/A -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2004-0495 b/patch-tracking/retired/CVE-2004-0495 deleted file mode 100644 index d0aed8aaf..000000000 --- a/patch-tracking/retired/CVE-2004-0495 +++ /dev/null @@ -1,48 +0,0 @@ -Candidate: CVE-2004-0495 -References: - CONECTIVA:CLA-2004:845 - URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845 - CONECTIVA:CLA-2004:846 - URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846 - FEDORA:FEDORA-2004-186 - URL:http://lwn.net/Articles/91155/ - GENTOO:GLSA-200407-02 - URL:http://security.gentoo.org/glsa/glsa-200407-02.xml - MANDRAKE:MDKSA-2004:066 - URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066 - REDHAT:RHSA-2004:255 - URL:http://www.redhat.com/support/errata/RHSA-2004-255.html - REDHAT:RHSA-2004:260 - URL:http://www.redhat.com/support/errata/RHSA-2004-260.html - SUSE:SUSE-SA:2004:020 - URL:http://www.novell.com/linux/security/advisories/2004_20_kernel.html - OVAL:OVAL2961 - URL:http://oval.mitre.org/oval/definitions/data/oval2961.html - XF:linux-drivers-gain-privileges(16449) - URL:http://xforce.iss.net/xforce/xfdb/16449 - BID:10566 - URL:http://www.securityfocus.com/bid/10566 -Description: - Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users - to gain privileges or access kernel memory, as found by the Sparse source code - checking tool. -Notes: - dannf> 2.4 patches: - http://linux.bkbits.net:8080/linux-2.4/cset@40d972a19cY-Al1qQickpmg8z_gxmg?nav=index.html|src/|src/net|src/net/decnet|related/net/decnet/dn_dev.c - http://linux.bkbits.net:8080/linux-2.4/cset@40d97303iUWCFF5wizAKNT5CC5ctJg?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/mpu401.c - http://linux.bkbits.net:8080/linux-2.4/cset@40d973835aLERLaEv4dP6Hjw31Nn5A?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/msnd.h - http://linux.bkbits.net:8080/linux-2.4/cset@40d973d9FCCgP1ZDVGknBTDKgDXw6w?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/pss.c - http://linux.bkbits.net:8080/linux-2.4/cset@40d9743al24lCKKm8wbRs-S_2CgWTA?nav=index.html|src/|src/drivers|src/drivers/net|src/drivers/net/wireless|related/drivers/net/wireless/airo.c - http://linux.bkbits.net:8080/linux-2.4/cset@40d975a2Ttlhd2amhkcgbfzndDMUZA?nav=index.html|src/|src/drivers|src/drivers/acpi|related/drivers/acpi/asus_acpi.c -Bugs: -upstream: released (2.4.27-rc2, 2.6.7) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2004-0496 b/patch-tracking/retired/CVE-2004-0496 deleted file mode 100644 index 762a0bb02..000000000 --- a/patch-tracking/retired/CVE-2004-0496 +++ /dev/null @@ -1,26 +0,0 @@ -Candidate: CVE-2004-0496 -References: - http://www.novell.com/linux/security/advisories/2004_20_kernel.html - http://xforce.iss.net/xforce/xfdb/16625 -Description: - Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain - privileges or access kernel memory, a different set of vulnerabilities than - those identified in CVE-2004-0495, as found by the Sparse source code checking - tool. -Notes: - dannf> I wasn't able to find the patches for this, but the description and - dannf> vendor advisories only note 2.6, so I'm assuming these are 2.6-only. - dannf> The description says this affects < 2.6.7. 2.6.7 contains a bunch - dannf> of sparse fixes in the changelog, so I'll label upstream - dannf> as fixed in 2.6.7. -Bugs: -upstream: released (2.6.7) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2004-0497 b/patch-tracking/retired/CVE-2004-0497 deleted file mode 100644 index 2addb7105..000000000 --- a/patch-tracking/retired/CVE-2004-0497 +++ /dev/null @@ -1,33 +0,0 @@ -Candidate: CVE-2004-0497 -References: - CONECTIVA:CLA-2004:852 - URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852 - MANDRAKE:MDKSA-2004:066 - URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066 - REDHAT:RHSA-2004:354 - URL:http://www.redhat.com/support/errata/RHSA-2004-354.html - REDHAT:RHSA-2004:360 - URL:http://www.redhat.com/support/errata/RHSA-2004-360.html - SUSE:SUSE-SA:2004:020 - URL:http://www.novell.com/linux/security/advisories/2004_20_kernel.html - XF:linux-fchown-groupid-modify(16599) - URL:http://xforce.iss.net/xforce/xfdb/16599 -Description: - Unknown vulnerability in Linux kernel 2.x may allow local users to modify the - group ID of files, such as NFS exported files in kernel 2.4. -Notes: - Changelog shows fixed in 2.4.26-3 - 2.6 patch: - http://linux.bkbits.net:8080/linux-2.6/cset@40e62e18vom8K1fHgbJfe1oQ6mdkkQ?nav=index.html|src/|src/fs|related/fs/attr.c -Bugs: -upstream: released (2.4.27, 2.6.8) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: released (2.4.27-1) -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2004-0535 b/patch-tracking/retired/CVE-2004-0535 deleted file mode 100644 index 63948c790..000000000 --- a/patch-tracking/retired/CVE-2004-0535 +++ /dev/null @@ -1,44 +0,0 @@ -Candidate: CVE-2004-0535 -References: - CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.27.log - CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125168 - CONECTIVA:CLA-2004:845 - URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845 - FEDORA:FEDORA-2004-186 - URL:http://lwn.net/Articles/91155/ - GENTOO:GLSA-200407-02 - URL:http://security.gentoo.org/glsa/glsa-200407-02.xml - MANDRAKE:MDKSA-2004:062 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:062 - REDHAT:RHSA-2004:413 - URL:http://www.redhat.com/support/errata/RHSA-2004-413.html - REDHAT:RHSA-2004:418 - URL:http://www.redhat.com/support/errata/RHSA-2004-418.html - SGI:20040804-01-U - URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc - SUSE:SUSE-SA:2004:020 - URL:http://www.novell.com/linux/security/advisories/2004_20_kernel.html - XF:linux-e1000-bo(16159) - URL:http://xforce.iss.net/xforce/xfdb/16159 - BID:10352 - URL:http://www.securityfocus.com/bid/10352 -Description: - The e1000 driver for Linux kernel 2.4.26 and earlier does not properly - initialize memory before using it, which allows local users to read portions - of kernel memory. NOTE: this issue was originally incorrectly reported as a - "buffer overflow" by some sources. -Notes: - Patch: - http://linux.bkbits.net:8080/linux-2.6/cset@4084025a6AP3ORKQ7iaTFCmOGvTJXw?nav=index.html|src/|src/drivers|src/drivers/net|src/drivers/net/e1000|related/drivers/net/e1000/e1000_ethtool.c -Bugs: -upstream: released (2.4.27, 2.6.6) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: needed -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2004-0554 b/patch-tracking/retired/CVE-2004-0554 deleted file mode 100644 index 6e11727f3..000000000 --- a/patch-tracking/retired/CVE-2004-0554 +++ /dev/null @@ -1,54 +0,0 @@ -Candidate: CVE-2004-0554 -References: - MISC:http://gcc.gnu.org/bugzilla/show_bug.cgi?id=15905 - MISC:http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html - MLIST:[linux-kernel] 20040609 timer + fpu stuff locks my console race - URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=108681568931323&w=2 - CONECTIVA:CLA-2004:845 - URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845 - ENGARDE:ESA-20040621-005 - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108793699910896&w=2 - FEDORA:FEDORA-2004-186 - URL:http://lwn.net/Articles/91155/ - GENTOO:GLSA-200407-02 - URL:http://security.gentoo.org/glsa/glsa-200407-02.xml - MANDRAKE:MDKSA-2004:062 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:062 - REDHAT:RHSA-2004:255 - URL:http://www.redhat.com/support/errata/RHSA-2004-255.html - REDHAT:RHSA-2004:260 - URL:http://www.redhat.com/support/errata/RHSA-2004-260.html - SUSE:SuSE-SA:2004:017 - URL:http://www.novell.com/linux/security/advisories/2004_17_kernel.html - TRUSTIX:2004-0034 - URL:http://www.trustix.net/errata/2004/0034/ - BUGTRAQ:20040620 TSSA-2004-011 - kernel - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108786114032681&w=2 - CERT-VN:VU#973654 - URL:http://www.kb.cert.org/vuls/id/973654 - OVAL:OVAL2915 - URL:http://oval.mitre.org/oval/definitions/data/oval2915.html - XF:linux-dos(16412) - URL:http://xforce.iss.net/xforce/xfdb/16412 - BID:10566 - URL:http://www.securityfocus.com/bid/10566 -Description: - Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of - service (system crash), possibly via an infinite loop that triggers a signal - handler with a certain sequence of fsave and frstor instructions, as - originally demonstrated using a "crash.c" program. -Notes: - jmm> I don't know at which version this was merged, but I've verified that - jmm> the stock 2.4.27 and 2.6.8 contain the fix -Bugs: 261521 -upstream: -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2004-0565 b/patch-tracking/retired/CVE-2004-0565 deleted file mode 100644 index a49abb1f1..000000000 --- a/patch-tracking/retired/CVE-2004-0565 +++ /dev/null @@ -1,30 +0,0 @@ -Candidate: CVE-2004-0565 -References: - MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734 - MLIST:[owl-users] 20040619 Linux 2.4.26-ow2 - URL:http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html - MANDRAKE:MDKSA-2004:066 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:066 - XF:linux-ia64-info-disclosure(16644) - URL:http://xforce.iss.net/xforce/xfdb/16644 -Description: - Floating point information leak in the context switch code for Linux 2.4.x - only checks the MFH bit but does not verify the FPH owner, which allows local - users to read register values of other processes by setting the MFH bit. -Notes: - jmm> I've verified that the check for FPH ownership is included in stock 2.6.8: - jmm> # define switch_to(prev,next,last) do { \ - jmm> if (ia64_psr(ia64_task_regs(prev))->mfh && ia64_is_local_fpu_owner(prev)) { - jmm> So it's N/A, but I don't know at which time it was fixed upstream -Bugs: -upstream: released (2.4.27) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2004-0587 b/patch-tracking/retired/CVE-2004-0587 deleted file mode 100644 index 72028b0d7..000000000 --- a/patch-tracking/retired/CVE-2004-0587 +++ /dev/null @@ -1,41 +0,0 @@ -Candidate: CVE-2004-0587 -References: - FEDORA:FEDORA-2004-186 - URL:http://lwn.net/Articles/91155/ - MANDRAKE:MDKSA-2004:066 - URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066 - REDHAT:RHSA-2004:413 - URL:http://www.redhat.com/support/errata/RHSA-2004-413.html - REDHAT:RHSA-2004:418 - URL:http://www.redhat.com/support/errata/RHSA-2004-418.html - SGI:20040804-01-U - URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc - SUSE:SuSE-SA:2004:010 - URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html - BID:10279 - URL:http://www.securityfocus.com/bid/10279 - SECTRACK:1010057 - URL:http://securitytracker.com/id?1010057 - XF:suse-hbaapinode-dos(16062) - URL:http://xforce.iss.net/xforce/xfdb/16062 -Description: - Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux - allows local users to cause a denial of service. -Notes: - 2.4.26-3 has the note: - CVE-2004-0587 code is not present, not vulnerable - So the question is, did the code get added when we moved to 2.4.27, and - was it still vulnerable? - dannf> Nope; qla2xxx isn't in 2.4.27 -Bugs: -upstream: -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: needed -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2004-0596 b/patch-tracking/retired/CVE-2004-0596 deleted file mode 100644 index 1ab8f8351..000000000 --- a/patch-tracking/retired/CVE-2004-0596 +++ /dev/null @@ -1,24 +0,0 @@ -Candidate: CVE-2004-0596 -References: - CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@40d4aa72hPLWy-jMLr0eJAXMxHcNZg - XF:linux-eql-dos(16694) - URL:http://xforce.iss.net/xforce/xfdb/16694 - BID:10730 - URL:http://www.securityfocus.com/bid/10730 -Description: - The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux - kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a - non-existent device name that triggers a null dereference. -Notes: -Bugs: -upstream: released (2.4.27-rc2) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2004-0619 b/patch-tracking/retired/CVE-2004-0619 deleted file mode 100644 index 1cb869e36..000000000 --- a/patch-tracking/retired/CVE-2004-0619 +++ /dev/null @@ -1,28 +0,0 @@ -Candidate: CVE-2004-0619 -References: - http://marc.theaimsgroup.com/?l=bugtraq&m=108802653409053&w=2 - http://www.redhat.com/support/errata/RHSA-2004-549.html - http://www.redhat.com/support/errata/RHSA-2005-283.html - http://www.ciac.org/ciac/bulletins/p-047.shtml - http://www.securityfocus.com/bid/10599 - http://secunia.com/advisories/11936 - http://xforce.iss.net/xforce/xfdb/16459 -Description: - Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 - cryptonet driver allows local users to cause a denial of service (crash) - and possibly execute arbitrary code via a negative add_dsa_buf_bytes - variable, which leads to a buffer overflow. -Notes: - jmm> I've checked 2.6.8, 2.4.27 and 2.6.14, this is not included in the - jmm> stock kernel, only in Red Hat's. I'm marking Woody N/A as well. -Bugs: -upstream: N/A -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2004-0626 b/patch-tracking/retired/CVE-2004-0626 deleted file mode 100644 index 8f50960dd..000000000 --- a/patch-tracking/retired/CVE-2004-0626 +++ /dev/null @@ -1,27 +0,0 @@ -Candidate: CVE-2004-0626 -References: - http://marc.theaimsgroup.com/?l=bugtraq&m=108861141304495&w=2 - http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852 - http://lwn.net/Articles/91964/ - http://www.gentoo.org/security/en/glsa/glsa-200407-12.xml - http://www.novell.com/linux/security/advisories/2004_20_kernel.html - http://xforce.iss.net/xforce/xfdb/16554 -Description: - The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, - when using iptables and TCP options rules, allows remote attackers to cause a - denial of service (CPU consumption by infinite loop) via a large option length - that produces a negative integer after a casting operation to the char type. -Notes: - jmm> The bug was introduced during a rewrite of the code that accesses the skb's - jmm> during earlier 2.6 kernels. 2.4 has the correct u_int8_t declaration. -Bugs: -upstream: released (2.6.8) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2004-0685 b/patch-tracking/retired/CVE-2004-0685 deleted file mode 100644 index 131c021d2..000000000 --- a/patch-tracking/retired/CVE-2004-0685 +++ /dev/null @@ -1,36 +0,0 @@ -Candidate: CVE-2004-0685 -References: - FEDORA:FLSA:2336 - URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 - GENTOO:GLSA-200408-24 - URL:http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml - TRUSTIX:2004-0041 - URL:http://www.trustix.net/errata/2004/0041/ - CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127921 - CERT-VN:VU#981134 - URL:http://www.kb.cert.org/vuls/id/981134 - BID:10892 - URL:http://www.securityfocus.com/bid/10892 - XF:linux-usb-gain-privileges(16931) - URL:http://xforce.iss.net/xforce/xfdb/16931 - MISC:http://www.securityspace.com/smysecure/catid.html?id=14580 -Description: - Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on - uninitialized structures, which could allow local users to obtain sensitive - information by reading memory that was not cleared from previous usage. -Notes: - jmm> This was commited into the 2.5/2.6 version before in this changeset: - jmm> http://linux.bkbits.net:8080/linux-2.6/cset@3f986b35LyBKc-OxB8G6k22oOjgYTQ - jmm> So I'm marking all 2.6 versions N/A -Bugs: -upstream: released (2.4.27) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2004-0790 b/patch-tracking/retired/CVE-2004-0790 deleted file mode 100644 index 765295f8f..000000000 --- a/patch-tracking/retired/CVE-2004-0790 +++ /dev/null @@ -1,44 +0,0 @@ -Candidate: CVE-2004-0790 -References: - MISC:http://www.watersprings.org/pub/id/draft-gont-tcpm-icmp-attacks-03.txt - MISC:http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=en - MISC:http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html - HP:HPSBTU01210 - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112861397904255&w=2 - HP:SSRT4743 - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112861397904255&w=2 - HP:SSRT4884 - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112861397904255&w=2 - MS:MS05-019 - URL:http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx - SUNALERT:57746 - URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57746-1 - OVAL:OVAL3458 - URL:http://oval.mitre.org/oval/definitions/data/oval3458.html - OVAL:OVAL1910 - URL:http://oval.mitre.org/oval/definitions/data/oval1910.html - OVAL:OVAL4804 - URL:http://oval.mitre.org/oval/definitions/data/oval4804.html -Description: - Multiple TCP/IP and ICMP implementations allow remote attackers to cause a - denial of service (reset TCP connections) via spoofed ICMP error messages, aka - the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and - CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, - CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that - are SPLIT based on the underlying vulnerability. While CVE normally SPLITs - based on vulnerability, the attack-based identifiers exist due to the variety - and number of affected implementations and solutions that address the attacks - instead of the underlying vulnerabilities. -Notes: -Bugs: 305655 305664 -upstream: -linux-2.6: -2.6.8-sarge-security: released (2.6.8-16) [net-ipv4-icmp-quench.dpatch] -2.4.27-sarge-security: released (2.4.27-10) [164_net-ipv4-icmp-quench.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2004-0812 b/patch-tracking/retired/CVE-2004-0812 deleted file mode 100644 index f6fba4ae7..000000000 --- a/patch-tracking/retired/CVE-2004-0812 +++ /dev/null @@ -1,36 +0,0 @@ -Candidate: CVE-2004-0812 -References: - REDHAT:RHSA-2004:549 - URL:http://www.redhat.com/support/errata/RHSA-2004-549.html - CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@3fad673ber4GuU7iWppydzNIyLntEQ - CIAC:P-047 - URL:http://www.ciac.org/ciac/bulletins/p-047.shtml - BID:11794 - URL:http://www.securityfocus.com/bid/11794 - SECUNIA:13359 - URL:http://secunia.com/advisories/13359 - XF:linux-tss-gain-privilege(18346) - URL:http://xforce.iss.net/xforce/xfdb/18346 -Description: - Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and - Intel EM64T architectures, associated with "setting up TSS limits," allows - local users to cause a denial of service (crash) and possibly execute - arbitrary code. -Notes: - jmm> I've verified that above bkbits fixed is included in 2.6.8, so I'm - jmm> marking 2.6 N/A - jmm> The vulnerable code doesn't seem to be present in 2.4.27. Plus, 2.4 - jmm> is unsupported for amd64 anyway, so I'm marking it N/A as well for - jmm> the 2.4 kernels -Bugs: -upstream: released (2.6.0-test10) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2004-0814 b/patch-tracking/retired/CVE-2004-0814 deleted file mode 100644 index 6623e5027..000000000 --- a/patch-tracking/retired/CVE-2004-0814 +++ /dev/null @@ -1,38 +0,0 @@ -Candidate: CVE-2004-0814 -References: - BUGTRAQ:20041020 CVE-2004-0814: Linux terminal layer races - URL:http://www.securityfocus.com/archive/1/379005 - CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672 - CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110 - FEDORA:FLSA:2336 - URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 - MANDRAKE:MDKSA-2005:022 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 - BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2 - BID:11491 - URL:http://www.securityfocus.com/bid/11491 - BID:11492 - URL:http://www.securityfocus.com/bid/11492 - XF:linux-tiocsetd-race-condition(17816) - URL:http://xforce.iss.net/xforce/xfdb/17816 -Description: - Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x - before 2.6.9, allow (1) local users to obtain portions of kernel data via a - TIOCSETD ioctl call to a terminal interface that is being accessed by another - thread, or (2) remote attackers to cause a denial of service (panic) by - switching from console to PPP line discipline, then quickly sending data that - is received during the switch. -Notes: -Bugs: -upstream: released (2.6.9) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-8) [tty-locking-fixes.dpatch, tty-locking-fixes2.dpatch, tty-locking-fixes3.dpatch, tty-locking-fixes4.dpatch, tty-locking-fixes5.dpatch, tty-locking-fixes6.dpatch, tty-locking-fixes7.dpatch, tty-locking-fixes8.dpatch] -2.4.27-sarge-security: released (2.4.27-7) [093_tty_lockup.diff, 093_tty_lockup-2.diff, 115_tty_lockup-3.diff, 093-tty_lockup-3.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2004-0816 b/patch-tracking/retired/CVE-2004-0816 deleted file mode 100644 index db95f003e..000000000 --- a/patch-tracking/retired/CVE-2004-0816 +++ /dev/null @@ -1,35 +0,0 @@ -Candidate: CVE-2004-0816 -References: - MANDRAKE:MDKSA-2005:022 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 - SUSE:SUSE-SA:2004:037 - URL:http://www.novell.com/linux/security/advisories/2004_37_kernel.html - BID:11488 - URL:http://www.securityfocus.com/bid/11488 - SECUNIA:11202 - URL:http://secunia.com/advisories/11202/ - XF:linux-ip-packet-dos(17800) - URL:http://xforce.iss.net/xforce/xfdb/17800 -Description: - Integer underflow in the firewall logging rules for iptables in Linux before - 2.6.8 allows remote attackers to cause a denial of service (application crash) - via a malformed IP packet. -Notes: - jmm> Quoting from http://groups.google.com/group/nz.comp/msg/71ec927b491f247d: - jmm> The bug, discovered by Richard Hart, does not affect the 2.4 series kernel - jmm> Quoting from http://www.novell.com/linux/security/advisories/2004_37_kernel.html: - jmm> This problem has already been fixed in the 2.6.8 upstream Linux kernel, - jmm> this update contains a backport of the fix. - jmm> So I'm marking all kernels N/A -Bugs: -upstream: -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2004-0883 b/patch-tracking/retired/CVE-2004-0883 deleted file mode 100644 index fc843e977..000000000 --- a/patch-tracking/retired/CVE-2004-0883 +++ /dev/null @@ -1,48 +0,0 @@ -Candidate: CVE-2004-0883 -References: - BUGTRAQ:20041117 Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110072140811965&w=2 - MISC:http://security.e-matters.de/advisories/142004.html - BUGTRAQ:20041118 [USN-30-1] Linux kernel vulnerabilities - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110082989725345&w=2 - FEDORA:FLSA:2336 - URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 - MANDRAKE:MDKSA-2005:022 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 - REDHAT:RHSA-2004:537 - URL:http://www.redhat.com/support/errata/RHSA-2004-537.html - CERT-VN:VU#726198 - URL:http://www.kb.cert.org/vuls/id/726198 - SECUNIA:13232 - URL:http://secunia.com/advisories/13232/ - BID:11695 - URL:http://www.securityfocus.com/bid/11695 - XF:linux-smbprocreadxdata-dos(18135) - URL:http://xforce.iss.net/xforce/xfdb/18135 - XF:linux-smb-response-dos(18134) - URL:http://xforce.iss.net/xforce/xfdb/18134 - XF:linux-smbreceivetrans2-dos(18136) - URL:http://xforce.iss.net/xforce/xfdb/18136 -Description: - Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 - and 2.6 allow remote samba servers to cause a denial of service (crash) or - gain sensitive information from kernel memory via a samba server (1) returning - more data than requested to the smb_proc_read function, (2) returning a data - offset from outside the samba packet to the smb_proc_readX function, (3) - sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, - (4) sending a samba packet with a certain header size to the - smb_proc_readX_data function, or (5) sending a certain packet based offset for - the data in a packet to the smb_receive_trans2 function. -Notes: -Bugs: -upstream: released (2.4.28-rc3), released (2.6.10) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-9) [smbfs-overflow-fixes-2.dpatch] -2.4.27-sarge-security: released (2.4.27-6) [111-smb-client-overflow-fix-1.diff, 111-smb-client-overflow-fix-2.diff] -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2004-0887 b/patch-tracking/retired/CVE-2004-0887 deleted file mode 100644 index a9b4ef2e1..000000000 --- a/patch-tracking/retired/CVE-2004-0887 +++ /dev/null @@ -1,23 +0,0 @@ -Candidate: CVE-2004-0887 -References: - http://www.novell.com/linux/security/advisories/2004_37_kernel.html - http://www.securityfocus.com/bid/11489 - http://xforce.iss.net/xforce/xfdb/17801 -Description: - SUSE Linux Enterprise Server 9 on the S/390 platform does not properly - handle a certain privileged instruction, which allows local users to - gain root privileges. -Notes: - dannf> 2.4 looks vulnerable; I've asked waldi's advice on applying it. -Bugs: -upstream: -linux-2.6: -2.6.8-sarge-security: released (2.6.8-10) [s390-sacf-fix.dpatch] -2.4.27-sarge-security: released (2.4.27-10sarge2) [206_s390-sacf-fix.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2004-0949 b/patch-tracking/retired/CVE-2004-0949 deleted file mode 100644 index 8c716e2de..000000000 --- a/patch-tracking/retired/CVE-2004-0949 +++ /dev/null @@ -1,40 +0,0 @@ -Candidate: CVE-2004-0949 -References: - BUGTRAQ:20041117 Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110072140811965&w=2 - MISC:http://security.e-matters.de/advisories/142004.html - FEDORA:FLSA:2336 - URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 - MANDRAKE:MDKSA-2005:022 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 - REDHAT:RHSA-2004:537 - URL:http://www.redhat.com/support/errata/RHSA-2004-537.html - TRUSTIX:2004-0061 - URL:http://www.trustix.org/errata/2004/0061/ - UBUNTU:USN-30-1 - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110082989725345&w=2 - XF:linux-smbrecvtrans2-memory-leak(18137) - URL:http://xforce.iss.net/xforce/xfdb/18137 - BID:11695 - URL:http://www.securityfocus.com/bid/11695 - SECUNIA:13232 - URL:http://secunia.com/advisories/13232/ -Description: - The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux - kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented - packets correctly, which could allow remote samba servers to (1) read - arbitrary kernel information or (2) raise a counter value to an arbitrary - number by sending the first part of the fragmented packet multiple times. -Notes: -Bugs: -upstream: released (2.4.28-rc3), released (2.6.10) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-13) [smbfs-overrun.dpatch] -2.4.27-sarge-security: released (2.4.27-6) [111-smb-client-overflow-fix-1.diff, 111-smb-client-overflow-fix-2.diff] -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2004-1016 b/patch-tracking/retired/CVE-2004-1016 deleted file mode 100644 index 191860c57..000000000 --- a/patch-tracking/retired/CVE-2004-1016 +++ /dev/null @@ -1,36 +0,0 @@ -Candidate: CVE-2004-1016 -References: - VULNWATCH:20041214 Linux kernel scm_send local DoS - MISC:http://isec.pl/vulnerabilities/isec-0019-scm.txt - UBUNTU:USN-38-1 - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2 - FEDORA:FLSA:2336 - URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 - MANDRAKE:MDKSA-2005:022 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 - REDHAT:RHSA-2004:689 - URL:http://www.redhat.com/support/errata/RHSA-2004-689.html - XF:linux-scmsend-dos(18483) - URL:http://xforce.iss.net/xforce/xfdb/18483 -Description: - The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, - and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system - hang) via crafted auxiliary messages that are passed to the sendmsg function, - which causes a deadlock condition. -Notes: - dannf> 2.4.27 has a reference to CVE-2004-1016 in the changelog, but it looks - like it referred to the wrong issue - our 2.4.27 may still be - vulnerable. - dannf> on second review, those patches look correct -Bugs: -upstream: -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-11) [scm_send-dos-fix.dpatch, scm_send-dos-fix2.dpatch] -2.4.27-sarge-security: released (2.4.27-7) [116-cmsg-validation-checks.patch, 118-cmsg-validation-checks-compat.patch] -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2004-1017 b/patch-tracking/retired/CVE-2004-1017 deleted file mode 100644 index 20d4709b1..000000000 --- a/patch-tracking/retired/CVE-2004-1017 +++ /dev/null @@ -1,27 +0,0 @@ -Candidate: CVS-2004-1017 -References: - FEDORA:FLSA:2336 - URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 - REDHAT:RHSA-2004:689 - URL:http://www.redhat.com/support/errata/RHSA-2004-689.html - XF:linux-ioedgeport-bo(18433) - URL:http://xforce.iss.net/xforce/xfdb/18433 -Description: - Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x have - unknown impact and unknown attack vectors. -Notes: - jmm> I've checked 2.6.14, but I didn't find the exact upstream version when - jmm> this was fixed - jmm> The fix is required for 2.6.8 -Bugs: -upstream: -linux-2.6: released (2.4.31-rc1, 2.6.10) -2.6.8-sarge-security: released (2.6.8-16sarge2) [io_edgeport_overflow.dpatch] -2.4.27-sarge-security: released (2.4.27-9) [137_io_edgeport_overflow.diff] -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2004-1056 b/patch-tracking/retired/CVE-2004-1056 deleted file mode 100644 index e768cfaa4..000000000 --- a/patch-tracking/retired/CVE-2004-1056 +++ /dev/null @@ -1,27 +0,0 @@ -Candidate: CVE-2004-1056 -References: - UBUNTU:USN-38-1 - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2 - FEDORA:FLSA:2336 - URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 - REDHAT:RHSA-2005:092 - URL:http://www.redhat.com/support/errata/RHSA-2005-092.html - XF:linux-i810-dma-dos(15972) - URL:http://xforce.iss.net/xforce/xfdb/15972 -Description: - Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly - check the DMA lock, which could allow remote attackers or local users to cause - a denial of service (X Server crash) and possibly modify the video output. -Notes: -Bugs: -upstream: -linux-2.6: -2.6.8-sarge-security: released (2.6.8-11) [drm-locking-fixes.dpatch] -2.4.27-sarge-security: released (2.4.27-8) [121_drm-locking-checks-1.diff, 121_drm-locking-checks-2.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2004-1057 b/patch-tracking/retired/CVE-2004-1057 deleted file mode 100644 index fab0fac1c..000000000 --- a/patch-tracking/retired/CVE-2004-1057 +++ /dev/null @@ -1,27 +0,0 @@ -Candidate: CVE-2004-1057 -References: - MISC:http://www.kernel.org/pub/linux/kernel/people/andrea/kernels/v2.4/2.4.23aa3/00_VM_IO-4 - REDHAT:RHSA-2005:016 - URL:http://www.redhat.com/support/errata/RHSA-2005-016.html - CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=137821 - XF:linux-kernel-vmio-dos(19275) - URL:http://xforce.iss.net/xforce/xfdb/19275 -Description: - Multiple drivers in Linux kernel 2.4.19 and earlier do not properly mark - memory with the VM_IO flag, which causes incorrect reference counts and may - lead to a denial of service (kernel panic) when accessing freed kernel pages. -Notes: - dannf> I see the PageReserved() check in the 2.6 code, going back to 2.4.0 - dannf> so I'll mark 2.6 N/A -Bugs: -upstream: -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: released (2.4.27-10) [165_VM_IO.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2004-1058 b/patch-tracking/retired/CVE-2004-1058 deleted file mode 100644 index b5445d343..000000000 --- a/patch-tracking/retired/CVE-2004-1058 +++ /dev/null @@ -1,28 +0,0 @@ -Candidate: CVE-2004-1058 -References: - FEDORA:FLSA:152532 - URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532 - GENTOO:GLSA-200408-24 - URL:http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml - MANDRAKE:MDKSA-2005:022 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 - UBUNTU:USN-38-1 - URL:http://www.ubuntulinux.org/support/documentation/usn/usn-38-1 - XF:linux-spawning-race-condition(17151) - URL:http://xforce.iss.net/xforce/xfdb/17151 -Description: - Race condition in Linux kernel 2.6 allows local users to read the environment - variables of another process that is still spawning via /proc/.../cmdline. -Notes: -Bugs: -upstream: released (2.4.33-pre2) -linux-2.6: -2.6.8-sarge-security: released (2.6.8-14) [proc-cmdline-mmput-leak.dpatch] -2.4.27-sarge-security: released (2.4.27-10sarge2) [203_proc_pid_cmdline_race.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2004-1068 b/patch-tracking/retired/CVE-2004-1068 deleted file mode 100644 index 550151435..000000000 --- a/patch-tracking/retired/CVE-2004-1068 +++ /dev/null @@ -1,33 +0,0 @@ -Candidate: CVE-2004-1068 -References: - BUGTRAQ:20041119 Addendum, recent Linux <= 2.4.27 vulnerabilities - URL:http://www.securityfocus.com/archive/1/381689 - FEDORA:FLSA:2336 - URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 - MANDRAKE:MDKSA-2005:022 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 - REDHAT:RHSA-2004:537 - URL:http://www.redhat.com/support/errata/RHSA-2004-537.html - BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2 - BID:11715 - URL:http://www.securityfocus.com/bid/11715 - XF:linux-afunix-race-condition(18230) - URL:http://xforce.iss.net/xforce/xfdb/18230 -Description: - A "missing serialization" error in the unix_dgram_recvmsg function in Linux - 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain - privileges via a race condition. -Notes: -Bugs: -upstream: released (2.4.27, 2.6.9) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-11) -2.4.27-sarge-security: released (2.4.27-7) -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2004-1069 b/patch-tracking/retired/CVE-2004-1069 deleted file mode 100644 index ea4e901e2..000000000 --- a/patch-tracking/retired/CVE-2004-1069 +++ /dev/null @@ -1,24 +0,0 @@ -Candidate: CVE-2004-1069 -References: - http://marc.theaimsgroup.com/?l=linux-kernel&m=110045613004761 - http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 - http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2 - http://xforce.iss.net/xforce/xfdb/18312 -Description: - Race condition in SELinux 2.6.x through 2.6.9 allows local users to - cause a denial of service (kernel crash) via SOCK_SEQPACKET unix - domain sockets, which are not properly handled in the sock_dgram_sendmsg - function. -Notes: -Bugs: -upstream: -linux-2.6: -2.6.8-sarge-security: released (2.6.8-11) -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2004-1070 b/patch-tracking/retired/CVE-2004-1070 deleted file mode 100644 index cb13be152..000000000 --- a/patch-tracking/retired/CVE-2004-1070 +++ /dev/null @@ -1,30 +0,0 @@ -Candidate: CVE-2004-1070 -References: - MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt - FEDORA:FLSA:2336 - URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 - MANDRAKE:MDKSA-2005:022 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 - REDHAT:RHSA-2004:549 - URL:http://www.redhat.com/support/errata/RHSA-2004-549.html - XF:linux-elf-setuid-gain-privileges(18025) - URL:http://xforce.iss.net/xforce/xfdb/18025 -Description: - The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux - kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8 , does not properly check - return values from calls to the kernel_read function, which may allow local - users to modify sensitive memory in a setuid program and execute arbitrary - code. -Notes: -Bugs: -upstream: -linux-2.6: -2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch] -2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff] -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2004-1071 b/patch-tracking/retired/CVE-2004-1071 deleted file mode 100644 index 14325cbbe..000000000 --- a/patch-tracking/retired/CVE-2004-1071 +++ /dev/null @@ -1,29 +0,0 @@ -Candidate: CVE-2004-1071 -References: - MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt - FEDORA:FLSA:2336 - URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 - MANDRAKE:MDKSA-2005:022 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 - REDHAT:RHSA-2004:537 - URL:http://www.redhat.com/support/errata/RHSA-2004-537.html - XF:linux-elf-setuid-gain-privileges(18025) - URL:http://xforce.iss.net/xforce/xfdb/18025 -Description: - The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and - 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap - function, which causes an incorrect mapped image and may allow local users to - execute arbitrary code. -Notes: -Bugs: -upstream: -linux-2.6: -2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch] -2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff] -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2004-1072 b/patch-tracking/retired/CVE-2004-1072 deleted file mode 100644 index 822e3a634..000000000 --- a/patch-tracking/retired/CVE-2004-1072 +++ /dev/null @@ -1,32 +0,0 @@ -Candidate: CVE-2004-1072 -References: - MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt - FEDORA:FLSA:2336 - URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 - MANDRAKE:MDKSA-2005:022 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 - REDHAT:RHSA-2004:537 - URL:http://www.redhat.com/support/errata/RHSA-2004-537.html - REDHAT:RHSA-2005:275 - URL:http://www.redhat.com/support/errata/RHSA-2005-275.html - XF:linux-elf-setuid-gain-privileges(18025) - URL:http://xforce.iss.net/xforce/xfdb/18025 -Description: - The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and - 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL - terminated, which could cause strings longer than PATH_MAX to be used, leading - to buffer overflows that allow local users to cause a denial of service (hang) - and possibly execute arbitrary code. -Notes: -Bugs: -upstream: -linux-2.6: -2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch] -2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff] -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2004-1073 b/patch-tracking/retired/CVE-2004-1073 deleted file mode 100644 index 21cc9e6c4..000000000 --- a/patch-tracking/retired/CVE-2004-1073 +++ /dev/null @@ -1,28 +0,0 @@ -Candidate: CVE-2004-1073 -References: - MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt - FEDORA:FLSA:2336 - URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 - MANDRAKE:MDKSA-2005:022 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 - REDHAT:RHSA-2004:549 - URL:http://www.redhat.com/support/errata/RHSA-2004-549.html - XF:linux-elf-setuid-gain-privileges(18025) - URL:http://xforce.iss.net/xforce/xfdb/18025 -Description: - The open_exec function in the execve functionality (exec.c) in Linux kernel - 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read - non-readable ELF binaries by using the interpreter (PT_INTERP) functionality. -Notes: -Bugs: -upstream: -linux-2.6: -2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch] -2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff] -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2004-1137 b/patch-tracking/retired/CVE-2004-1137 deleted file mode 100644 index de8f91b61..000000000 --- a/patch-tracking/retired/CVE-2004-1137 +++ /dev/null @@ -1,39 +0,0 @@ -Candidate: CVE-2004-1137 -References: - VULNWATCH:20041214 Linux kernel IGMP vulnerabilities - BUGTRAQ:20041214 Linux kernel IGMP vulnerabilities - MISC:http://isec.pl/vulnerabilities/isec-0018-igmp.txt - CONECTIVA:CLA-2005:930 - URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 - FEDORA:FLSA:2336 - URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 - MANDRAKE:MDKSA-2005:022 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 - REDHAT:RHSA-2005:092 - URL:http://www.redhat.com/support/errata/RHSA-2005-092.html - BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2 - XF:linux-igmpmarksources-dos(18482) - URL:http://xforce.iss.net/xforce/xfdb/18482 - XF:linux-ipmcsource-code-execution(18481) - URL:http://xforce.iss.net/xforce/xfdb/18481 -Description: - Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to - 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial - of service or execute arbitrary code via (1) the ip_mc_source function, which - decrements a counter to -1, or (2) the igmp_marksources function, which does - not properly validate IGMP message parameters and performs an out-of-bounds - read. -Notes: -Bugs: -upstream: -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-11) [igmp-src-list-fix.dpatch] -2.4.27-sarge-security: released (2.4.27-7) [117-igmp-source-filter-fixes.patch] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2004-1144 b/patch-tracking/retired/CVE-2004-1144 deleted file mode 100644 index 84734f73c..000000000 --- a/patch-tracking/retired/CVE-2004-1144 +++ /dev/null @@ -1,27 +0,0 @@ -Candidate: CVE-2004-1144 -References: - REDHAT:RHSA-2004:689 - URL:http://www.redhat.com/support/errata/RHSA-2004-689.html - SUSE:SUSE-SA:2004:046 - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110376890429798&w=2 - XF:linux-32bit-emulation-gain-privileges(18686) - URL:http://xforce.iss.net/xforce/xfdb/18686 -Description: - Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD64 - systems allows local users to gain privileges. -Notes: - jmm> 2.6 is not affected, see the comment by Andi Kleen from the patch: - jmm> # The problem only occurs on 2.4 x86-64 kernels, 2.6 doesn't have this - jmm> # hole because some unrelated changes in 2.5 fixed it as a side effect. -Bugs: -upstream: -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: released (2.4.27-9) [138_amd64_syscall_vuln.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2004-1151 b/patch-tracking/retired/CVE-2004-1151 deleted file mode 100644 index a5f83c362..000000000 --- a/patch-tracking/retired/CVE-2004-1151 +++ /dev/null @@ -1,28 +0,0 @@ -Candidate: CVE-2004-1151 -References: - MLIST:[linux-kernel] 20041130 Buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall() - URL:http://www.ussg.iu.edu/hypermail/linux/kernel/0411.3/1467.html - MISC:http://linux.bkbits.net:8080/linux-2.6/cset@1.2079 - MISC:http://linux.bkbits.net:8080/linux-2.6/gnupatch@41ae6af1cR3mJYlW6D8EHxCKSxuJiQ - MANDRAKE:MDKSA-2005:022 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 - BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2 -Description: - Multiple buffer overflows in the (1) sys32_ni_syscall and (2) - sys32_vm86_warning functions in sys_ia32.c for Linux 2.6.x may allow local - attackers to modify kernel memory and gain privileges. -Notes: - <= 2.4.27 doesn't look vulnerable, and we don't have 2.4/x86_64 anyway. -Bugs: -upstream: released (2.6.10) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-11) [arch-x86_64-sys32_ni-overflow.dpatch] -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2004-1234 b/patch-tracking/retired/CVE-2004-1234 deleted file mode 100644 index b262dcc72..000000000 --- a/patch-tracking/retired/CVE-2004-1234 +++ /dev/null @@ -1,35 +0,0 @@ -Candidate: CVE-2004-1234 -References: - FEDORA:FLSA:2336 - URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 - REDHAT:RHSA-2004:689 - URL:http://www.redhat.com/support/errata/RHSA-2004-689.html - CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@4076466d_SqUm4azg4_v3FIG2-X6XQ - CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@4076466d_SqUm4azg4_v3FIG2-X6XQ - CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=142965 - BID:12101 - URL:http://www.securityfocus.com/bid/12101 - XF:linux-loadelfbinary-dos(18687) - URL:http://xforce.iss.net/xforce/xfdb/18687 -Description: - load_elf_binary in Linux before 2.4.26 allows local users to cause a denial of - service (system crash) via an ELF binary in which the interpreter is NULL. -Notes: - jmm> I don't know at which version this was merged into 2.6, but I've verified - jmm> that above-mentioned fix is included in 2.6.8's binfmt_elf.c: - jmm> out_free_dentry: - jmm> allow_write_access(interpreter); - jmm> if (interpreter) - jmm> fput(interpreter); -Bugs: -upstream: released (2.4.26-rc3) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2004-1235 b/patch-tracking/retired/CVE-2004-1235 deleted file mode 100644 index 122bb271a..000000000 --- a/patch-tracking/retired/CVE-2004-1235 +++ /dev/null @@ -1,43 +0,0 @@ -Candidate: CVE-2004-1235 -References: - BUGTRAQ:20050107 Linux kernel sys_uselib local root vulnerability - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110512575901427&w=2 - MISC:http://isec.pl/vulnerabilities/isec-0021-uselib.txt - CONECTIVA:CLA-2005:930 - URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 - FEDORA:FEDORA-2005-013 - URL:http://www.securityfocus.com/advisories/7806 - FEDORA:FEDORA-2005-014 - URL:http://www.securityfocus.com/advisories/7805 - FEDORA:FLSA:2336 - URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 - MANDRAKE:MDKSA-2005:022 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 - REDHAT:RHSA-2005:043 - URL:http://www.redhat.com/support/errata/RHSA-2005-043.html - REDHAT:RHSA-2005:092 - URL:http://www.redhat.com/support/errata/RHSA-2005-092.html - TRUSTIX:2005-0001 - URL:http://www.trustix.org/errata/2005/0001/ - CONFIRM:http://www.securityfocus.com/advisories/7804 - BID:12190 - URL:http://www.securityfocus.com/bid/12190 - XF:linux-uselib-gain-privileges(18800) - URL:http://xforce.iss.net/xforce/xfdb/18800 -Description: - Race condition in the (1) load_elf_library and (2) binfmt_aout function calls - for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows - local users to execute arbitrary code by manipulating the VMA descriptor. -Notes: -Bugs: -upstream: -linux-2.6: -2.6.8-sarge-security: released (2.6.8-12) [028-do_brk_security_fixes.dpatch] -2.4.27-sarge-security: released (2.4.27-8) [122_sec_brk-locked.diff] -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2004-1237 b/patch-tracking/retired/CVE-2004-1237 deleted file mode 100644 index 099e2cf7b..000000000 --- a/patch-tracking/retired/CVE-2004-1237 +++ /dev/null @@ -1,28 +0,0 @@ -Candidate: CVE-2004-1237 -References: - http://www.redhat.com/support/errata/RHSA-2005-043.html - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=132245 - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=141996 - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=142091 - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=142442 - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=143886 - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=144048 -Description: - Unknown vulnerability in the system call filtering code in the audit - subsystem for Red Hat Enterprise Linux 3 allows local users to cause - a denial of service (system crash) via unknown vectors. -Notes: - jmm> What a remarkably concrete description :-) - jmm> I found the Bugzilla entries above and this seems RHEL specific. - jmm> I'm marking it at such, but please double-check someone -Bugs: -upstream: N/A -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2004-1333 b/patch-tracking/retired/CVE-2004-1333 deleted file mode 100644 index 9f40c4368..000000000 --- a/patch-tracking/retired/CVE-2004-1333 +++ /dev/null @@ -1,32 +0,0 @@ -Candidate: CVE-2004-1333 -References: - FULLDISC:20041215 fun with linux kernel - URL:http://www.securitytrap.com/mail/full-disclosure/2004/Dec/0323.html - MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html - FEDORA:FLSA:152532 - URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532 - SUSE:SUSE-SA:2005:018 - URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html - UBUNTU:USN-47-1 - URL:http://www.ubuntulinux.org/support/documentation/usn/usn-47-1 - BID:11956 - URL:http://www.securityfocus.com/bid/11956 - XF:linux-vcresize-dos(18523) - URL:http://xforce.iss.net/xforce/xfdb/18523 -Description: - Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 - before 2.6.10 allows local users to cause a denial of service (kernel crash) - via a short new screen value, which leads to a buffer overflow. -Notes: -Bugs: -upstream: released (2.6.10) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-11) [vt-of-death.dpatch] -2.4.27-sarge-security: released (2.4.27-9) [136_vc_resizing_overflow.diff] -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2004-1334 b/patch-tracking/retired/CVE-2004-1334 deleted file mode 100644 index 6ac0f8dd0..000000000 --- a/patch-tracking/retired/CVE-2004-1334 +++ /dev/null @@ -1,25 +0,0 @@ -Candidate: CVE-2004-1334 -References: - http://www.securitytrap.com/mail/full-disclosure/2004/Dec/0323.html - http://marc.theaimsgroup.com/?l=bugtraq&m=110383108211524&w=2 - http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html - http://www.securityfocus.com/bid/11956 - http://xforce.iss.net/xforce/xfdb/18522 -Description: - Integer overflow in the ip_options_get function in the Linux kernel before - 2.6.10 allows local users to cause a denial of service (kernel crash) via a - cmsg_len that contains a -1, which leads to a buffer overflow. -Notes: - dannf> This is a duplicate of CAN-2004-1016 -Bugs: -upstream: -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-11) [scm_send-dos-fix.dpatch, scm_send-dos-fix2.dpatch] -2.4.27-sarge-security: released (2.4.27-7) [116-cmsg-validation-checks.patch, 118-cmsg-validation-checks-compat.patch] -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2004-1335 b/patch-tracking/retired/CVE-2004-1335 deleted file mode 100644 index 70b113099..000000000 --- a/patch-tracking/retired/CVE-2004-1335 +++ /dev/null @@ -1,28 +0,0 @@ -Candidate: CVE-2004-1335 -References: - FULLDISC:20041215 fun with linux kernel - URL:http://www.securitytrap.com/mail/full-disclosure/2004/Dec/0323.html - MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html - BUGTRAQ:20041215 [USN-47-1] Linux kernel vulnerabilities - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110383108211524&w=2 - BID:11956 - URL:http://www.securityfocus.com/bid/11956 - XF:linux-ipoptionsget-memory-leak(18524) - URL:http://xforce.iss.net/xforce/xfdb/18524 -Description: - Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 - allows local users to cause a denial of service (memory consumption) by - repeatedly calling the ip_cmsg_send function. -Notes: -Bugs: -upstream: released (2.6.10) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-11) [fix-ip-options-leak.dpatch] -2.4.27-sarge-security: released (2.4.27-9) [135_fix_ip_options_leak.diff] -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2004-1337 b/patch-tracking/retired/CVE-2004-1337 deleted file mode 100644 index 53542701c..000000000 --- a/patch-tracking/retired/CVE-2004-1337 +++ /dev/null @@ -1,28 +0,0 @@ -Candidate: -References: - BUGTRAQ:20041223 Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110384535113035&w=2 - CONECTIVA:CLA-2005:930 - URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 - BID:12093 - URL:http://www.securityfocus.com/bid/12093 - XF:linux-security-module-gain-privileges(18673) - URL:http://xforce.iss.net/xforce/xfdb/18673 -Description: - The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not - properly handle the credentials of a process that is launched before the - module is loaded, which allows local users to gain privileges. -Notes: - dannf> This code isn't in <= 2.4.27 -Bugs: -upstream: released (2.6.11) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-14) [025-track_dummy_capability.dpatch, 027-track_dummy_capability.dpatch] -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2004-2013 b/patch-tracking/retired/CVE-2004-2013 deleted file mode 100644 index d965a45be..000000000 --- a/patch-tracking/retired/CVE-2004-2013 +++ /dev/null @@ -1,27 +0,0 @@ -Candidate: CVE-2004-2013 -References: - http://archives.neohapsis.com/archives/bugtraq/2004-05/0091.html - http://lists.netsys.com/pipermail/full-disclosure/2004-May/021223.html - http://marc.theaimsgroup.com/?l=bugtraq&m=108456230815842&w=2 - http://www.securityfocus.com/bid/10326 - http://xforce.iss.net/xforce/xfdb/16117 -Description: - Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c - in the Linux kernel 2.4.25 and earlier allows local users to execute arbitrary - code via an optlen value of -1, which causes kmalloc to allocate 0 bytes of - memory. -Notes: - jmm> http://archives.neohapsis.com/archives/bugtraq/2004-05/0091.html - jmm> The vulnerable socket option was removed entirely in 2.4.26 and 2.6.*, - jmm> Woody could be affected, though -Bugs: -upstream: released (2.4.26) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: diff --git a/patch-tracking/retired/CVE-2004-2302 b/patch-tracking/retired/CVE-2004-2302 deleted file mode 100644 index f39ee81fe..000000000 --- a/patch-tracking/retired/CVE-2004-2302 +++ /dev/null @@ -1,25 +0,0 @@ -Candidate: CVE-2004-2302 -References: - http://linux.bkbits.net:8080/linux-2.6/cset%404186a4deVoR88JjTwMa3ZnIp-_YJsA - http://kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.10-rc1/2.6.10-rc1-mm1/broken-out/fix-race-in-sysfs_read_file-and-sysfs_write_file.patch - http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:218 - http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219 - http://www.novell.com/linux/security/advisories/2005_44_kernel.html -Description: - Race condition in the sysfs_read_file and sysfs_write_file functions in Linux - kernel before 2.6.10 allows local users to read kernel memory and cause a - denial of service (crash) via large offsets in sysfs files. -Notes: - dannf> sysfs is only in 2.6, so marking 2.4 N/A -Bugs: 322339 -upstream: released (2.6.10) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-sysfs-read-write-race.dpatch] -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2004-2536 b/patch-tracking/retired/CVE-2004-2536 deleted file mode 100644 index 5ae37d27e..000000000 --- a/patch-tracking/retired/CVE-2004-2536 +++ /dev/null @@ -1,28 +0,0 @@ -Candidate: CVE-2004-2536 -References: - http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1242.html - http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1265.html - http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.6 -Description: - The exit_thread function (process.c) in Linux kernel 2.6 through - 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a - process obtains IO access permissions from the ioperm function but - does not drop those permissions when it exits, which allows other - processes to access the per-TSS pointers, access restricted memory - locations, and possibly gain privileges. -Notes: - Horms> Tested against kernel-image-2.4.27-2-686 2.4.27-11 which does not - seem to exhibit the problem, although the code suggests it might. I guess - its just a 2.6 problem. I marked 2.4.27 and the woody kernels N/A -Bugs: -upstream: released (2.6.6) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2004-2607 b/patch-tracking/retired/CVE-2004-2607 deleted file mode 100644 index ec1da9376..000000000 --- a/patch-tracking/retired/CVE-2004-2607 +++ /dev/null @@ -1,30 +0,0 @@ -Candidate: CVE-2004-2607 -References: - http://www.uwsg.iu.edu/hypermail/linux/kernel/0404.2/0313.html - http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=98cd917c1ac348d5cd94beabecc3011dcaa0a0f2 -Description: - A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to - 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of - kernel memory via a large len argument, which is received as an int but - cast to a short, which prevents a read loop from filling a buffer. -Notes: - jmm> The referenced patch was applied by Jeff Garzik on 2004-04-16, - jmm> 2.6.6 was released on 2004-05-09, so Sarge seems not affected, should - jmm> be double-checked against the source though, but my bandwidth is currently - jmm> too slim to download 2.6.8 - jmm> - jmm> The fix below is for a completely different issue, I've split it out - horms> Fix was included in 2.6.6. Checked source and 2.6.8 is not vulnerable - horms> 2.4.27 is vulnerable, added fix to SVN. Woody is likely vulnerable -Bugs: -upstream: released (2.4.33-pre2), released (2.6.6) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: released (2.4.27-10sarge2) [200_net_sdla_xfer_leak.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-0001 b/patch-tracking/retired/CVE-2005-0001 deleted file mode 100644 index 97943e59c..000000000 --- a/patch-tracking/retired/CVE-2005-0001 +++ /dev/null @@ -1,42 +0,0 @@ -Candidate: CVE-2005-0001 -References: - BUGTRAQ:20050112 Linux kernel i386 SMP page fault handler privilege escalation - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110554694522719&w=2 - FULLDISC:20050112 Linux kernel i386 SMP page fault handler privilege escalation - URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030826.html - MISC:http://isec.pl/vulnerabilities/isec-0022-pagefault.txt - CONECTIVA:CLA-2005:930 - URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 - FEDORA:FLSA:2336 - URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 - MANDRAKE:MDKSA-2005:022 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 - REDHAT:RHSA-2005:043 - URL:http://www.redhat.com/support/errata/RHSA-2005-043.html - REDHAT:RHSA-2005:092 - URL:http://www.redhat.com/support/errata/RHSA-2005-092.html - TRUSTIX:2005-0001 - URL:http://www.trustix.org/errata/2005/0001/ - BUGTRAQ:20050114 [USN-60-0] Linux kernel vulnerabilities - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110581146702951&w=2 - XF:linux-fault-handler-gain-privileges(18849) - URL:http://xforce.iss.net/xforce/xfdb/18849 -Description: - Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to - 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor - machines, allows local users to execute arbitrary code via concurrent threads - that share the same virtual memory space and simultaneously request stack - expansion. -Notes: -Bugs: -upstream: -linux-2.6: -2.6.8-sarge-security: released (2.6.8-13) [034-stack_resize_exploit.dpatch] -2.4.27-sarge-security: released (2.4.27-8) [131_expand_stack_race.diff] -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2005-0003 b/patch-tracking/retired/CVE-2005-0003 deleted file mode 100644 index 770719909..000000000 --- a/patch-tracking/retired/CVE-2005-0003 +++ /dev/null @@ -1,34 +0,0 @@ -Candidate: CVE-2005-0003 -References: - CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@41c36fb6q1Z68WUzKQFjJR-40Ev3tw - MANDRAKE:MDKSA-2005:022 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 - REDHAT:RHSA-2005:043 - URL:http://www.redhat.com/support/errata/RHSA-2005-043.html - SUSE:SUSE-SA:2005:018 - URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html - TRUSTIX:2005-0001 - URL:http://www.trustix.org/errata/2005/0001/ - MISC:http://linux.bkbits.net:8080/linux-2.6/cset@41a6721cce-LoPqkzKXudYby_3TUmg - BID:12261 - URL:http://www.securityfocus.com/bid/12261 - XF:linux-vma-gain-privileges(18886) - URL:http://xforce.iss.net/xforce/xfdb/18886 -Description: - The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit - architectures, does not properly check for overlapping VMA (virtual memory - address) allocations, which allows local users to cause a denial of service - (system crash) or execute arbitrary code via a crafted ELF or a.out file. -Notes: -Bugs: -upstream: released (2.6.10) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-11) [binfmt-huge-vma-dos2.dpatch] -2.4.27-sarge-security: released (2.4.27-9) [145_insert_vm_struct-no-BUG.patch] -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2005-0090 b/patch-tracking/retired/CVE-2005-0090 deleted file mode 100644 index 3a6ff8b01..000000000 --- a/patch-tracking/retired/CVE-2005-0090 +++ /dev/null @@ -1,22 +0,0 @@ -Candidate: CVE-2005-0090 -References: - A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split - patch omits an "access check," which allows local users to cause a denial - of service (crash). -Description: - http://www.redhat.com/support/errata/RHSA-2005-092.html - http://www.securityfocus.com/bid/12599 - http://xforce.iss.net/xforce/xfdb/20618 -Notes: - Red Hat specific vulnerability -Bugs: -upstream: -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2005-0091 b/patch-tracking/retired/CVE-2005-0091 deleted file mode 100644 index 589abd45e..000000000 --- a/patch-tracking/retired/CVE-2005-0091 +++ /dev/null @@ -1,22 +0,0 @@ -Candidate: CVE-2005-0091 -References: - http://www.redhat.com/support/errata/RHSA-2005-092.html - http://www.securityfocus.com/bid/12599 - http://xforce.iss.net/xforce/xfdb/20619 -Description: - Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split - patch, when using the hugemem kernel, allows local users to read and write to - arbitrary kernel memory and gain privileges via certain syscalls. -Notes: - Red Hat specific. -Bugs: -upstream: N/A -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2005-0092 b/patch-tracking/retired/CVE-2005-0092 deleted file mode 100644 index 426e1b21e..000000000 --- a/patch-tracking/retired/CVE-2005-0092 +++ /dev/null @@ -1,22 +0,0 @@ -Candidate: CVE-2005-0092 -References: - http://www.redhat.com/support/errata/RHSA-2005-092.html - http://www.securityfocus.com/bid/12599 - http://xforce.iss.net/xforce/xfdb/20620 -Description: - Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split - patch, when running on x86 with the hugemem kernel, allows local users to - cause a denial of service (crash). -Notes: - Red Hat specific. -Bugs: -upstream: N/A -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2005-0135 b/patch-tracking/retired/CVE-2005-0135 deleted file mode 100644 index 372db1a5a..000000000 --- a/patch-tracking/retired/CVE-2005-0135 +++ /dev/null @@ -1,28 +0,0 @@ -Candidate: CVE-2005-0135 -References: - REDHAT:RHSA-2005:284 - URL:http://www.redhat.com/support/errata/RHSA-2005-284.html - REDHAT:RHSA-2005:366 - URL:http://www.redhat.com/support/errata/RHSA-2005-366.html - CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148868 - CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41f2beablXVnAs_6fznhhITh1j5hZg - SECUNIA:15019 - URL:http://secunia.com/advisories/15019 -Description: - The unw_unwind_to_user function in unwind.c on Itanium (ia64) architectures in - Linux kernel 2.6 allows local users to cause a denial of service (system - crash). -Notes: - dannf> This is fixed in kernel-patch-2.4.27-ia64 -Bugs: -upstream: released (linux-2.4.29-ia64-050312.diff, 2.6.11) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-14) [ia64-unwind-fix.dpatch] -2.4.27-sarge-security: released (2.4.27-10) -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2005-0136 b/patch-tracking/retired/CVE-2005-0136 deleted file mode 100644 index b17e59201..000000000 --- a/patch-tracking/retired/CVE-2005-0136 +++ /dev/null @@ -1,18 +0,0 @@ -Candidate: CVE-2005-0136 -References: - ** RESERVED ** -Description: -Notes: - dannf> This is fixed in kernel-patch-2.4.27-ia64 -Bugs: -upstream: released (linux-2.4.29-ia64-050312.diff, 2.6.11) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-14) [ia64-ptrace-fixes.dpatch, ia64-ptrace-speedup.dpatch] -2.4.27-sarge-security: released (2.4.27-10) -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-0137 b/patch-tracking/retired/CVE-2005-0137 deleted file mode 100644 index d20391d83..000000000 --- a/patch-tracking/retired/CVE-2005-0137 +++ /dev/null @@ -1,23 +0,0 @@ -Candidate: CVE-2005-0137 -References: - REDHAT:RHSA-2005:284 - URL:http://www.redhat.com/support/errata/RHSA-2005-284.html - REDHAT:RHSA-2005:293 - URL:http://www.redhat.com/support/errata/RHSA-2005-293.html -Description: - Linux kernel 2.6 on Itanium (ia64) architectures allows local users to cause a - denial of service via a "missing Itanium syscall table entry." -Notes: - dannf> This is actually 2.4 specific - the mitre description is incorrect. -Bugs: -upstream: released (2.4.30-rc2) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: released (2.4.27-10) [165_arch-ia64-kernel-missing-sysctl.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-0176 b/patch-tracking/retired/CVE-2005-0176 deleted file mode 100644 index 87dd16a60..000000000 --- a/patch-tracking/retired/CVE-2005-0176 +++ /dev/null @@ -1,27 +0,0 @@ -Candidate: CVE-2005-0176 -References: - http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2 - http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 - http://www.redhat.com/support/errata/RHSA-2005-092.html - http://oval.mitre.org/oval/definitions/data/oval1225.html - http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commit;h=2637792e3d9ae50079238615fd16384a0d393b30 -Description: - The shmctl function in Linux 2.6.9 and earlier allows local users to unlock - the memory of other processes, which could cause sensitive memory to be swapped - to disk, which could allow it to be read by other users once it has been released. -Notes: - It appears that 2.6.8 and earlier are not vulnerable as prior to the - following patch, local users could not effect lock or unlock - http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commit;h=16698c49bbb42567c0bbc528d3820d18885e4642 - That is, only 2.6.10 is effected. -Bugs: -upstream: -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2005-0177 b/patch-tracking/retired/CVE-2005-0177 deleted file mode 100644 index c87b59549..000000000 --- a/patch-tracking/retired/CVE-2005-0177 +++ /dev/null @@ -1,26 +0,0 @@ -Candidate: CVE-2005-0177 -References: - CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41e2bfbeOiXFga62XrBhzm7Kv9QDmQ - CONECTIVA:CLA-2005:930 - URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 - REDHAT:RHSA-2005:092 - URL:http://www.redhat.com/support/errata/RHSA-2005-092.html - BUGTRAQ:20050215 [USN-82-1] Linux kernel vulnerabilities - URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2 -Description: - nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows - attackers to cause a denial of service (kernel crash) via a buffer overflow. -Notes: - dannf> nls_ascii.c isn't in <= 2.4.27 -Bugs: -upstream: released (2.6.8.1, 2.6.11) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-14) [nls-table-overflow.dpatch] -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2005-0178 b/patch-tracking/retired/CVE-2005-0178 deleted file mode 100644 index eb3a56dd3..000000000 --- a/patch-tracking/retired/CVE-2005-0178 +++ /dev/null @@ -1,30 +0,0 @@ -Candidate: CVE-2005-0178 -References: - CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41ddda70CWJb5nNL71T4MOlG2sMG8A - CONECTIVA:CLA-2005:930 - URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 - REDHAT:RHSA-2005:092 - URL:http://www.redhat.com/support/errata/RHSA-2005-092.html - BUGTRAQ:20050215 [USN-82-1] Linux kernel vulnerabilities - URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2 -Description: - Race condition in the setsid function in Linux before 2.6.8.1 allows local - users to cause a denial of service (crash) and possibly access portions of - kernel memory, related to TTY changes, locking, and semaphores. -Notes: - dannf> Alan Cox suggested that this is not a 2.4 issue: - Alan> Is it actually needed for 2.4. In the 2.4 case your controlling tty is - Alan> private not thread group so a setsid() can't race because you can't - Alan> setsid in the same thread as is opening current->tty. -Bugs: -upstream: released (2.6.8.1, 2.6.11) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-14) [setsid-race.dpatch] -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2005-0180 b/patch-tracking/retired/CVE-2005-0180 deleted file mode 100644 index 01275bf59..000000000 --- a/patch-tracking/retired/CVE-2005-0180 +++ /dev/null @@ -1,28 +0,0 @@ -Candidate: CVE-2005-0180 -References: - http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html - http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 - http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:218 - http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219 - http://www.redhat.com/support/errata/RHSA-2005-092.html -Description: - Multiple integer signedness errors in the sg_scsi_ioctl function in - scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel - memory via negative integers in arguments to the scsi ioctl, which - bypass a maximum length check before calling the copy_from_user and - copy_to_user functions. -Notes: - jmm> The 2.4.27 version, scsi_ioctl_send_command(), is not affected, as - jmm> intlen and outlen are unsigned ints -Bugs: -upstream: -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-12) [031-sg_scsi_ioctl_int_overflows.dpatch] -2.4.27-sarge-security: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-0204 b/patch-tracking/retired/CVE-2005-0204 deleted file mode 100644 index d663b2ed5..000000000 --- a/patch-tracking/retired/CVE-2005-0204 +++ /dev/null @@ -1,23 +0,0 @@ -Candidate: CVE-2005-0204 -References: - REDHAT:RHSA-2005:092 - URL:http://www.redhat.com/support/errata/RHSA-2005-092.html -Description: - Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T - architectures, allows local users to write to privileged IO ports via the OUTS - instruction. -Notes: - jmm> 190_outs-2.diff had regressions -Bugs: 296700 -upstream: -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-14) [outs.dpatch] -2.4.27-sarge-security: released (2.4.27-9) [143_outs.diff] -2.4.27-sid: released (2.4.27-12) [190_outs-2.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-0207 b/patch-tracking/retired/CVE-2005-0207 deleted file mode 100644 index effeab57c..000000000 --- a/patch-tracking/retired/CVE-2005-0207 +++ /dev/null @@ -1,27 +0,0 @@ -Candidate: CVE-2005-0207 -References: - CONECTIVA:CLA-2005:930 - URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000930 - SUSE:SUSE-SA:2005:003 - URL:http://www.securityfocus.com/advisories/7880 - BID:12330 - URL:http://www.securityfocus.com/bid/12330 - http://www.acm.cs.rpi.edu/~dilinger/patches/2.6.10/as2/linux-2.6.10-as2/026-nfs_o_direct_error.patch - http://linux.bkbits.net:8080/linux-2.6/cset@41db2d65wbgJvuXTv4x9_quExW0vEA -Description: - Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS - clients to cause a denial of service via O_DIRECT. -Notes: - dannf> The vulnerable code doesn't exist in <= 2.4.27 -Bugs: -upstream: released (2.6.11) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-14) [nfs-O_DIRECT-fix.dpatch] -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2005-0209 b/patch-tracking/retired/CVE-2005-0209 deleted file mode 100644 index 7c5941a6c..000000000 --- a/patch-tracking/retired/CVE-2005-0209 +++ /dev/null @@ -1,25 +0,0 @@ -Candidate: CVE-2005-0209 -References: - BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2 - CONECTIVA:CLA-2005:945 - URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945 - SUSE:SUSE-SA:2005:018 - URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html - http://oss.sgi.com/archives/netdev/2005-01/msg01072.html -Description: - Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of - service (kernel crash) via crafted IP packet fragments. -Notes: -Bugs: -upstream: -linux-2.6: -2.6.8-sarge-security: released (2.6.8-14) [skb-reset-ip_summed.dpatch] -2.4.27-sarge-security: released (2.4.27-9) [134_skb_reset_ip_summed.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-0210 b/patch-tracking/retired/CVE-2005-0210 deleted file mode 100644 index 804e62c1b..000000000 --- a/patch-tracking/retired/CVE-2005-0210 +++ /dev/null @@ -1,25 +0,0 @@ -Candidate: CVE-2005-0210 -References: - BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2 - CONECTIVA:CLA-2005:945 - URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945 - SUSE:SUSE-SA:2005:018 - URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html -Description: - Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a denial of - service (memory consumption) via certain packet fragments that are reassembled - twice, which causes a data structure to be allocated twice. -Notes: -Bugs: -upstream: -linux-2.6: -2.6.8-sarge-security: released (2.6.8-15) [ip_copy_metadata_leak.dpatch, ip6_copy_metadata_leak.dpatch] -2.4.27-sarge-security: released (2.4.27-9) [146_ip6_copy_metadata_leak.diff, 147_ip_copy_metadata_leak.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-0384 b/patch-tracking/retired/CVE-2005-0384 deleted file mode 100644 index 133e2209c..000000000 --- a/patch-tracking/retired/CVE-2005-0384 +++ /dev/null @@ -1,31 +0,0 @@ -Candidate: CVE-2005-0384 -References: - FEDORA:FLSA:152532 - URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532 - REDHAT:RHSA-2005:283 - URL:http://www.redhat.com/support/errata/RHSA-2005-283.html - REDHAT:RHSA-2005:284 - URL:http://www.redhat.com/support/errata/RHSA-2005-284.html - SUSE:SUSE-SA:2005:018 - URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html - TRUSTIX:2005-0009 - URL:http://www.trustix.org/errata/2005/0009/ - UBUNTU:USN-95-1 - URL:http://www.ubuntulinux.org/support/documentation/usn/usn-95-1 -Description: - Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows - remote attackers to cause a denial of service (kernel crash) via a pppd - client. -Notes: -Bugs: -upstream: -linux-2.6: -2.6.8-sarge-security: released (2.6.8-15) [drivers-net-ppp_async-fix-dos.dpatch] -2.4.27-sarge-security: released (2.4.27-9) [153_ppp_async_dos.diff] -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/patch-tracking/retired/CVE-2005-0400 b/patch-tracking/retired/CVE-2005-0400 deleted file mode 100644 index 840633425..000000000 --- a/patch-tracking/retired/CVE-2005-0400 +++ /dev/null @@ -1,32 +0,0 @@ -Candidate: CVE-2005-0400 -References: - BUGTRAQ:20050401 Information leak in the Linux kernel ext2 implementation - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111238764720696&w=2 - MISC:http://arkoon.net/advisories/ext2-make-empty-leak.txt - FEDORA:FLSA:152532 - URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532 - UBUNTU:USN-103-1 - URL:http://www.ubuntulinux.org/support/documentation/usn/usn-103-1 - XF:kernel-ext2-information-disclosure(19866) - URL:http://xforce.iss.net/xforce/xfdb/19866 - CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6 - SECUNIA:14713 - URL:http://secunia.com/advisories/14713/ -Description: - The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not - properly initialize memory when creating a block for a new directory entry, - which allows local users to obtain potentially sensitive information by - reading the block. -Notes: -Bugs: 301799 303294 -upstream: released (2.6.11.6) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-16) [fs-ext2-info-leak.dpatch] -2.4.27-sarge-security: released (2.4.27-10) [156_fs-ext2-info-leak.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-0449 b/patch-tracking/retired/CVE-2005-0449 deleted file mode 100644 index 62875ef27..000000000 --- a/patch-tracking/retired/CVE-2005-0449 +++ /dev/null @@ -1,20 +0,0 @@ -Candidate: CVE-2005-0449 -References: - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0449 - http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1e01441051dda3bb01c455b6e20bce6d00563\d82 - http://oss.sgi.com/archives/netdev/2005-01/msg01107.html -Description: - The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to - cause a denial of service (kernel crash) or bypass firewall rules via crafted - packets, which are not properly handled by the skb_checksum_help function. -Notes: - ** CHANGES ABI ** - ipv4-fragment-queues-[1,2,2.1].dpatch are in sarge's 2.6.8. - ipv4-fragment-queues-[3,4].dpatch are awaiting an ABI event - . - 150_private_fragment_queues-[1,2].diff are awaiting a 2.4.27 ABI event -Bugs: -upstream: released (2.6.8.1) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-16sarge2) [ipv4-fragment-queues-1.dpatch, ipv4-fragment-queues-2.dpatch, ipv4-fragment-queues-3.dpatch, ipv4-fragment-queues-4.dpatch] -2.4.27-sarge-security: released (2.4.27-10sarge2) [150_private_fragment_queues-1.diff, 150_private_fragment_queues-2.diff] diff --git a/patch-tracking/retired/CVE-2005-0528 b/patch-tracking/retired/CVE-2005-0528 deleted file mode 100644 index d896c0f6d..000000000 --- a/patch-tracking/retired/CVE-2005-0528 +++ /dev/null @@ -1,28 +0,0 @@ -Candidate: CVE-2005-0528 -References: -Description: -Notes: - From Joey's 2.4.18-14.4 changelog: - * Applied patch by Andrea Arcangeli from 2.4.24 to fix privilege - escalation in the mremap() syscall [mm/mremap.c, CAN-2004-nnnn] - jmm> Isn't this CVE-2004-0077? - dannf> Looks like this is a different issue. Joey's patch is here: - http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremap - dannf> But it doesn't look like mitre has released the details yet: - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0528 - jmm> The patch is merged as of 2.4.27, but I'm not sure at which exact version - dannf> It looks like this would apply to 2.6, but isn't necessary because - dannf> its already fixed in a different way. 2.6 checks for a 0 new_len - dannf> earlier and errors out - jmm> This turned out to be a dupe of CVE-2003-0985 -Bugs: -upstream: N/A -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) diff --git a/patch-tracking/retired/CVE-2005-0529 b/patch-tracking/retired/CVE-2005-0529 deleted file mode 100644 index c941380b6..000000000 --- a/patch-tracking/retired/CVE-2005-0529 +++ /dev/null @@ -1,31 +0,0 @@ -Candidate: CVE-2005-0529 -References: - FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke - URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2 - MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html - CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4201818eC6aMn0x3GY_9rw3ueb2ZWQ - CONECTIVA:CLA-2005:930 - URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 - SUSE:SUSE-SA:2005:018 - URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html - BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2 -Description: - Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset - arguments to the proc_file_read and locks_read_proc functions, which leads to - a heap-based buffer overflow when a signed comparison causes negative integers - to be used in a positive context. -Notes: - dannf> 2.4 doesn't do the signed cast, so it shouldn't be vulnerable -Bugs: -upstream: released (2.6.11) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-14) [115-proc_file_read_nbytes_signedness_fix.dpatch] -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2005-0530 b/patch-tracking/retired/CVE-2005-0530 deleted file mode 100644 index 042124ce3..000000000 --- a/patch-tracking/retired/CVE-2005-0530 +++ /dev/null @@ -1,38 +0,0 @@ -Candidate: CVE-2005-0530 -References: - FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke - URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2 - MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html - CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@420181322LZmhPTewcCOLkubGwOL3w - CONECTIVA:CLA-2005:930 - URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 - SUSE:SUSE-SA:2005:018 - URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html - BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2 -Description: - Signedness error in the copy_from_read_buf function in n_tty.c for Linux - kernel 2.6.10 and 2.6.11rc1 allows local users to read kernel memory via a - negative argument. -Notes: - dannf> This doesn't affect 2.4: - marcello> v2.4 does not suffer from the issue mentioned by Guninski because - marcello> the first argument of the arithmetic comparison is not casted - marcello> to a "signed" value: - . - marcello> n = min((ssize_t)*nr, n); - . - marcello> That was the problem in v2.6, where an unsigned value bigger than - marcello> 2^31 would be treated as a negative signed. -Bugs: -upstream: released (2.6.11) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-14) [116-n_tty_copy_from_read_buf_signedness_fixes.dpatch] -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2005-0531 b/patch-tracking/retired/CVE-2005-0531 deleted file mode 100644 index 5a095abd9..000000000 --- a/patch-tracking/retired/CVE-2005-0531 +++ /dev/null @@ -1,20 +0,0 @@ -Candidate: CVE-2005-0531 -References: - FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke - URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2 - MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html - CONFIRM:http://linux.bkbits.net:8080/linux-2.6/gnupatch@4208e1fcfccuD-eH2OGM5mBhihmQ3A - CONECTIVA:CLA-2005:930 - URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 - BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2 -Description: - The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before - 2.6.11-rc4 may allow local users to trigger a buffer overflow via negative - arguments. -Notes: -Bugs: -upstream: released (2.6.11-rc4) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-14) [123-atm_get_addr_signedness_fix.dpatch] -2.4.27-sarge-security: released (2.4.27-9) [151_atm_get_addr_signedness_fix.diff] diff --git a/patch-tracking/retired/CVE-2005-0532 b/patch-tracking/retired/CVE-2005-0532 deleted file mode 100644 index ec7873f68..000000000 --- a/patch-tracking/retired/CVE-2005-0532 +++ /dev/null @@ -1,29 +0,0 @@ -Candidate: CVE-2005-0532 -References: - FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke - URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2 - MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html - CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@42018227TkNpHlX6BefnItV_GqMmzQ - SUSE:SUSE-SA:2005:018 - URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html - BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2 -Description: - The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for - Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit - architectures, may allow local users to trigger a buffer overflow as a result - of casting discrepancies between size_t and int data types. -Notes: - dannf> Vulnerable code didn't exist in 2.4 -Bugs: -upstream: released (2.6.11-rc3) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-14) [117-reiserfs_file_64bit_size_t_fixes.dpatch] -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2005-0736 b/patch-tracking/retired/CVE-2005-0736 deleted file mode 100644 index d6d730db0..000000000 --- a/patch-tracking/retired/CVE-2005-0736 +++ /dev/null @@ -1,22 +0,0 @@ -Candidate: CVE-2005-0736 -References: - http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032314.html - http://linux.bkbits.net:8080/linux-2.6/cset@422dd06a1p5PsyFhoGAJseinjEq3ew?nav=index.html|ChangeSet@-1d - http://www.novell.com/linux/security/advisories/2005_18_kernel.html - http://www.ubuntulinux.org/support/documentation/usn/usn-95-1 - http://www.securityfocus.com/bid/12763 -Description: - Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 - allows local users to overwrite kernel memory via a large number of events. -Notes: 2.4.* doesn't have epoll() -Bugs: -upstream: released (2.6.11.2) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2005-0749 b/patch-tracking/retired/CVE-2005-0749 deleted file mode 100644 index 44137f1c8..000000000 --- a/patch-tracking/retired/CVE-2005-0749 +++ /dev/null @@ -1,28 +0,0 @@ -Candidate: CVE-2005-0749 -References: - FEDORA:FLSA:152532 - URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532 - UBUNTU:USN-103-1 - URL:http://www.ubuntulinux.org/support/documentation/usn/usn-103-1 - CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6 - SECUNIA:14713 - URL:http://secunia.com/advisories/14713/ - XF:kernel-loadelflibrary-dos(19867) - URL:http://xforce.iss.net/xforce/xfdb/19867 -Description: - The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to - cause a denial of service (kernel crash) via a crafted ELF library or - executable, which causes a free of an invalid pointer. -Notes: -Bugs: 301799, 303498 -upstream: released (2.6.11.6) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-16) [fs-binfmt_elf-dos.dpatch] -2.4.27-sarge-security: released (2.4.27-10) [158_fs-binfmt_elf-dos.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-0750 b/patch-tracking/retired/CVE-2005-0750 deleted file mode 100644 index 7b2ad7794..000000000 --- a/patch-tracking/retired/CVE-2005-0750 +++ /dev/null @@ -1,32 +0,0 @@ -Candidate: CVE-2005-0750 -References: - BUGTRAQ:20050327 local root security bug in linux >= 2.4.6 <= 2.4.30-rc1 and 2.6.x.y <= 2.6.11.5 - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111204562102633&w=2 - FULLDISC:20050327 local root security bug in linux >= 2.4.6 <= 2.4.30-rc1 and 2.6.x.y <= 2.6.11.5 - URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032913.html - FEDORA:FLSA:152532 - URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532 - REDHAT:RHSA-2005:283 - URL:http://www.redhat.com/support/errata/RHSA-2005-283.html - REDHAT:RHSA-2005:284 - URL:http://www.redhat.com/support/errata/RHSA-2005-284.html - XF:kernel-bluezsockcreate-integer-underflow(19844) - URL:http://xforce.iss.net/xforce/xfdb/19844 -Description: - The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 - through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain - privileges via (1) socket or (2) socketpair call with a negative protocol - value. -Notes: -Bugs: 301799 -upstream: released (2.6.11.5) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-16) [net-bluetooth-signdness-fix.dpatch] -2.4.27-sarge-security: released (2.4.27-10) [155_net-bluetooth-signdness-fix.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-0756 b/patch-tracking/retired/CVE-2005-0756 deleted file mode 100644 index de676ae12..000000000 --- a/patch-tracking/retired/CVE-2005-0756 +++ /dev/null @@ -1,19 +0,0 @@ -Candidate: CVE-2005-0756 -References: - http://www.ubuntulinux.org/support/documentation/usn/usn-137-1 -Description: - ptrace 2.6.8.1 does not properly verify addresses on the amd64 platform, - which allows local users to cause a denial of service (kernel crash). -Notes: -Bugs: -upstream: -linux-2.6: -2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-kernel-ptrace-canonical-rip-2.dpatch] -2.4.27-sarge-security: released (2.4.27-10sarge1) -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-0757 b/patch-tracking/retired/CVE-2005-0757 deleted file mode 100644 index 49061609a..000000000 --- a/patch-tracking/retired/CVE-2005-0757 +++ /dev/null @@ -1,21 +0,0 @@ -Candidate: CVE-2005-0757 -References: -Description: - source: Trawled out of Red Hat's kernel-2.4.21-32.0.1.EL.src.rpm by Horms - inclusion: upstream code has been reworked and doesn't appear vulnerable - descrition: on 64 bit architectures incorrect handling of xattr offsets - may cause a local DoS - revision date: Fri, 29 Jul 2005 12:04:57 +0900 -Notes: -Bugs: -upstream: -2.4.27-sarge-security: released (2.4.27-10sarge1) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-ext3-64bit-offset.dpatch] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-0767 b/patch-tracking/retired/CVE-2005-0767 deleted file mode 100644 index 48d7e7372..000000000 --- a/patch-tracking/retired/CVE-2005-0767 +++ /dev/null @@ -1,22 +0,0 @@ -Candidate: CVE-2005-0767 -References: - http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945 - http://www.ubuntulinux.org/support/documentation/usn/usn-95-1 -Description: - Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allows - local users with DRI privileges to execute arbitrary code as root. -Notes: - horms> For the record: - horms> The patch seems to already be present in 2.6.11. - horms> And the bug does not seem to be present in 2.4.27. -Bugs: 297203 -upstream: released (2.6.11-rc4) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-15) -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2005-0815 b/patch-tracking/retired/CVE-2005-0815 deleted file mode 100644 index 19302776b..000000000 --- a/patch-tracking/retired/CVE-2005-0815 +++ /dev/null @@ -1,28 +0,0 @@ -Candidate: CVE-2005-0815 -References: - BUGTRAQ:20050317 Linux ISO9660 handling flaws - URL:http://www.securityfocus.com/archive/1/393590 - CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.12-rc1 - FEDORA:FLSA:152532 - URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532 - BID:12837 - URL:http://www.securityfocus.com/bid/12837 - XF:kernel-iso9660-filesystem(19741) - URL:http://xforce.iss.net/xforce/xfdb/19741 -Description: - Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux - 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt - memory via a crafted filesystem. -Notes: -Bugs: 301799 -upstream: released (2.6.12-rc1) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-16) [fs-isofs-range-check-1.dpatch, fs-isofs-range-check-2.dpatch, fs-isofs-range-check-3.dpatch] -2.4.27-sarge-security: released (2.4.27-10) [157_fs-isofs-range-check-1.diff, 157_fs-isofs-range-check-2.diff, 157_fs-isofs-range-check-3.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-0839 b/patch-tracking/retired/CVE-2005-0839 deleted file mode 100644 index 5a933031d..000000000 --- a/patch-tracking/retired/CVE-2005-0839 +++ /dev/null @@ -1,23 +0,0 @@ -Candidate: CVE-2005-0839 -References: - MLIST:[linux-kernel] 20050301 Re: Breakage from patch: Only root should be able to set the N_MOUSE line discipline. - URL:http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg64704.html - MISC:http://linux.bkbits.net:8080/linux-2.6/cset@41fa6464E1UuGu6zmketEYxm73KSyQ -Description: - Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE line - discipline for a TTY, which allows local users to gain privileges by injecting - mouse or keyboard events into other user sessions. -Notes: - dannf> This file isn't in <= 2.4.27 -Bugs: 301372 -upstream: released (2.6.11) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-16) [drivers-input-serio-nmouse.dpatch] -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2005-0867 b/patch-tracking/retired/CVE-2005-0867 deleted file mode 100644 index 116d7497f..000000000 --- a/patch-tracking/retired/CVE-2005-0867 +++ /dev/null @@ -1,22 +0,0 @@ -Candidate: CVE-2005-0867 -References: - http://www.novell.com/linux/security/advisories/2005_18_kernel.html -Description: - Integer overflow in Linux kernel 2.6 allows local users to overwrite kernel - memory by writing to a sysfs file. -Notes: - horms> The Debian Packages for 2.6.8 and 2.6.11 do not appear to - horms> have this bug. 2.4.27 does not include sysfs, and thus - horma> also does not have this bug. - jmm> The patch for the vulnerability in question can be found in the BTS -Bugs: 306137 -upstream: -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2005-0916 b/patch-tracking/retired/CVE-2005-0916 deleted file mode 100644 index 9ed5249f2..000000000 --- a/patch-tracking/retired/CVE-2005-0916 +++ /dev/null @@ -1,22 +0,0 @@ -Candidate: CVE-2005-0916 -References: - http://groups-beta.google.com/group/linux.kernel/browse_thread/thread/13b43bd5783842f6/7ce3c5a514a497ab - http://linux.bkbits.net:8080/linux-2.6/cset%404248c8c0es30_4YVdwa6vteKi7h_nw - http://www.novell.com/linux/security/advisories/2005_50_kernel.html -Description: - AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with - CONFIG_HUGETLB_PAGE enabled allows local panic) via a process that executes - the io_queue_init function but exits without running io_queue_release, which - to fail. -Notes: -Bugs: -upstream: released (2.6.12) -linux-2.6: released (2.6.12-1) -2.6.8-sarge-security: released (2.6.8-16) [arch-ppc64-hugepage-aio-panic.dpatch] -2.4.27-sarge-security: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: diff --git a/patch-tracking/retired/CVE-2005-1041 b/patch-tracking/retired/CVE-2005-1041 deleted file mode 100644 index c27caac5f..000000000 --- a/patch-tracking/retired/CVE-2005-1041 +++ /dev/null @@ -1,22 +0,0 @@ -Candidate: CVE-2005-1041 -References: - http://marc.theaimsgroup.com/?l=bk-commits-head&m=111186506706769&w=2 -Description: - The fib_seq_start function in fib_hash.c in Linux kernel allows local - users to cause a denial of service (system crash) via /proc/net/route. -Notes: - horms> 2.4.27 is not effected by 304548 as the buggy code is a complete - horms> rework for 2.6. I looked over the way that proc/route is handled - horms> for 2.4.27, and it seems fine. -Bugs: 304548 -upstream: released (2.6.11.5) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-16) -2.4.27-sarge-security: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-1263 b/patch-tracking/retired/CVE-2005-1263 deleted file mode 100644 index 4c749bfd5..000000000 --- a/patch-tracking/retired/CVE-2005-1263 +++ /dev/null @@ -1,28 +0,0 @@ -Candidate: CVE-2005-1263 -References: - BUGTRAQ:20050511 Linux kernel ELF core dump privilege elevation - URL:http://www.securityfocus.com/archive/1/397966 - MISC:http://www.isec.pl/vulnerabilities/isec-0023-coredump.txt - FRSIRT:ADV-2005-0524 - URL:http://www.frsirt.com/english/advisories/2005/0524 - OVAL:OVAL1122 - URL:http://oval.mitre.org/oval/definitions/data/oval1122.html -Description: - The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to - 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users - to execute arbitrary code via an ELF binary that, in certain conditions - involving the create_elf_tables function, causes a negative length argument - to pass a signed integer comparison, leading to a buffer overflow. -Notes: -Bugs: -upstream: released (2.2.27-rc2, 2.4.31-pre1, 2.6.12-rc4) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-16) -2.4.27-sarge-security: released (2.4.27-10) -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-1368 b/patch-tracking/retired/CVE-2005-1368 deleted file mode 100644 index 03933ce25..000000000 --- a/patch-tracking/retired/CVE-2005-1368 +++ /dev/null @@ -1,23 +0,0 @@ -Candidate: CVE-2005-1368 -References: - http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.8 - http://linux.bkbits.net:8080/linux-2.6/cset%40423078fafVa6mAyny23YZ87hDipmTw -Description: - The key_user_lookup function in security/keys/key.c in Linux kernel 2.6.10 to 2.6.11.8 may allow - attackers to cause a denial of service (oops) via SMP. -Notes: - horms> The fix for CAN-2005-1368 is in SVN for 2.6.11. - horms> The code that this bug manifests in is not present - horms> in 2.6.8 or 2.4.27. - jmm> The code in question isn't present in Woody either -Bugs: -upstream: released (2.6.11.8) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2005-1369 b/patch-tracking/retired/CVE-2005-1369 deleted file mode 100644 index 10d7dd87f..000000000 --- a/patch-tracking/retired/CVE-2005-1369 +++ /dev/null @@ -1,24 +0,0 @@ -Candidate: CVE-2005-1369 -References: - http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.8 - http://lkml.org/lkml/2005/4/20/159 -Description: - The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before 2.6.11.8, - and 2.6.12 before 2.6.12-rc2, create the sysfs "alarms" file with write - permissions, which allows local users to cause a denial of service (CPU - consumption) by attempting to write to the file, which does not have an - associated store function. -Notes: - jmm> These drivers are not present in 2.4 -Bugs: 307552 -upstream: released (2.6.11.8) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-16) -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2005-1589 b/patch-tracking/retired/CVE-2005-1589 deleted file mode 100644 index da505ae32..000000000 --- a/patch-tracking/retired/CVE-2005-1589 +++ /dev/null @@ -1,36 +0,0 @@ -Candidate: CVE-2005-1589 -References: - http://marc.theaimsgroup.com/?l=linux-kernel&m=111630531515901&w=2 - http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html - http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html - http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0047.html - http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10 - http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219 - http://www.frsirt.com/english/advisories/2005/0557 -Description: - The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) - in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before - passing an ioctl to the block device, which crosses security boundaries by - making kernel address space accessible from user space and allows local users - to cause a denial of service and possibly execute arbitrary code, a similar - vulnerability to CVE-2005-1264. -Notes: - horms> (discussing this and a similar problem): - horms> 2.6.8 is only vulnerable to the raw ioctl problem, - horms> which I believe is CAN-2005-1264. - horms> (unstable/testing-proposed-updates) and sarge-security - horms> (testing-security) branches and it should appear in 2.6.8-16 and - horms> 2.6.8-15sarge1 respectively. - horms> 2.4.27 does not appear to be vulnerable to either of these problems. -Bugs: 309429 -upstream: released (2.6.11.10), released (2.6.12-rc5) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-16) -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2005-1761 b/patch-tracking/retired/CVE-2005-1761 deleted file mode 100644 index 13f917137..000000000 --- a/patch-tracking/retired/CVE-2005-1761 +++ /dev/null @@ -1,25 +0,0 @@ -Candidate: CVE-2005-1761 -References: - http://www.novell.com/linux/security/advisories/2005_44_kernel.html - http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ea78729b8dbfc400fe165a57b90a394a7275a54 -Description: - Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users - to cause a denial of service (kernel crash) via ptrace and the - restore_sigcontext function. -Notes: - jmm> This uses arch-ia64-ptrace-restore_sigcontext.dpatch, correct? - dannf> 2.4 patch for ia64 from SuSE in: CVE-2005-1761-linux24.patch - dannf> Unfortunately, its against an older 2.4, so this doesn't apply - dannf> trivially -Bugs: -upstream: released (2.6.12.1) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-private-tss.dpatch, arch-x86_64-nmi.dpatch, arch-ia64-ptrace-getregs-putregs.dpatch, arch-ia64-ptrace-restore_sigcontext.dpatch] -2.4.27-sarge-security: released (2.4.27-10sarge2) [204_arch-ia64-ptrace-getregs-putregs.diff, 205_arch-ia64-ptrace-restore_sigcontext.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-1762 b/patch-tracking/retired/CVE-2005-1762 deleted file mode 100644 index cdf20f53e..000000000 --- a/patch-tracking/retired/CVE-2005-1762 +++ /dev/null @@ -1,22 +0,0 @@ -Candidate: CVE-2005-1762 -References: - http://www.novell.com/linux/security/advisories/2005_29_kernel.html - http://www.ubuntulinux.org/support/documentation/usn/usn-143-1 - http://secunia.com/advisories/15786 -Description: - The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 - platform allows local users to cause a denial of service (kernel - crash) via a "non-canonical" address. -Notes: -Bugs: -upstream: released (2.6.12-rc5) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch] -2.4.27-sarge-security: released (2.4.27-10sarge1) [169_arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-1764 b/patch-tracking/retired/CVE-2005-1764 deleted file mode 100644 index 26a1a60b1..000000000 --- a/patch-tracking/retired/CVE-2005-1764 +++ /dev/null @@ -1,30 +0,0 @@ -Candidate: CVE-2005-1764 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1764 - Final-Decision: - Interim-Decision: - Modified: - Proposed: - Assigned: 20050531 - Category: SF - CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=637716a3825e186555361574aa1fa3c0ebf8018b - CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=637716a3825e186555361574aa1fa3c0ebf8018bReference: SUSE:SUSE-SA:2005:029 - URL:http://freshmeat.net/articles/view/1678/ -Description: - Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard - page for the 47-bit address page to protect against an AMD K8 bug, - which allows local users to cause a denial of service. -Notes: - horms> I believe that only 2.6.11 is vulnerable to this -upstream: released (2.6.11.11) -2.6.8-sarge-security: N/A -2.4.27-sid/sarge: N/A -2.4.27-sarge-security: N/A -linux-2.6: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2005-1765 b/patch-tracking/retired/CVE-2005-1765 deleted file mode 100644 index f17d7dbcd..000000000 --- a/patch-tracking/retired/CVE-2005-1765 +++ /dev/null @@ -1,24 +0,0 @@ -Candidate: CVE-2005-1765 -References: - http://www.novell.com/linux/security/advisories/2005_29_kernel.html - http://www.ubuntulinux.org/support/documentation/usn/usn-143-1 -Description: - syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, - when running in 32-bit compatibility mode, allows local users to cause - a denial of service (kernel hang) via crafted arguments. -Notes: - jmm> I've extracted the patch from the Ubuntu update (CVE-2005-1765.patch) - dannf> This code was very different in 2.4, and we don't ship 2.4/amd64, so - I'll mark 2.4 N/A -Bugs: -upstream: -linux-2.6: -2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-mm-mmap.dpatch] -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2005-1767 b/patch-tracking/retired/CVE-2005-1767 deleted file mode 100644 index e1cbe9950..000000000 --- a/patch-tracking/retired/CVE-2005-1767 +++ /dev/null @@ -1,23 +0,0 @@ -Candidate: CVE-2005-1767 -References: - CONFIRM:http://kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=51e31546a2fc46cb978da2ee0330a6a68f07541e - http://www.novell.com/linux/security/advisories/2005_44_kernel.html - http://www.ubuntu.com/usn/usn-187-1 -Description: - traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception - stack, which allows local users to cause a denial of service (oops and stack fault exception). -Notes: - This is already fixed in 2.6 and added for completeness. - Horms> This is amd64 specific, and thus should not affect 2.4 -Bugs: -upstream: released (2.6.12, 2.4.32) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-kernel-stack-faults.dpatch, arch-x86_64-nmi.dpatch, arch-x86_64-kernel-stack-faults.dpatch] -2.4.27-sarge-security: released (2.4.27-10sarge1) [181_arch-x86_64-kernel-stack-faults.diff] -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2005-1768 b/patch-tracking/retired/CVE-2005-1768 deleted file mode 100644 index 00eb28330..000000000 --- a/patch-tracking/retired/CVE-2005-1768 +++ /dev/null @@ -1,34 +0,0 @@ -Candidate: CVE-2005-1768 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1768 - Final-Decision: - Interim-Decision: - Modified: - Proposed: - Assigned: 20050531 - Category: SF - BUGTRAQ:20050711 [ Suresec Advisories ] - Linux kernel ia32 compatibility (ia64/x86-64) - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112110120216116&w=2 - MISC:http://www.suresec.org/advisories/adv4.pdf -Description: - Race condition in the ia32 compatibility code for the execve system - call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows - local users to cause a denial of service (kernel panic) and possibly - execute arbitrary code via a concurrent thread that increments a - pointer count after the nargs function has counted the pointers, but - before the count is copied from user space to kernel space, which - leads to a buffer overflow. -Notes: - 167_arch-ia64-x86_64_execve.diff (note 2.4 is not supported for amd64) -upstream: released (2.4.31, 2.6.6) -2.6.8-sarge-security: N/A -2.4.27-sid/sarge: released (2.4.27-11) -2.4.27-sarge-security: released (2.4.27-10sarge1) -linux-2.6: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-1913 b/patch-tracking/retired/CVE-2005-1913 deleted file mode 100644 index e3ccfe9f9..000000000 --- a/patch-tracking/retired/CVE-2005-1913 +++ /dev/null @@ -1,37 +0,0 @@ -Candidate: CVE-2005-1913 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1913 - Final-Decision: - Interim-Decision: - Modified: - Proposed: - Assigned: 20050608 - Category: SF - CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.1 - UBUNTU:USN-178-1 - URL:http://www.ubuntu.com/usn/usn-178-1 - BID:14054 - URL:http://www.securityfocus.com/bid/14054 - SECUNIA:15786 - URL:http://secunia.com/advisories/15786/ - XF:kernel-subthread-dos(21138) - URL:http://xforce.iss.net/xforce/xfdb/21138 -Description: - The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a - denial of service (kernel panic) via a non group-leader thread - executing a different program than was pending in itimer, which causes - the signal to be delivered to the old group-leader task, which does - not exist. -Notes: -upstream: released (2.6.12.1) -2.6.8-sarge-security: N/A -2.4.27-sid/sarge: N/A -2.4.27-sarge-security: N/A -linux-2.6: released (2.6.12-1) [linux-2.6.12.1.patch] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-2098 b/patch-tracking/retired/CVE-2005-2098 deleted file mode 100644 index 20aaf4f50..000000000 --- a/patch-tracking/retired/CVE-2005-2098 +++ /dev/null @@ -1,33 +0,0 @@ -Candidate: CVE-2005-2098 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2098 - Final-Decision: - Interim-Decision: - Modified: - Proposed: - Assigned: 20050630 - Category: SF - CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5 - UBUNTU:USN-169-1 - URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1 - SECUNIA:16355 - URL:http://secunia.com/advisories/16355/ -Description: - The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before - 2.6.12.5 contains an error path that does not properly release the - session management semaphore, which allows local users or remote - attackers to cause a denial of service (semaphore hang) via a new - session keyring (1) with an empty name string, (2) with a long name - string, (3) with the key quota reached, or (4) ENOMEM. -upstream: released (2.6.12.5) -2.6.8-sarge-security: N/A -2.4.27-sid/sarge: N/A -2.4.27-sarge-security: N/A -linux-2.6: released (2.6.12-3) [linux-2.6.12.5.patch] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-2099 b/patch-tracking/retired/CVE-2005-2099 deleted file mode 100644 index 15e33c8a5..000000000 --- a/patch-tracking/retired/CVE-2005-2099 +++ /dev/null @@ -1,32 +0,0 @@ -Candidate: CVE-2005-2099 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2099 - Final-Decision: - Interim-Decision: - Modified: - Proposed: - Assigned: 20050630 - Category: SF - CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5 - UBUNTU:USN-169-1 - URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1 - SECUNIA:16355 - URL:http://secunia.com/advisories/16355/ -Description: - The Linux kernel before 2.6.12.5 does not properly destroy a keyring - that is not instantiated properly, which allows local users or remote - attackers to cause a denial of service (kernel oops) via a keyring - with a payload that is not empty, which causes the creation to fail, - leading toa null dereference in the keyring destructor. -upstream: released (2.6.12.5) -2.6.8-sarge-security: N/A -2.4.27-sid/sarge: N/A -2.4.27-sarge-security: N/A -linux-2.6: released (2.6.12-3) [linux-2.6.12.5.patch] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-2100 b/patch-tracking/retired/CVE-2005-2100 deleted file mode 100644 index 343d09d61..000000000 --- a/patch-tracking/retired/CVE-2005-2100 +++ /dev/null @@ -1,24 +0,0 @@ -Candidate: CVE-2005-2100 -References: - CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165547 - REDHAT:RHSA-2005:514 - URL:http://www.redhat.com/support/errata/RHSA-2005-514.html -Description: - The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in - Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows - local users to cause a denial of service (crash). -Notes: - horms> This is a bug in the Red Hat 4G/4G patch, and doesn't appear - in Upstream or Debian Kernels. -Bugs: -upstream: -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-2456 b/patch-tracking/retired/CVE-2005-2456 deleted file mode 100644 index 90b2a29a1..000000000 --- a/patch-tracking/retired/CVE-2005-2456 +++ /dev/null @@ -1,32 +0,0 @@ -Candidate: CVE-2005-2456 -References: - http://www.mail-archive.com/netdev@vger.kernel.org/msg00520.html - http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a4f1bac62564049ea4718c4624b0fadc9f597c84 - http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=8da3e25b2c4c1f305fd85428d3a9eb62b543bfba;hp=ecade4893a139cc35d4fe345ce70242ede5358c4;hb=a4f1bac62564049ea4718c4624b0fadc9f597c84;f=net/xfrm/xfrm_user.c - http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219 - http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:220 - http://www.ubuntulinux.org/support/documentation/usn/usn-169-1 - http://www.novell.com/linux/security/advisories/2005_50_kernel.html - http://www.securityfocus.com/bid/14477 - http://secunia.com/advisories/16298 - http://secunia.com/advisories/16500 - http://xforce.iss.net/xforce/xfdb/21710 -Description: - Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c - in Linux kernel 2.6 allows local users to cause a denial of service (oops - or deadlock) and possibly execute arbitrary code via a p->dir value that is - larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy - array. -Notes: -Bugs: 321401 -upstream: -linux-2.6: released (2.6.12-2) -2.6.8-sarge-security: released (2.6.8-16sarge1) -2.4.27-sarge-security: released (2.4.27-10sarge1) [176_ipsec-array-overflow.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-2457 b/patch-tracking/retired/CVE-2005-2457 deleted file mode 100644 index 06715f7f6..000000000 --- a/patch-tracking/retired/CVE-2005-2457 +++ /dev/null @@ -1,27 +0,0 @@ -Candidate: CVE-2005-2457 -References: - URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2457 - CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5 - UBUNTU:USN-169-1 - URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1 - BID:14614 - URL:http://www.securityfocus.com/bid/14614 - SECUNIA:16355 - URL:http://secunia.com/advisories/16355/ -Description: - The driver for compressed ISO file systems (zisofs) in the Linux - kernel before 2.6.12.5 allows local users and remote attackers to - cause a denial of service (kernel crash) via a crafted compressed ISO - file system. -upstream: released (2.6.12.5) -2.6.8-sarge-security: released (2.6.8-16sarge2) [zisofs.diff] -2.4.27-sid/sarge: pending [187_zisofs-2.diff] -2.4.27-sarge-security: released (2.4.27-10sarge2) [187_zisofs-2.diff] -linux-2.6: released (2.6.12-3) [linux-2.6.12.5.patch] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-2458 b/patch-tracking/retired/CVE-2005-2458 deleted file mode 100644 index 6d7b55a27..000000000 --- a/patch-tracking/retired/CVE-2005-2458 +++ /dev/null @@ -1,32 +0,0 @@ -Candidate: CVE-2005-2458 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2458 - Final-Decision: - Interim-Decision: - Modified: - Proposed: - Assigned: 20050805 - Category: SF - MLIST:[bug-gnu-utils] 19990625 Re: bug in gzip: segfault when doing "gzip -t" on a broken file - URL:http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html - CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5 - UBUNTU:USN-169-1 - URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1 - SECUNIA:16355 - URL:http://secunia.com/advisories/16355/ -Description: - inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 - allows remote attackers to cause a denial of service (kernel crash) - via a compressed file with "improper tables". -upstream: released (2.6.12.5) -linux-2.6: released (2.6.12-3) [linux-2.6.12.5.patch] -2.6.8-sarge-security: released (2.6.8-16sarge1) [linux-zlib-fixes.dpatch] -2.4.27-sid/sarge: released (2.4.27-11) [182_linux-zlib-fixes.diff] -2.4.27-sarge-security: released (2.4.27-10sarge1) [182_linux-zlib-fixes.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-2459 b/patch-tracking/retired/CVE-2005-2459 deleted file mode 100644 index 2bdc6f428..000000000 --- a/patch-tracking/retired/CVE-2005-2459 +++ /dev/null @@ -1,31 +0,0 @@ -Candidate: CVE-2005-2459 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2459 - MISC:http://bugs.gentoo.org/show_bug.cgi?id=94584 - CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5 - UBUNTU:USN-169-1 - URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1 - SECUNIA:16355 - URL:http://secunia.com/advisories/16355/ -Description: - The huft_build function in inflate.c in the zlib routines in the Linux - kernel before 2.6.12.5 returns the wrong value, which allows remote - attackers to cause a denial of service (kernel crash) via a certain - compressed file that leads to a null pointer dereference, a different - vulnerability than CVE-2005-2458. -Notes: - This is a bogus fix that was applied in 2.6.12.5 and reverted in 2.6.12.6 - http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.6 - We included the broken fix in the sarge1 releases, so this backs it out. -upstream: released (2.6.12.5) -linux-2.6: released (2.6.12.3) -2.6.8-sarge-security: released (2.6.8-16sarge1) [linux-zlib-fixes.dpatch] -2.4.27-sid/sarge: released (2.4.27-11) [182_linux-zlib-fixes.diff] -2.4.27-sarge-security: released (2.4.27-10sarge1) [182_linux-zlib-fixes.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-2490 b/patch-tracking/retired/CVE-2005-2490 deleted file mode 100644 index d06ca1724..000000000 --- a/patch-tracking/retired/CVE-2005-2490 +++ /dev/null @@ -1,36 +0,0 @@ -Candidate: CVE-2005-2490 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2490 - Final-Decision: - Interim-Decision: - Modified: - Proposed: - Assigned: 20050808 - Category: SF - MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166248 - CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.1 - UBUNTU:USN-178-1 - URL:http://www.ubuntu.com/usn/usn-178-1 - BID:14785 - URL:http://www.securityfocus.com/bid/14785 - SECUNIA:16747 - URL:http://secunia.com/advisories/16747/ - XF:kernel-sendmsg-bo(22217) - URL:http://xforce.iss.net/xforce/xfdb/22217 -Description: - Stack-based buffer overflow in the sendmsg function call in the Linux - kernel 2.6 before 2.6.13.1 allows local users execute arbitrary code - by calling sendmsg and modifying the message contents in another - thread. -upstream: released (2.6.13.1), released (2.4.33-pre1) -linux-2.6: released (2.6.12-7, 2.6.13-1) [sendmsg-stackoverflow.patch, linux-2.6.13.1.patch] -2.6.8-sarge-security: released (2.6.8-16sarge2) [sendmsg-stackoverflow.dpatch] -2.4.27-sid/sarge: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-2492 b/patch-tracking/retired/CVE-2005-2492 deleted file mode 100644 index efc21d417..000000000 --- a/patch-tracking/retired/CVE-2005-2492 +++ /dev/null @@ -1,35 +0,0 @@ -Candidate: CVE-2005-2492 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2492 - Final-Decision: - Interim-Decision: - Modified: - Proposed: - Assigned: 20050808 - Category: SF - MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166830 - CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.1 - UBUNTU:USN-178-1 - URL:http://www.ubuntu.com/usn/usn-178-1 - BID:14787 - URL:http://www.securityfocus.com/bid/14787 - SECUNIA:16747 - URL:http://secunia.com/advisories/16747/ - XF:kernel-rawsendmsg-obtain-information(22218) - URL:http://xforce.iss.net/xforce/xfdb/22218 -Description: - The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 - allows local users to cause a denial of service (change hardware - state) or read from arbitrary memory via crafted input. -upstream: released (2.6.13.1) -linux-2.6: released (2.6.12-7, 2.6.13-1) [sendmsg-DoS.patch, linux-2.6.13.1.patch] -2.6.8-sarge-security: N/A -2.4.27-sid/sarge: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-2548 b/patch-tracking/retired/CVE-2005-2548 deleted file mode 100644 index 7aa9f590f..000000000 --- a/patch-tracking/retired/CVE-2005-2548 +++ /dev/null @@ -1,27 +0,0 @@ -Candidate: CVE-2005-2548 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2548 - Final-Decision: - Interim-Decision: - Modified: - Proposed: - Assigned: 20050812 - Category: SF - CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=309308 -Description: - vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a - denial of service (kernel oops from null dereference) via certain UDP - packets that lead to a function call with the wrong argument, as - demonstrated using snmpwalk on snmpd. -upstream: released (2.4.29) -2.6.8-sarge-security: released (2.6.8-16sarge1) [vlan-mii-ioctl.dpatch] -2.4.27-sid/sarge: N/A -2.4.27-sarge-security: N/A -linux-2.6: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-2553 b/patch-tracking/retired/CVE-2005-2553 deleted file mode 100644 index 444d853ce..000000000 --- a/patch-tracking/retired/CVE-2005-2553 +++ /dev/null @@ -1,24 +0,0 @@ -Candidate: CVE-2005-2553 -References: - URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2553 - CONFIRM:http://lkml.org/lkml/2005/1/5/245 - CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@41dd3455GwQPufrGvBJjcUOXQa3WXA -Description: - The find_target function in ptrace32.c in the Linux kernel 2.4.x - before 2.4.29 does not properly handle a NULL return value from - another function, which allows local users to cause a denial of - service (kernel crash/oops) by running a 32-bit ltrace program with - the -i option on a 64-bit executable program. -Bugs: -upstream: released (2.4.29) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sid/sarge: pending [184_arch-x86_64-ia32-ptrace32-oops.diff] -2.4.27-sarge-security: released (2.4.27-10sarge1) [184_arch-x86_64-ia32-ptrace32-oops.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-2555 b/patch-tracking/retired/CVE-2005-2555 deleted file mode 100644 index 4c4665195..000000000 --- a/patch-tracking/retired/CVE-2005-2555 +++ /dev/null @@ -1,21 +0,0 @@ -Candidate: CVE-2005-2555 -References: - URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2555 -Description: - Linux kernel 2.6.x does not properly restrict socket policy access to users - with the CAP_NET_ADMIN capability, which could allow local users to conduct - unauthorized activities via (1) ipv4/ip_sockglue.c and - (2) ipv6/ipv6_sockglue.c. -Notes: -Bugs: -upstream: released (2.6.13) -linux-2.6: released (2.6.13-1) -2.6.8-sarge-security: released (2.6.8-16sarge2) -2.4.27-sarge-security: released (2.4.27-10sarge2) -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-2708 b/patch-tracking/retired/CVE-2005-2708 deleted file mode 100644 index 8c10fd12f..000000000 --- a/patch-tracking/retired/CVE-2005-2708 +++ /dev/null @@ -1,24 +0,0 @@ -Candidate: CVE-2005-2708 -References: - CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161925 -Description: - The search_binary_handler function in exec.c in Linux kernel on 64-bit x86 - architectures does not check a return code for a particular function call when - virtual memory is low, which allows local users to cause a denial of service - (panic), as demonstrated by running a process using the bash ulimit -v - command. -Notes: - This bug only affects 2.4 and AMD64, a combination that does not exist in - Debian -Bugs: -upstream: released (2.4.33-pre1) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-2709 b/patch-tracking/retired/CVE-2005-2709 deleted file mode 100644 index 12eb1c7e1..000000000 --- a/patch-tracking/retired/CVE-2005-2709 +++ /dev/null @@ -1,30 +0,0 @@ -Candidate: CVE-2005-2709 -References: - CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob_plain;h=5dbbdc13a7bdbc132de44bc00e13079afaf033d0;f=2.6.14.1/cve-2005-2709-sysctl-unregistration-oops.patch -Description: - From: Al Viro - . - You could open the /proc/sys/net/ipv4/conf// file, then - wait for interface to go away, try to grab as much memory as possible in - hope to hit the (kfreed) ctl_table. Then fill it with pointers to your - function. Then do read from file you've opened and if you are lucky, - you'll get it called as ->proc_handler() in kernel mode. -Notes: - CVE is reserved, so we can't take the description from there yet - . - dannf> arch/s390/appldata/appldata_base.c doesn't exist in 2.4, so I dropped - dannf> that hunk in my backport - . - **THIS IS AN ABI CHANGE** -Bug: -upstream: released (2.6.14.1), released (2.4.33-pre1) -linux-2.6: released (2.6.14-3) -2.6.8-sarge-security: released (2.6.8-16sarge2) [sysctl-unregistration-oops.dpatch] -2.4.27-sarge-security: released (2.4.27-10sarge2) [196_sysctl-unregistration-oops.patch] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-2800 b/patch-tracking/retired/CVE-2005-2800 deleted file mode 100644 index 6174e4950..000000000 --- a/patch-tracking/retired/CVE-2005-2800 +++ /dev/null @@ -1,24 +0,0 @@ -Candidate: CVE-2005-2800 -References: - URL:http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2005-2800 -Description: - Memory leak in the seq_file implemenetation in the SCSI procfs interface - (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a - denial of service (memory consumption) via certain repeated reads from the - /proc/scsi/sg/devices file, which is not properly handled when the next() - iterator returns NULL or an error. -Notes: - dannf> seq_file is a 2.6ism, so marking 2.4 as N/A - dannf> There's a trivial test case - can it be reproduce this on 2.4? -Bugs: -upstream: released (2.6.12.6) -linux-2.6: released (2.6.12-6) -2.6.8-sarge-security: released (2.6.8-16sarge2) -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2005-2801 b/patch-tracking/retired/CVE-2005-2801 deleted file mode 100644 index 975e4eec2..000000000 --- a/patch-tracking/retired/CVE-2005-2801 +++ /dev/null @@ -1,26 +0,0 @@ -Candidate: CVE-2005-2801 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801 - MLIST:[Acl-Devel] 20050205 [FIX] Long-standing xattr sharing bug - URL:http://acl.bestbits.at/pipermail/acl-devel/2005-February/001848.html - MLIST:[debian-kernel] 20050809 Re: ACL patches in Debian 2.4 series kernel. - URL:http://lists.debian.org/debian-kernel/2005/08/msg00238.html - SUSE:SUSE-SA:2005:018 - URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html -Description: - xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 - does not properly compare the name_index fields when sharing xattr - blocks, which could prevent default ACLs from being applied. -Bugs: 332381 -upstream: released (2.6.11) -2.6.8-sarge-security: released (2.6.8-16sarge1) [fs_ext2_ext3_xattr-sharing.dpatch] -2.4.27-sarge-security: released (2.4.27-10sarge1) [178_fs_ext2_ext3_xattr-sharing.diff] -2.4.27-sid: released (2.4.27-12) [178_fs_ext2_ext3_xattr-sharing.diff] -linux-2.6: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-2872 b/patch-tracking/retired/CVE-2005-2872 deleted file mode 100644 index 5fb79ff8a..000000000 --- a/patch-tracking/retired/CVE-2005-2872 +++ /dev/null @@ -1,31 +0,0 @@ -Candidate: CVE-2005-2872 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2872 - Final-Decision: - Interim-Decision: - Modified: - Proposed: - Assigned: 20050909 - Category: SF - Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322237 - Reference: - CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/lsm-2.6.git;a=commit;h=bcfff0b471a60df350338bcd727fc9b8a6aa54b2 -Description: - The ipt_recent kernel module (ipt_recent.c) in Linux kernel before - 2.6.12, when running on 64-bit processors such as AMD64, allows remote - attackers to cause a denial of service (kernel panic) via certain - attacks such as SSH brute force, which leads to memset calls using a - length based on the u_int32_t type, acting on an array of unsigned - long elements, a different vulnerability than CVE-2005-2873. -upstream: released (2.6.12) -2.6.8-sarge-security: released (2.6.8-16sarge1) [net-ipv4-netfilter-ip_recent-last_pkts.dpatch] -2.4.27-sid/sarge: released (2.4.27-12) [179_net-ipv4-netfilter-ip_recent-last_pkts.diff] -2.4.27-sarge-security: released (2.4.27-10sarge1) [179_net-ipv4-netfilter-ip_recent-last_pkts.diff] -linux-2.6: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-2973 b/patch-tracking/retired/CVE-2005-2973 deleted file mode 100644 index ba46533dc..000000000 --- a/patch-tracking/retired/CVE-2005-2973 +++ /dev/null @@ -1,21 +0,0 @@ -Candidate: CVE-2005-2973 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973 - CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4342df67SNhRx_3FGhUrrU-FXLlQIA -Description: - Fix infinite loop in udp_v6_get_port(). -Bugs: -Notes: - submitted for inclusion in 2.4.32-rc2 -upstream: released (2.6.14-rc4) -2.6.8-sarge-security: released (2.6.8-16sarge2) [net-ipv6-udp_v6_get_port-loop.patch] -2.4.27-sarge-security: released (2.4.27-10sarge2) [195_net-ipv6-udp_v6_get_port-loop.diff] -2.4.27-sarge/sid: pending (2.4.27-12) -linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1) -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3053 b/patch-tracking/retired/CVE-2005-3053 deleted file mode 100644 index 27a385f0b..000000000 --- a/patch-tracking/retired/CVE-2005-3053 +++ /dev/null @@ -1,28 +0,0 @@ -Candidate: CVE-2005-3053 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3053 - Final-Decision: - Interim-Decision: - Modified: - Proposed: - Assigned: 20050926 - Category: SF - Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@42eef8b09C5r6iI0LuMe5Uy3k05c5g -Description: - The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x - allows local users to cause a denial of service (kernel BUG()) via a - negative first argument. -Notes: - horms> http://lkml.org/lkml/2005/9/30/218 -upstream: released (2.6.12.5) -linux-2.6: released (2.6.12-3) -2.6.8-sarge-security: released (2.6.8-16sarge2) [mempolicy-check-mode.dpatch] -2.4.27-sid/sarge: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3055 b/patch-tracking/retired/CVE-2005-3055 deleted file mode 100644 index c4da25294..000000000 --- a/patch-tracking/retired/CVE-2005-3055 +++ /dev/null @@ -1,33 +0,0 @@ -Candidate: CVE-2005-3055 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3055 - Final-Decision: - Interim-Decision: - Modified: - Proposed: - Assigned: 20050926 - Category: SF - MLIST:[linux-kernel] 20050925 [BUG/PATCH/RFC] Oops while completing async USB via usbdevio - URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=112766129313883 -Description: - Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial - of service (kernel OOPS) via a userspace process that issues a USB - Request Block (URB) to a USB device and terminates before the URB is - finished, which leads to a stale pointer reference. -Notes: - horms> http://lkml.org/lkml/mbox/2005/10/11/90 - horms> http://lkml.org/lkml/2005/10/11/90 - horms> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330287;msg=21 -Bugs: 330287, 332587 -upstream: released (2.6.14-rc4) -linux-2.6: released (2.6.14-1) -2.6.8-sarge-security: released (2.6.8-16sarge2) -2.4.27-sid/sarge: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3106 b/patch-tracking/retired/CVE-2005-3106 deleted file mode 100644 index 7b2b2e997..000000000 --- a/patch-tracking/retired/CVE-2005-3106 +++ /dev/null @@ -1,33 +0,0 @@ -Candidate: CVE-2005-3106 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3106 - Final-Decision: - Interim-Decision: - Modified: - Proposed: - Assigned: 20050930 - Category: SF - CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.156?nav=index.html|src/|src/fs|hist/fs/exec.c -Description: - Race condition in Linux 2.6, when threads are sharing memory mapping - via CLONE_VM (such as linuxthreads and vfork), might allow local users - to cause a denial of service (deadlock) by triggering a core dump - while waiting for a thread that has just performed an exec. - . - Extra information from Moritz Muehlenhof: - CVE-2005-3106: - DoS through race condition in processes that share a memory mapping through - CLONE_VM - http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.156?nav=index.html|src/|src/fs|hist/fs/exec.c -upstream: released (2.6.11) -2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-exec-ptrace-core-exec-race.dpatch] -2.4.27-sid/sarge: N/A -2.4.27-sarge-security: N/A -linux-2.6: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3107 b/patch-tracking/retired/CVE-2005-3107 deleted file mode 100644 index 5123c7b37..000000000 --- a/patch-tracking/retired/CVE-2005-3107 +++ /dev/null @@ -1,33 +0,0 @@ -Candidate: CVE-2005-3107 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3107 - Final-Decision: - Interim-Decision: - Modified: - Proposed: - Assigned: 20050930 - Category: SF - CONFIRM:http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.11-rc1/2.6.11-rc1-mm1/broken-out/fix-coredump_wait-deadlock-with-ptracer-tracee-on-shared-mm.patch - CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.155?nav=index.html|src/|src/fs|hist/fs/exec.c -Description: - fs/exec.c in Linux 2.6, when one thread is tracing another thread that - shares the same memory map, might allow local users to cause a denial - of service (deadlock) by forcing a core dump when the traced thread is - in the TASK_TRACED state. - . - Extra information from Moritz Muehlenhof: - Local DoS through threads tracing each other by forcing a core dump, while the traced - thread is in TASK_TRACED state. - http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.11-rc1/2.6.11-rc1-mm1/broken-out/fix-coredump_wait-deadlock-with-ptracer-tracee-on-shared-mm.patch -upstream: released (2.6.11) -2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-exec-ptrace-deadlock.dpatch] -2.4.27-sid/sarge: N/A -2.4.27-sarge-security: N/A -linux-2.6: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3108 b/patch-tracking/retired/CVE-2005-3108 deleted file mode 100644 index 54985b8e0..000000000 --- a/patch-tracking/retired/CVE-2005-3108 +++ /dev/null @@ -1,31 +0,0 @@ -Candidate: CVE-2005-3108 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3108 - Final-Decision: - Interim-Decision: - Modified: - Proposed: - Assigned: 20050930 - Category: SF - CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2 -Description: - mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to - cause a denial of service or an information leak via an iremap on a - certain memory map that causes the iounmap to perform a lookup of a - page that does not exist. -Notes: - Extra information from Moritz Muehlenhof: - DoS and potential information leak in ioremap (seemingly specific to amd64) - http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2 -upstream: released (2.6.11.12) -2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-mm-ioremap-page-lookup.dpatch] -2.4.27-sid/sarge: N/A -2.4.27-sarge-security: N/A -linux-2.6: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3109 b/patch-tracking/retired/CVE-2005-3109 deleted file mode 100644 index 2d36440f0..000000000 --- a/patch-tracking/retired/CVE-2005-3109 +++ /dev/null @@ -1,32 +0,0 @@ -Candidate: CVE-2005-3109 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3109 - Final-Decision: - Interim-Decision: - Modified: - Proposed: - Assigned: 20050930 - Category: SF - CONFIRM:http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=945b092011c6af71a0107be96e119c8c08776f3f -Description: - The HFS and HFS+ (hfsplus) modules in Linux 2.6 allows attackers to - cause a denial of service (oops) by using hfsplus to mount a - filesystem that is not hfsplus. -Notes: - Extra information from Moritz Muehlenhof: - Local DoS through oops by mounting a non-HFS+ filesystem as HFS+. - Asking upstream about 2.4: http://lkml.org/lkml/2005/10/7/3/index.html - dannf> Looks like, from the above thread, that 2.4 is not affected; marking - as such. -upstream: released (2.6.11.12) -2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-hfs-oops-and-leak.dpatch] -2.4.27-sid/sarge: N/A -2.4.27-sarge-security: N/A -linux-2.6: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2005-3110 b/patch-tracking/retired/CVE-2005-3110 deleted file mode 100644 index 7b5f4922c..000000000 --- a/patch-tracking/retired/CVE-2005-3110 +++ /dev/null @@ -1,32 +0,0 @@ -Candidate: CVE-2005-3110 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3110 - Final-Decision: - Interim-Decision: - Modified: - Proposed: - Assigned: 20050930 - Category: SF - Reference: CONFIRM:http://sourceforge.net/mailarchive/forum.php?thread_id=6800453&forum_id=8572 -Description: - Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, - when running on an SMP system that is operating under a heavy load, - might allow remote attackers to cause a denial of service (crash) via - a series of packets that cause a value to be modified after it has - been read but before it has been locked. -Notes: - Extra information from Moritz Muehlenhof: - DoS on SMP, potentially 2.4 and 2.6 - http://sourceforge.net/mailarchive/forum.php?thread_id=6800453&forum_id=8572 -upstream: released (2.6.11.11) -2.6.8-sarge-security: released (2.6.8-16sarge1) [net-bridge-netfilter-etables-smp-race.dpatch] -2.4.27-sid/sarge: N/A -2.4.27-sarge-security: N/A -linux-2.6: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3119 b/patch-tracking/retired/CVE-2005-3119 deleted file mode 100644 index 85710594d..000000000 --- a/patch-tracking/retired/CVE-2005-3119 +++ /dev/null @@ -1,30 +0,0 @@ -Candidate: CVE-2005-3119 -References: - URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3119 - CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@43483fddCiQX1WyG_orbko06TrjMVA - REDHAT:RHSA-2005:808 - URL:http://www.redhat.com/support/errata/RHSA-2005-808.html - SECUNIA:17364 - URL:http://secunia.com/advisories/17364 -Description: - Memory leak in the request_key_auth_destroy function in request_key_auth in Linux - kernel 2.6.13 and earlier allows local users to cause a denial of service (memory - consumption) via a large number of authorization token keys. -Notes: - Plug request_key_auth memleak. This can be triggered by unprivileged - users, so is local DoS. - http://www.ussg.iu.edu/hypermail/linux/kernel/0510.0/1860.html - . - dannf> This file doesn't exist in 2.6.8, so sarge isn't vulnerable -upstream: released (2.6.13.4, 2.6.14) -linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1) -2.6.8-sarge-security: N/A -2.4.27-sid/sarge: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3179 b/patch-tracking/retired/CVE-2005-3179 deleted file mode 100644 index f2b7e5470..000000000 --- a/patch-tracking/retired/CVE-2005-3179 +++ /dev/null @@ -1,27 +0,0 @@ -Candidate: CVE-2005-3179 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3179 - Reference: CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=d7067d7d1f92cba14963a430cfbd53098cbbc8fd - Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=107893 -Description: - drm.c in Linux kernel 2.6.13 and earlier creates a debug file in sysfs - with world-readable and world-writable permissions, which allows local - users to enable DRM debugging and obtain sensitive information. -Notes: - (from Horms) - > > From: Dave Jones - > > - > > Please consider for next 2.6.13, it is a minor security issue allowing - > > users to turn on drm debugging when they shouldn't... -upstream: released (2.6.13.4) -linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1) -2.6.8-sarge-security: N/A -2.4.27-sid/sarge: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3180 b/patch-tracking/retired/CVE-2005-3180 deleted file mode 100644 index 70d585c35..000000000 --- a/patch-tracking/retired/CVE-2005-3180 +++ /dev/null @@ -1,31 +0,0 @@ -Candidate: CVE-2005-3180 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180 - CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=feecb2ffde28639e60ede769c6f817dc536c677b -Description: - The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does - not properly clear memory from a previously used packet whose length - is increased, which allows remote attackers to obtain sensitive - information. -Notes: - > > From: Pavel Roskin - > > - > > The orinoco driver can send uninitialized data exposing random pieces of - > > the system memory. This happens because data is not padded with zeroes - > > when its length needs to be increased. - horms> a better fix for this is - horms> http://mirror.local.valinux.co.jp/linux/kernel/v2.6/ChangeLog-2.6.15 - horms> 192_orinoco-info-leak.diff is missing the ALIGN macro which is not - horms> defined elsewhere in 2.4. - horms> is added by 192_orinoco-info-leak-2.diff -upstream: released (2.6.13.4), released (2.4.33-pre2) -linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1) -2.6.8-sarge-security: released (2.6.8-16sarge2) [orinoco-info-leak.dpatch] -2.4.27-sarge-security: released (2.4.27-10sarge2) [192_orinoco-info-leak.diff, 192_orinoco-info-leak-2.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3181 b/patch-tracking/retired/CVE-2005-3181 deleted file mode 100644 index 614a43ea9..000000000 --- a/patch-tracking/retired/CVE-2005-3181 +++ /dev/null @@ -1,24 +0,0 @@ -Candidate: CVE-2005-3181 -References: - URL: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2005-3181 - CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=829841146878e082613a49581ae252c071057c23 -Description: - Linux kernel before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an - incorrect function to free names_cache memory, which prevents the memory - from being tracked by AUDITSYSCALL code and leads to a memory leak that - allows attackers to cause a denial of service (memory consumption). -Notes: - 2.4 isn't vulnerable because AUDITSYSCALL doesn't exist in 2.4 -Bugs: -upstream: released (2.6.13.4) -2.6.8-sarge-security: released (2.6.8-16sarge2) -2.4.27-sarge-security: N/A -2.4.27-sarge/sid: N/A -linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1) -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3257 b/patch-tracking/retired/CVE-2005-3257 deleted file mode 100644 index f2dfa81ff..000000000 --- a/patch-tracking/retired/CVE-2005-3257 +++ /dev/null @@ -1,25 +0,0 @@ -Candidate: CVE-2005-3257 -References: - URL: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2005-3257 - CONFIRM: http://article.gmane.org/gmane.linux.debian.devel.bugs.general/8533 -Description: - The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12 allows local - users to use the KDSKBSENT ioctl on terminals of other users and gain - privileges, as demonstrated by modifying key bindings using loadkeys. -Bugs: 334113 -Notes: - The first patch is the bit that adds the capability check; the second - one makes it less anal (only apply to writes). - jmm> The patch targeted to 2.6.14.4 is slightly different, needs to be - jmm> sorted out. -upstream: released (2.4.32-rc3), released (2.6.15-rc1), released (2.6.14.4) -2.6.8-sarge-security: released (2.6.8-16sarge2) [setkeys-needs-root-1.dpatch, setkeys-needs-root-2.dpatch] -2.4.27-sarge-security: released (2.4.27-10sarge2) [197_setkeys-needs-root-1.diff, 197_setkeys-needs-root-2.diff] -linux-2.6: released (2.6.14-6) -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3271 b/patch-tracking/retired/CVE-2005-3271 deleted file mode 100644 index f2300a6c3..000000000 --- a/patch-tracking/retired/CVE-2005-3271 +++ /dev/null @@ -1,24 +0,0 @@ -Candidate: CVE-2005-3271 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3271 - MLIST:[linux-kernel] 20040911 [PATCH] exec: fix posix-timers leak and pending signal loss - URL:http://www.ussg.iu.edu/hypermail/linux/kernel/0409.1/1107.html - CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@414b332fsZQvEUsfzKJIo-q2_ZH0hg -Description: - Exec in Linux kernel 2.6 does not properly clear posix-timers in - multi-threaded environments, which results in a resource leak and - could allow a large number of multiple local users to cause a denial - of service by using more posix-timers than specified by the quota for - a single user. -Bugs: -upstream: released (2.6.9) -2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-exec-posix-timers-leak-1.dpatch] -2.4.27-sarge-security: N/A -linux-2.6: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3272 b/patch-tracking/retired/CVE-2005-3272 deleted file mode 100644 index 62faaf83b..000000000 --- a/patch-tracking/retired/CVE-2005-3272 +++ /dev/null @@ -1,20 +0,0 @@ -Candidate: CVE-2005-3272 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3272 - CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3097.18.19?nav=index.html|src/|src/net|src/net/bridge|related/net/bridge/br_input.c -Description: - Linux kernel before 2.6.12 allows remote attackers to poison the - bridge forwarding table using frames that have already been dropped by - filtering, which can cause the bridge to forward spoofed packets. -Bugs: -upstream: released (2.6.12) -2.6.8-sarge-security: released (2.6.8-16sarge1) [net-bridge-forwarding-poison-1.dpatch, net-bridge-mangle-oops-1.dpatch, net-bridge-mangle-oops-2.dpatch] -2.4.27-sarge-security: N/A -linux-2.6: released (2.6.12-1) -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3273 b/patch-tracking/retired/CVE-2005-3273 deleted file mode 100644 index 7226e3d86..000000000 --- a/patch-tracking/retired/CVE-2005-3273 +++ /dev/null @@ -1,22 +0,0 @@ -Candidate: CVE-2005-3273 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3273 - CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/net/rose/rose_route.c@1.16?nav=index.html|src/|src/net|src/net/rose|related/net/rose/rose_route.c|cset@1.2009.1.46 - CONFIRM:http://lkml.org/lkml/2005/5/23/169 -Description: - The rose_rt_ioctl function in rose_route.c for ROSE in Linux 2.6 - kernels prior to 2.6.12 does not properly verify the ndigis argument - for a new route, which allows attackers to trigger array out-of-bounds - errors with a large number of digipeats. -Bugs: -upstream: released (2.6.12) -2.6.8-sarge-security: released (2.6.8-16sarge1) [net-rose-ndigis-verify.dpatch] -2.4.27-sarge-security: N/A -linux-2.6: released (2.6.12-1) -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3274 b/patch-tracking/retired/CVE-2005-3274 deleted file mode 100644 index 46e16aab9..000000000 --- a/patch-tracking/retired/CVE-2005-3274 +++ /dev/null @@ -1,24 +0,0 @@ -Candidate: CVE-2005-3274 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3274 - CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=e684f066dff5628bb61ad1912de6e8058b5b4c7d - CONFIRM:http://lkml.org/lkml/2005/6/23/249 - CONFIRM:http://lkml.org/lkml/2005/6/24/173 -Description: - Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 - before 2.4.32-pre2, when running on SMP systems, allows local users to - cause a denial of service (null dereference) by causing a connection - timer to expire while the connection table is being flushed before the - appropriate lock is acquired. -Bugs: -upstream: released (2.6.13, 2.4.32-pre2) -linux-2.6: released (2.6.13-1) -2.6.8-sarge-security: released (2.6.8-16sarge1) [net-ipv4-ipvs-conn_tab-race.dpatch] -2.4.27-sarge-security: released (2.4.27-10sarge1) -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3275 b/patch-tracking/retired/CVE-2005-3275 deleted file mode 100644 index 9fc10e886..000000000 --- a/patch-tracking/retired/CVE-2005-3275 +++ /dev/null @@ -1,23 +0,0 @@ -Candidate: CVE-2005-3275 -References: - URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275 - CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3596.79.34?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_proto_udp.c -Description: - The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in - Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly - declares a variable to be static, which allows remote attackers to - cause a denial of service (memory corruption) by causing two packets - for the same protocol to be NATed at the same time, which leads to - memory corruption. -Bugs: -upstream: released (2.6.12.3) -2.6.8-sarge-security: released (2.6.8-16sarge1) [netfilter-NAT-memory-corruption.dpatch] -2.4.27-sarge-security: released (2.4.27-10sarge1) [174_net-ipv4-netfilter-nat-mem.diff] -linux-2.6: released (2.6.12-1) -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3276 b/patch-tracking/retired/CVE-2005-3276 deleted file mode 100644 index 56a01b840..000000000 --- a/patch-tracking/retired/CVE-2005-3276 +++ /dev/null @@ -1,21 +0,0 @@ -Candidate: CVE-2005-3276 -References: - CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3700.4.106?nav=index.html|src/|src/arch|src/arch/i386|src/arch/i386/kernel|related/arch/i386/kernel/process.c - CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=71ae18ec690953e9ba7107c7cc44589c2cc0d9f1 - URL:http://lkml.org/lkml/2005/8/3/36 -Description: - The sys_get_thread_area function in Linux 2.6 kernels prior to 2.6.12.4 and - 2.6.13 does not entirely clear a user_desc structure before copying it - to userspace, resulting in a small information leak. -Bugs: -upstream: released (2.6.12.4) -linux-2.6: released (2.6.12-2) -2.6.8-sarge-security: released (2.6.8-16sarge1) [sys_get_thread_area-leak.dpatch] -2.4.27-sarge-security: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3356 b/patch-tracking/retired/CVE-2005-3356 deleted file mode 100644 index 4da47902a..000000000 --- a/patch-tracking/retired/CVE-2005-3356 +++ /dev/null @@ -1,34 +0,0 @@ -Candidate: CVE-2005-3356 -References: - http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=7c7dce9209161eb260cdf9e9172f72c3a02379e6h+p=12dbf3fc4d06d2c0c4c44dc0612df04248b3cfd3 -Description: - [PATCH] Fix double decrement of mqueue_mnt->mnt_count in sys_mq_open - . - Fixed the refcounting on failure exits in sys_mq_open() and - cleaned the logics up. Rules are actually pretty simple - dentry_open() - expects vfsmount and dentry to be pinned down and it either transfers - them into created struct file or drops them. Old code had been very - confused in that area - if dentry_open() had failed either in do_open() - or do_create(), we ended up dentry and mqueue_mnt dropped twice, once - by dentry_open() cleanup and then by sys_mq_open(). - . - Fix consists of making the rules for do_create() and do_open() - same as for dentry_open() and updating the sys_mq_open() accordingly; - that actually leads to more straightforward code and less work on - normal path. - . - Signed-off-by: Al Viro - Signed-off-by: Linus Torvalds -Notes: - jmm> Discovered by Doug Chapman -Bugs: -upstream: released (2.6.15.2) -linux-2.6: released (2.6.15-4) -2.6.8-sarge-security: released (2.6.8-16sarge2) -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2005-3358 b/patch-tracking/retired/CVE-2005-3358 deleted file mode 100644 index bcb2ae93a..000000000 --- a/patch-tracking/retired/CVE-2005-3358 +++ /dev/null @@ -1,22 +0,0 @@ -Candidate: CVE-2005-3358 -References: - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175683 -Description: - Linux kernel 2.6.x, possibly before 2.6.11, allows local users to - cause a denial of service (panic) via a set_mempolicy call with a - 0 bitmask, which causes a panic when a page fault occurs. -Notes: - jmm> This was initially believed to be fixed as of 2.6.11, but this - jmm> turned out to be wrong. -Bugs: -upstream: released (2.6.15) -linux-2.6: released (2.6.15-1) -2.6.8-sarge-security: released (2.6.8-16sarge2) [mempolicy-undefined-nodes.dpatch] -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2005-3359 b/patch-tracking/retired/CVE-2005-3359 deleted file mode 100644 index 54534cbd1..000000000 --- a/patch-tracking/retired/CVE-2005-3359 +++ /dev/null @@ -1,35 +0,0 @@ -Candidate: CVE-2005-3359 -References: - http://linux.bkbits.net:8080/linux-2.6/cset@4339c66aLroC1_zunYKhEIbtIWrnwg - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175769 - http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a79af59efd20990473d579b1d8d70bb120f0920c - CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4339c66aLroC1_zunYKhEIbtIWrnwg - CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175769 - UBUNTU:USN-263-1 - URL:http://www.ubuntulinux.org/support/documentation/usn/usn-263-1 - BID:17078 - URL:http://www.securityfocus.com/bid/17078 - SECUNIA:19220 - URL:http://secunia.com/advisories/19220 -Description: - The atm module in Linux kernel 2.6 before 2.6.14 allows local users to cause a - denial of service (panic) via certain socket calls that produce inconsistent - reference counts for loadable protocol modules. -Notes: - dannf> Easily reproduced on 2.6.8, not reproducible on 2.4.27, so marking - dannf> 2.4 N/A - . - dannf> Note that atm is marked experimental in 2.6.8, and is not built - dannf> as a module on i386, amd64 or ia64 - but of course users could - dannf> build their own kernels, and this isn't atm specific -Bugs: -upstream: released (2.6.14) -linux-2.6: released (2.6.14-1) -2.6.8-sarge-security: released (2.6.8-16sarge3) -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2005-3623 b/patch-tracking/retired/CVE-2005-3623 deleted file mode 100644 index 928c8ebd9..000000000 --- a/patch-tracking/retired/CVE-2005-3623 +++ /dev/null @@ -1,21 +0,0 @@ -Candidate: CVE-2005-3623 -References: - http://permalink.gmane.org/gmane.linux.kernel/360868 -Description: - We must check for MAY_SATTR before setting acls, which includes - checking for read-only exports: the lower-level setxattr operation - that eventually sets the acl cannot check export-level restrictions. -Notes: - jmm> NFS ACLs were only introduced somewhere between 2.6.12-2.6.14, so - jmm> Sarge and Woody are not vulnerable -Bugs: -upstream: released (2.6.14.5), released (2.6.15-pre7) -linux-2.6: released (2.6.14-7) -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2005-3783 b/patch-tracking/retired/CVE-2005-3783 deleted file mode 100644 index 5edfb1da8..000000000 --- a/patch-tracking/retired/CVE-2005-3783 +++ /dev/null @@ -1,22 +0,0 @@ -Candidate: CVE-2005-3783 -References: - http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=commit;h=082d52c56f642d21b771a13221068d40915a1409 - http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=blobdiff;h=fcfc4568b45f3f190ba320b0d5853836921cb8bc;hp=019e04ec065a55d8f28157d3a1f7ba06cafd347f;hb=082d52c56f642d21b771a13221068d40915a1409;f=kernel/ptrace.c -Description: - The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14.2, - using CLONE_THREAD, does not use the thread group ID to check whether it - is attaching to itself, which allows local users to cause a denial of - service (crash). -Notes: -Bugs: -upstream: released (2.4.33-pre1, 2.6.14.2) -linux-2.6: released (2.6.14-3) -2.6.8-sarge-security: released (2.6.8-16sarge2) [ptrace-fix_self-attach_rule.dpatch] -2.4.27-sarge-security: released (2.4.27-10sarge2) [201_ptrace-fix_self-attach_rule.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3784 b/patch-tracking/retired/CVE-2005-3784 deleted file mode 100644 index ecaa8893e..000000000 --- a/patch-tracking/retired/CVE-2005-3784 +++ /dev/null @@ -1,21 +0,0 @@ -Candidate: CVE-2005-3784 -References: - http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ed0175a462c4c30f6df6fac1cccac058f997739 -Description: - The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 includes processes - with ptrace attached,which leads to a dangling ptrace reference and allows local users - to cause a denial of service (crash). -Notes: - jmm,horms> 2.4 code seems very different and not vulnerable -Bugs: -upstream: released (2.6.15) -linux-2.6: released (2.6.15-1) -2.6.8-sarge-security: released (2.6.8-16sarge2) [kernel-dont-reap-traced.dpatch] -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2005-3805 b/patch-tracking/retired/CVE-2005-3805 deleted file mode 100644 index dee7bc66c..000000000 --- a/patch-tracking/retired/CVE-2005-3805 +++ /dev/null @@ -1,22 +0,0 @@ -Candidate: CVE-2005-3805 -References: - http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=25f407f0b668f5e4ebd5d13e1fb4306ba6427ead -Description: - A locking problem in POSIX timer cleanup handling on exit in Linux kernel - 2.6.10 to 2.6.14, when running on SMP systems, allows local users to cause - a denial of service (deadlock) involving process CPU timers. -Notes: - The referenced patch was actually added in 2.6.14, so I think the vulnerable - versions listed in the description are wrong. -Bugs: -upstream: released (2.6.14) -linux-2.6: released (2.6.14-1) -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: N/A diff --git a/patch-tracking/retired/CVE-2005-3806 b/patch-tracking/retired/CVE-2005-3806 deleted file mode 100644 index de1ca2187..000000000 --- a/patch-tracking/retired/CVE-2005-3806 +++ /dev/null @@ -1,23 +0,0 @@ -Candidate: CVE-2005-3806 -References: - http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ea6a8046bb49d43c950898f0cb4e1994ef6c89d - http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=bbbe80cdaf72a75a463aff9551e60b31e2f69061;hp=f841bde30c18493a94fd5d522b84724a8eb82a4a;hb=4ea6a8046bb49d43c950898f0cb4e1994ef6c89d;f=net/ipv6/ip6_flowlabel.c -Description: - The IPv6 flowlabel handling code (ip6_flowlabel.c) in Linux kernels - 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in - certain circumstances, which allows local users to corrupt kernel memory - or cause a denial of service (crash) by triggering a free of non-allocated - memory. -Notes: -Bugs: -upstream: released (2.6.14) -linux-2.6: released (2.6.14-1) -2.6.8-sarge-security: released (2.6.8-16sarge2) [net-ipv6-flowlabel-refcnt.dpatch] -2.4.27-sarge-security: released (2.4.27-10sarge2) [net-ipv6-flowlabel-refcnt.dpatch] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3807 b/patch-tracking/retired/CVE-2005-3807 deleted file mode 100644 index 28c164ba4..000000000 --- a/patch-tracking/retired/CVE-2005-3807 +++ /dev/null @@ -1,24 +0,0 @@ -Candidate: CVE-2005-3807 -References: - CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dc15ae14e97ee9d5ed740cbb0b94996076d8b37e -Description: - [PATCH] VFS: Fix memory leak with file leases - . - Memory leak in the VFS file lease handling in locks.c in Linux kernels - 2.6.10 to 2.6.15 allows local users to cause a denial of service - (memory exhaustion) via certain Samba activities that cause an fasync - entry to be re-allocated by the fcntl_setlease function after the - fasync queue has already -Notes: -Bugs: -upstream: released (2.6.14.3) -linux-2.6: released (2.6.14-4) -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3808 b/patch-tracking/retired/CVE-2005-3808 deleted file mode 100644 index 47f74a1da..000000000 --- a/patch-tracking/retired/CVE-2005-3808 +++ /dev/null @@ -1,19 +0,0 @@ -Candidate: CVE-2005-3808 -References: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=479ef592f3664dd629417098c8599261c0f689ab -Description: - Fix a 32 bit integer overflow in invalidate_inode_pages2_range. Local DoS -Notes: - horms> I don't see any evidence of this on 2.6.8 or 2.4.27 - I didn't check the woody kernels, but it seems very unlikely it is there -Bugs: -upstream: released (2.6.14.4) -linux-2.6: released (2.6.14-4) -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3809 b/patch-tracking/retired/CVE-2005-3809 deleted file mode 100644 index 93e4f5db6..000000000 --- a/patch-tracking/retired/CVE-2005-3809 +++ /dev/null @@ -1,16 +0,0 @@ -Candidate: CVE-2005-3809 -References: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=51df784ed739246a3774b300e5f536e17bec36ed -Description: -Notes: -Bugs: -upstream: released (2.6.15-rc1, 2.6.14.3) -linux-2.6: pending (2.6.14-4) -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3810 b/patch-tracking/retired/CVE-2005-3810 deleted file mode 100644 index 786a92354..000000000 --- a/patch-tracking/retired/CVE-2005-3810 +++ /dev/null @@ -1,20 +0,0 @@ -Candidate: CVE-2005-3810 -References: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=439a9994bb6ae3c7cab1f0b776bca6bc7aa58a11 -Description: - [NETFILTER] ctnetlink: Fix oops when no ICMP ID info in message - . - This patch fixes an userspace triggered oops. If there is no ICMP_ID - info the reference to attr will be NULL. -Notes: -Bugs: -upstream: released (2.6.15-rc1, 2.6.14.3) -linux-2.6: released (2.6.14-4) -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3847 b/patch-tracking/retired/CVE-2005-3847 deleted file mode 100644 index 84af9587b..000000000 --- a/patch-tracking/retired/CVE-2005-3847 +++ /dev/null @@ -1,30 +0,0 @@ -Candidate: CVE-2005-3847 -References: - CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dd12f48d4e8774415b528d3991ae47c28f26e1ac;hp=ade6648b3b11a5d81f6f28135193ab6d85d621db - MISC:http://groups.google.com/group/linux.kernel/browse_thread/thread/74683bcc8dbf0df3/bf540370894d3de0%23bf540370894d3de0?sa=X&oi=groupsr&start=0&num=3 - MISC:http://svn.debian.org/wsvn/kernel/dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/nptl-signal-delivery-deadlock-fix.dpatch?op=file&rev=4458&sc=0 -Description: - Bhavesh P. Davda reported a race condition that exists in Linux 2.6 kernels prior to - 2.6.13 and 2.6.12.6. A deadlock can occur when a SIGKILL signal is sent to a real-time - threaded process that is dumping core, which can be used by a local user to initiate - a denial of service attack. -Notes: - handle_stop_signal() in 2.4 looks significantly different, and since this bug - is associated with NPTL, I don't think we need to worry about in 2.4. - CVE description is actually as follows: - signal.c in Linux kernel before 2.6.13 and 2.6.12.6 and earlier allows - local users to cause a denial of service (deadlock) by sending a - SIGKILL to a real-time threaded process while it is performing a core - dump. -Bug: -upstream: released (2.6.12.6, 2.6.13) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-16sarge2) [nptl-signal-delivery-deadlock-fix.dpatch] -2.4.27-sarge-security: N/A -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3848 b/patch-tracking/retired/CVE-2005-3848 deleted file mode 100644 index 13cb13981..000000000 --- a/patch-tracking/retired/CVE-2005-3848 +++ /dev/null @@ -1,32 +0,0 @@ -Candidate: CVE-2005-3848 -References: - CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb94c62c252796f42bb83fe40960d12f3ea5a82a - MISC:http://lkml.org/lkml/2005/8/26/173 -Description: - Ollie Wild discovered a leak in the icmp_push_reply() function in Linux 2.6, - in which an ignored error returned by ip_append_data() would result in the - route and net_device not being freed. A malicious remote user could exploit - this in order to initiate a denial of service attack. This issue was fixed - in Linux 2.6.12.6 and 2.6.13. -Notes: - This code looks completely different in 2.4; neither ip_append_data() (the - function that returns an error) nor icmp_push_reply() (the function that fails - to check this error) exist. So, I'm marking 2.4 as unaffected. - Actual CVE description: - Memory leak in the icmp_push_reply function in Linux 2.6 before - 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of - service (memory consumption) via a large number of crafted packets - that cause the ip_append_data function to fail, aka "DST leak in - icmp_push_reply." -upstream: released (2.6.12.6, 2.6.13) -2.6.8-sarge-security: released (2.6.8-16sarge2) [fix-dst-leak-in-icmp_push_reply.dpatch] -2.4.27-sid/sarge: released (2.4.27-12) [188_fix-dst-leak-in-icmp_push_reply.diff] -2.4.27-sarge-security: released (2.4.27-10sarge2) [188_fix-dst-leak-in-icmp_push_reply.diff] -linux-2.6: -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3857 b/patch-tracking/retired/CVE-2005-3857 deleted file mode 100644 index 414ec8fbc..000000000 --- a/patch-tracking/retired/CVE-2005-3857 +++ /dev/null @@ -1,24 +0,0 @@ -Candidate: CVE-2005-3857 -References: - CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3a9388e4ebea57583272007311fffa26ebbb305 -Description: - [PATCH] VFS: local denial-of-service with file leases - . - The time_out_leases function in locks.c for Linux kernel before 2.6.15 - allows local users to cause a denial of service (kernel log message - consumption) by causing a large number of broken leases, which is - recorded to the log using the printk function. -Notes: - Sent for inclusion in 2.4.33 -Bugs: -upstream: released (2.6.15-rc2), needed (2.6.33) -linux-2.6: released (2.6.14+2.6.15-rc5-0experimental.1) -2.6.8-sarge-security: released (2.6.8-16sarge2) -2.4.27-sarge-security: released (2.4.27-10sarge2) -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-3858 b/patch-tracking/retired/CVE-2005-3858 deleted file mode 100644 index 0da7beedf..000000000 --- a/patch-tracking/retired/CVE-2005-3858 +++ /dev/null @@ -1,24 +0,0 @@ -Candidate: CVE-2005-3858 -References: - CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=f982542ed2f495cbe94e6d9001878f27ea738b36 - MISC:http://lkml.org/lkml/2005/8/26/175 -Description: - ip6_input_finish() contains a memory leak in Linux kernels prior to - 2.6.12.6 and 2.6.13. This could potentially be used to trigger a remote - denial of service (DoS) attack. -Notes: - dannf> Though the code in 2.4 is quite different, it looks to me like the - dannf> 2.4 code could be vulnerable. -Bugs: -upstream: released (2.6.12.6, 2.6.13) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-16sarge2) -2.4.27-sarge-security: released (2.4.27-10sarge2) [189_ipv6-skb-leak.diff] -2.4.27-sid: released (2.4.27-12) [189_ipv6-skb-leak.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: diff --git a/patch-tracking/retired/CVE-2005-4351 b/patch-tracking/retired/CVE-2005-4351 deleted file mode 100644 index 63dec1f56..000000000 --- a/patch-tracking/retired/CVE-2005-4351 +++ /dev/null @@ -1,23 +0,0 @@ -Candidate: CVE-2005-4351 -References: - http://www.redteam-pentesting.de/advisories/rt-sa-2005-15.txt -Description: - The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, - DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass - immutable settings for files by mounting another filesystem that masks the - immutable files while the system is running. -Notes: - jmm> This affects the LSM module for BSD secure levels, not included in 2.4 and - jmm> 2.6.8 - jmm> To be removed in 2.6.18 or 2.6.19 -Bugs: -upstream: -linux-2.6: -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2005-4352 b/patch-tracking/retired/CVE-2005-4352 deleted file mode 100644 index 5ac5c560e..000000000 --- a/patch-tracking/retired/CVE-2005-4352 +++ /dev/null @@ -1,24 +0,0 @@ -Candidate: CVE-2005-4352 -References: - http://www.redteam-pentesting.de/advisories/rt-sa-2005-16.txt -Description: - The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 - and earlier, allows local users to bypass time setting restrictions and set - the clock backwards by setting the clock ahead to the maximum unixtime value - (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), - which can then be set ahead to the desired time, aka "settimeofday() time wrap." -Notes: - jmm> This affects the LSM module for BSD secure levels, not included in 2.6.8 - jmm> and 2.4.27 - jmm> To be removed in 2.6.18 or 2.6.19 -Bugs: -upstream: -linux-2.6: -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2005-4605 b/patch-tracking/retired/CVE-2005-4605 deleted file mode 100644 index e6f755755..000000000 --- a/patch-tracking/retired/CVE-2005-4605 +++ /dev/null @@ -1,25 +0,0 @@ -Candidate: CVE-2005-4605 -References: - http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8b90db0df7187a01fb7177f1f812123138f562cf - http://marc.theaimsgroup.com/?l=full-disclosure&m=113535380422339&w=2 - http://linux.bkbits.net:8080/linux-2.6/gnupatch@43b562ae6hJGLWZA4TNf2k-RzXnVlQ -Description: - The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions - before 2.6.15 allows attackers to read sensitive kernel memory via - unspecified vectors in which a signed value is added to an unsigned - value. -Notes: - jmm> 2.4 not affected as proc_file_lseek() contains a check for this - jmm> if (offset>=0 && (unsigned long long)offset<=file->f_dentry->d_inode->i_sb->s_maxbytes) { - jmm> Discovered by Karl Janmar -Bugs: -upstream: released (2.6.15), released (2.6.14.6) -linux-2.6: released (2.6.15-1) -2.6.8-sarge-security: released (2.6.8-16sarge2) [proc-legacy-loff-underflow.dpatch] -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2005-4618 b/patch-tracking/retired/CVE-2005-4618 deleted file mode 100644 index c4e87ac69..000000000 --- a/patch-tracking/retired/CVE-2005-4618 +++ /dev/null @@ -1,22 +0,0 @@ -Candidate: CVE-2005-4618 -References: - http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15 - http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8febdd85adaa41fa1fc1cb31286210fc2cd3ed0c -Description: - Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows - local users to cause a denial of service and possibly execute arbitrary - code via a long string, which causes sysctl to write a zero byte outside - the buffer. -Notes: - jmm> Discovered by Yi Ying -Bugs: -upstream: released (2.6.15) -linux-2.6: released (2.6.15-1) -2.6.8-sarge-security: released (2.6.8-16sarge2) -2.4.27-sarge-security: released (2.4.27-10sarge2) -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: diff --git a/patch-tracking/retired/CVE-2005-4635 b/patch-tracking/retired/CVE-2005-4635 deleted file mode 100644 index f0696f608..000000000 --- a/patch-tracking/retired/CVE-2005-4635 +++ /dev/null @@ -1,29 +0,0 @@ -Candidate: CVE-2005-4635 -References: - MISC:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ea86575eaf99a9262a969309d934318028dbfacb - CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15 - BID:16139 - URL:http://www.securityfocus.com/bid/16139 - FRSIRT:ADV-2006-0035 - URL:http://www.frsirt.com/english/advisories/2006/0035 - SECUNIA:18216 - URL:http://secunia.com/advisories/18216 -Description: - The nl_fib_input function in fib_frontend.c in the Linux kernel before 2.6.15 - does not check for valid lengths of the header and payload, which allows - remote attackers to cause a denial of service (invalid memory reference) via - malformed fib_lookup netlink messages. -Notes: - dannf> Well, I don't know how it could be exploited by an unpriveleged user - dannf> but I don't think we need to worry about it. The vulnerable function - dannf> wasn't added until after 2.6.12, and is already fixed in 2.6.15. -Bugs: -upstream: released (2.6.15) -linux-2.6: released (2.6.15-1) -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2005-4639 b/patch-tracking/retired/CVE-2005-4639 deleted file mode 100644 index 1fb9348bb..000000000 --- a/patch-tracking/retired/CVE-2005-4639 +++ /dev/null @@ -1,25 +0,0 @@ -Candidate: CVE-2005-4639 -References: - CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15 - URL:http://www.securityfocus.com/bid/16142 - URL:http://www.frsirt.com/english/advisories/2006/0035 - URL:http://secunia.com/advisories/18216 -Description: - Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST Frontend/ - Card in Linux kernel 2.6.12 and other versions before 2.6.15 allows - local users to cause a denial of service (crash) and possibly execute - arbitrary code by "reading more than 8 bytes into an 8 byte long array". -Notes: - jmm> Discovered by Perceval Anichini - dannf> Driver wasn't added till after 2.6.8 -Bugs: -upstream: released (2.6.15) -linux-2.6: released (2.6.15-1) -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-0035 b/patch-tracking/retired/CVE-2006-0035 deleted file mode 100644 index fbcdac979..000000000 --- a/patch-tracking/retired/CVE-2006-0035 +++ /dev/null @@ -1,19 +0,0 @@ -Candidate: CVE-2006-0035 -References: - http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad8e4b75c8a7bed475d72ce09bf5267188621961 -Description: - Sanity check nlmsg_len during netlink_rcv_skb. An nlmsg_len == 0 can cause - infinite loop in kernel, effectively DoSing machine. Noted by Matin Murray. -Notes: - dannf> The vulnerable code doesn't exist in <= 2.6.8 -Bugs: -upstream: released (2.6.15.1) -linux-2.6: released (2.6.15-3) -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-0036 b/patch-tracking/retired/CVE-2006-0036 deleted file mode 100644 index 0f8115357..000000000 --- a/patch-tracking/retired/CVE-2006-0036 +++ /dev/null @@ -1,21 +0,0 @@ -Candidate: CVE-2006-0036 -References: - http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=15db34702cfafd24acc60295cf14861e4975\02ab -Description: - When an inbound PPTP_IN_CALL_REQUEST packet is received the - PPTP NAT helper uses a NULL pointer in pointer arithmentic to - calculate the offset in the packet which needs to be mangled - and corrupts random memory or crashes. -Notes: - jmm> This is not included in 2.4 and 2.6.8 -Bugs: -upstream: released (2.6.15.1) -linux-2.6: released (2.6.15-3) -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-0037 b/patch-tracking/retired/CVE-2006-0037 deleted file mode 100644 index b9e978432..000000000 --- a/patch-tracking/retired/CVE-2006-0037 +++ /dev/null @@ -1,21 +0,0 @@ -Candidate: CVE-2006-0037 -References: http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=03b9feca89366952ae5dfe4ad8107b1ece50b710 -Description: - The PPTP NAT helper calculates the offset at which the packet needs - to be mangled as difference between two pointers to the header. With - non-linear skbs however the pointers may point to two seperate buffers - on the stack and the calculation results in a wrong offset beeing - used. -Notes: - jmm> The vulnerable code isn't present in 2.4 and 2.6.8 -Bugs: -upstream: released (2.6.15.1) -linux-2.6: released (2.6.15-3) -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-0038 b/patch-tracking/retired/CVE-2006-0038 deleted file mode 100644 index 504f0c1dc..000000000 --- a/patch-tracking/retired/CVE-2006-0038 +++ /dev/null @@ -1,22 +0,0 @@ -Candidate: CVE-2006-0038 -References: - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=186295 - http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ee4bb818ae35f68d1f848eae0a7b150a38eb4168 -Description: - Integer overflow in the do_replace function in netfilter for Linux - before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ, - allows local users with CAP_NET_ADMIN rights to cause a buffer overflow - in the copy_from_user function. -Notes: - dannf> Submitted to Marcelo for 2.4 -Bugs: -upstream: released (2.6.16-rc3) -linux-2.6: released (2.6.16-1) -2.6.8-sarge-security: released (2.6.8-16sarge3) [netfilter-do_replace-overflow.dpatch] -2.4.27-sarge-security: released (2.4.27-10sarge3) [221_netfilter-do_replace-overflow.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: diff --git a/patch-tracking/retired/CVE-2006-0039 b/patch-tracking/retired/CVE-2006-0039 deleted file mode 100644 index 895971721..000000000 --- a/patch-tracking/retired/CVE-2006-0039 +++ /dev/null @@ -1,13 +0,0 @@ -Candidate: CVE-2006-0039 -References: - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698 -Description: netfilter do_add_counters race -Notes: - jmm> Only exploitable with CAP_NET_ADMIN privilege - jmm> exposure is leakage of sensitive information - dannf> Submitted to Marcelo for 2.4 -Bugs: -upstream: released (2.6.16.17) -linux-2.6: released (2.6.16-14) -2.6.8-sarge-security: released (2.6.8-16sarge3) -2.4.27-sarge-security: released (2.4.27-10sarge3) diff --git a/patch-tracking/retired/CVE-2006-0095 b/patch-tracking/retired/CVE-2006-0095 deleted file mode 100644 index 44fc3af17..000000000 --- a/patch-tracking/retired/CVE-2006-0095 +++ /dev/null @@ -1,22 +0,0 @@ -Candidate: CVE-2006-0095 -References: - http://article.gmane.org/gmane.linux.kernel/363528/match=dm+crypt -Description: - dm-crypt does not clear struct crypt_config before freeing it. Thus, - information on the key could leak f.e. to a swsusp image even after the - encrypted device has been removed. The attached patch against 2.6.14 / - 2.6.15 fixes it. -Notes: - jhorms> 2.4 not affected as dm-crypt doesn't seem to exist - jmm> Discovered by Stefan Rompf -Bugs: -upstream: released (2.6.16-rc1) -linux-2.6: released (2.6.16-1) -2.6.8-sarge-security: released (2.6.8-16sarge2) [dm-crypt-zero-key.dpatch] -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-0096 b/patch-tracking/retired/CVE-2006-0096 deleted file mode 100644 index d3adfd460..000000000 --- a/patch-tracking/retired/CVE-2006-0096 +++ /dev/null @@ -1,34 +0,0 @@ -Candidate: CVE-2006-0096 -References: -http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=0f1d4813a4a65296e1131f320a60741732bc068f -http://linux.bkbits.net:8080/linux-2.4/cset@1.1448.91.23?nav=index.html|src/|src/drivers|src/drivers/net|src/drivers/net/wan|related/drivers/net/wan/sdla.c -Description: -Notes: - jmm> This was accidentally released as a fix for CVE-2004-2607 in 2.4.27-8: - jmm> - jmm> diff -Nru a/drivers/net/wan/sdla.c b/drivers/net/wan/sdla.c - jmm> --- a/drivers/net/wan/sdla.c 2005-01-13 08:41:42 -08:00 - jmm> +++ b/drivers/net/wan/sdla.c 2005-01-13 08:41:42 -08:00 - jmm> @@ -1300,6 +1300,8 @@ - jmm> - jmm> case SDLA_WRITEMEM: - jmm> case SDLA_READMEM: - jmm> + if(!capable(CAP_SYS_RAWIO)) - jmm> + return -EPERM; - jmm> return(sdla_xfer(dev, (struct sdla_mem *)ifr->ifr_data, cmd == SDLA_READMEM)); - jmm> - jmm> case SDLA_START: - horms> I only see reference to CVE-2004-2607 in patch-tracking, - horms> not in the changelog for 2.4.27-8, so I don't think the first line - horms> of the statement above is correct -Bugs: -upstream: released (2.6.11), fixed (2.4.29) -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-16sarge2) [net-sdla-coverty.dpatch] -2.4.27-sarge-security: released (2.4.27-8) [129_net_sdla_coverty.diff] -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: diff --git a/patch-tracking/retired/CVE-2006-0456 b/patch-tracking/retired/CVE-2006-0456 deleted file mode 100644 index b164ee1a0..000000000 --- a/patch-tracking/retired/CVE-2006-0456 +++ /dev/null @@ -1,20 +0,0 @@ -Candidate: CVE-2006-0456 -References: - http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=331c46591414f7f92b1cec048009abe89892ee79 -Description: - strnlen_user() on s390 and s390x does not return a value greater than - maxlen if the string is looking at is longer than maxlen; instead it - returns maxlen. -Notes: - jmm> 2.4 doesn't have an assembly version -Bugs: -upstream: released (2.6.16) -linux-2.6: released (2.6.16-1) -2.6.8-sarge-security: released (2.6.8-16sarge3) -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-0457 b/patch-tracking/retired/CVE-2006-0457 deleted file mode 100644 index e413d34eb..000000000 --- a/patch-tracking/retired/CVE-2006-0457 +++ /dev/null @@ -1,31 +0,0 @@ -Candidate: CVE-2006-0457 -References: - http://linux.bkbits.net:8080/linux-2.6/cset@43e385c7rMAIqryXIl7lGGdWgZ1Ivg - MANDRIVA:MDKSA-2006:059 - URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:059 - UBUNTU:USN-263-1 - URL:http://www.ubuntulinux.org/support/documentation/usn/usn-263-1 - BID:17084 - URL:http://www.securityfocus.com/bid/17084 - OSVDB:23894 - URL:http://www.osvdb.org/23894 - SECUNIA:19220 - URL:http://secunia.com/advisories/19220 -Description: - Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions - in Linux kernel 2.6.x allows local users to cause a denial of service (crash) - or read sensitive kernel memory by modifying the length of a string argument - between the time that the kernel calculates the length and when it copies the - data into kernel memory. -Notes: -Bugs: -upstream: released (2.6.10) -linux-2.6: released (2.6.10-1) -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-0482 b/patch-tracking/retired/CVE-2006-0482 deleted file mode 100644 index 471004487..000000000 --- a/patch-tracking/retired/CVE-2006-0482 +++ /dev/null @@ -1,21 +0,0 @@ -Candidate: CVE-2006-0482 -References: http://lists.debian.org/debian-sparc/2006/01/msg00129.html - http://marc.theaimsgroup.com/?t=113861017400002&r=1&w=2 - http://marc.theaimsgroup.com/?l=linux-sparc&m=113861287813463&w=2 -Description: date -s run as a normal user hangs machine on sparc64 -Notes: - Jurij Smakov> sparc32 would be tricky to test and i don't know about 2.4.27 - dannf> Code isn't present in 2.4, and Jurij couldn't reproduce it there - dannf> I can't reproduce on sparc32, which makes sense because the bug is - dannf> in sparc64 32-bit compat code -Bugs: -upstream: pending (2.6.16-rc2) -linux-2.6: pending (2.6.16-4) [sparc64-clock-settime.patch] -2.6.8-sarge-security: released (2.6.8-16sarge2) [sparc64-clock-settime.dpatch] -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-0554 b/patch-tracking/retired/CVE-2006-0554 deleted file mode 100644 index d6117ab63..000000000 --- a/patch-tracking/retired/CVE-2006-0554 +++ /dev/null @@ -1,18 +0,0 @@ -Candidate: CVE-2006-0554 -References: - http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5 -Description: - Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitive - information via a crafted XFS ftruncate call, which may return stale data. -Notes: -Bugs: -upstream: released (2.6.15.5) -linux-2.6: released (2.6.15-8) -2.6.8-sarge-security: released (2.6.8-16sarge3) -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-0555 b/patch-tracking/retired/CVE-2006-0555 deleted file mode 100644 index 1d38a731e..000000000 --- a/patch-tracking/retired/CVE-2006-0555 +++ /dev/null @@ -1,19 +0,0 @@ -Candidate: CVE-2006-0555 -References: - http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5 -Description: - The Linux Kernel before 2.6.15.5 allows local users to cause a denial of - service (NFS client panic) via unknown attack vectors related to the use of - O_DIRECT (direct I/O). -Notes: UBUNTU:USN-263-1 -Bugs: -upstream: released (2.6.15.5) -linux-2.6: released (2.6.15-8) -2.6.8-sarge-security: released (2.6.8-16sarge3) -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-0557 b/patch-tracking/retired/CVE-2006-0557 deleted file mode 100644 index 07b4435a2..000000000 --- a/patch-tracking/retired/CVE-2006-0557 +++ /dev/null @@ -1,20 +0,0 @@ -Candidate: CVE-2006-0557 -References: - http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=636f13c174dd7c84a437d3c3e8fa66f03f7fda63 - http://www.securityfocus.com/bid/16924 -Description: - Local DoS in mempolicy code; certain maxnodes values cause a crash. -Notes: - Fixed in git on Feb 17, dunno about 2.6.15.x - dannf> mempolicy.c doesn't exist in 2.4, marking N/A -Bugs: -upstream: released (2.6.16-rc4) -linux-2.6: released (2.6.16-1) -2.6.8-sarge-security: released (2.6.8-16sarge3) -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-0741 b/patch-tracking/retired/CVE-2006-0741 deleted file mode 100644 index 0fcd6859b..000000000 --- a/patch-tracking/retired/CVE-2006-0741 +++ /dev/null @@ -1,20 +0,0 @@ -Candidate: CVE-2006-0741 -References: -Description: - Fixes a local DOS on Intel systems that lead to an endless -recursive fault. AMD machines don't seem to be affected. -Notes: - 2.6: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5342fba5412cead88b61ead07168615dbeba1ee3 - . - This is amd64-specific (em64t in particular), so we could ignore it for 2.4 -Bugs: -upstream: released (2.6.15.5) -linux-2.6: released (2.6.15-8) -2.6.8-sarge-security: released (2.6.8-16sarge3) [binfmt-bad-elf-entry-address.dpatch] -2.4.27-sarge-security: released (2.4.27-10sarge3) [222_binfmt-bad-elf-entry-address.diff] -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-0742 b/patch-tracking/retired/CVE-2006-0742 deleted file mode 100644 index 365464753..000000000 --- a/patch-tracking/retired/CVE-2006-0742 +++ /dev/null @@ -1,21 +0,0 @@ -Candidate: CVE-2006-0742 -References: - http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e963701a761aede31c9c1bfc74cf8e0ec671f0f4;hp=eb0911e27e8c6778d6c8ec95b7dd60c002d923c3 -Description: - The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux kernel - 2.6.x before 2.6.15.6, possibly when compiled with certain versions of gcc, - has the "noreturn" attribute set, which allows local users to cause a denial - of service by causing user faults on Itanium systems. -Notes: - dannf> Forwarded to Bjorn for 2.4-ia64 inclusion -Bugs: -upstream: released (2.6.15.6) -linux-2.6: released (2.6.15-8) -2.6.8-sarge-security: released (2.6.8-16sarge3) -2.4.27-sarge-security: released (2.4.27-10sarge3) -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: diff --git a/patch-tracking/retired/CVE-2006-1055 b/patch-tracking/retired/CVE-2006-1055 deleted file mode 100644 index 3b264a567..000000000 --- a/patch-tracking/retired/CVE-2006-1055 +++ /dev/null @@ -1,26 +0,0 @@ -Candidate: CVE-2006-1055 -References: -Description: - Quoting Greg KH: - Al just pointed me at an old sysfs patch that went into the tree last - year that has some potential security problems. Turns out that if you - write to a sysfs file exactly PAGE_SIZE worth of data, with no zeros in - it, there's a good chance you could read off the end of the kernel - buffer into who knows where. -Notes: - jmm> This was judged non-exploitable by Al Viro, but it's still a local DoS - jmm> 2.4 N/A, as it doesn't have sysfs - . - troyh> N/A for sarge, it was broken in 2.6.12 - 2.6.17-rc1. 2.6.8 is fine, - and since its's sysfs 2.4 is N/A. -Bugs: -upstream: released (2.6.17-rc1), released (2.6.16.2) -linux-2.6: released (2.6.16-6) -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-1056 b/patch-tracking/retired/CVE-2006-1056 deleted file mode 100644 index af49eed2f..000000000 --- a/patch-tracking/retired/CVE-2006-1056 +++ /dev/null @@ -1,29 +0,0 @@ -Candidate: CVE-2006-1056 -References: - CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910 - CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911 - URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=114548768214478&w=2 - URL:http://www.securityfocus.com/bid/17600 - URL:http://xforce.iss.net/xforce/xfdb/25871 -Description: - The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on - AMD64 and other 7th and 8th generation AuthenticAMD processors, only - save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an - exception is pending, which allows one process to determine portions of the - state of floating point instructions of other processes, which can be - leveraged to obtain sensitive information such as cryptographic keys. NOTE: - this is the documented behavior of AMD64 processors, but it is inconsistent - with Intel processers in a security-relevant fashion that was not addressed - by the kernels. -Notes: -Bugs: -upstream: released (2.4.33-pre3), released (2.6.16.9) -linux-2.6: released (2.6.16-9) -2.6.8-sarge-security: released (2.6.8-16sarge3) -2.4.27-sarge-security: released (2.4.27-10sarge3) -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: diff --git a/patch-tracking/retired/CVE-2006-1066 b/patch-tracking/retired/CVE-2006-1066 deleted file mode 100644 index 7636fdd76..000000000 --- a/patch-tracking/retired/CVE-2006-1066 +++ /dev/null @@ -1,40 +0,0 @@ -Candidate: CVE-2006-1066 -References: -Description: 2.6.8 ia64 kernel w/ PREEMPT enabled permits local DoS (oops) -Notes: - From: dann frazier - To: team@security.debian.org - Subject: kernel-image-2.6.8-ia64 - disable preempt - Date: Fri, 25 Mar 2005 18:57:59 -0700 - . - hey security team, - Its likely that kernel-image-2.6.8-ia64 (2.6.8-12) will be the version - that ships in sarge. This kernel has CONFIG_PREEMPT enabled, which has - at least one known issue in ptrace code that lets an unpriveleged - userspace process trigger an oops. This issue went away upstream by - 2.6.9, but its unclear what actually fixed it. SuSE/RedHat disable - PREEMPT for ia64 (or so I'm told), so they are not affected. This same - test case does _not_ fail on x86, which also has PREEMPT enabled for - sarge. - . - This issue has been known for a while, but I waited until after d-i - RC3 to upload it, since it changes the ABI. This fix is in the 2.6.8-13 - build in unstable, but the release team is blocking this kernel from - normal sarge propagation to keep the kernel udebs in sync. - . - . - dannf> This is only a config change, so it requires no changes to - dannf> kernel-source-2.6.8, but I'll use the kernel-source version - dannf> for the pending/released tags to match the others. -Bugs: -upstream: -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-16sarge2) -2.4.27-sarge-security: N/A -2.6.8: needed -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-1242 b/patch-tracking/retired/CVE-2006-1242 deleted file mode 100644 index 08a09c4a2..000000000 --- a/patch-tracking/retired/CVE-2006-1242 +++ /dev/null @@ -1,38 +0,0 @@ -Candidate: CVE-2006-1242 -References: -http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1a55d57b107c3e06935763905dc0fb235214569d -Description: - [TCP]: Do not use inet->id of global tcp_socket when sending RST. - . - The problem is in ip_push_pending_frames(), which uses: - . if (!df) { - . __ip_select_ident(iph, &rt->u.dst, 0); - . } else { - . iph->id = htons(inet->id++); - . } - . - instead of ip_select_ident(). - . - Right now I think the code is a nonsense. Most likely, I copied it from - old ip_build_xmit(), where it was really special, we had to decide - whether to generate unique ID when generating the first (well, the last) - fragment. - . - In ip_push_pending_frames() it does not make sense, it should use plain - ip_select_ident() instead. -Notes: - jmm> 2.4 doesn't seem to be affected, but I'd prefer a second look before - jmm> marking it N/A - . - dannf> troyh gave me a patch for 2.4, so I guess it is affected -Bugs: -upstream: released (2.6.16.1) -linux-2.6: released (2.6.16-4) -2.6.8-sarge-security: released (2.6.8-16sarge3) -2.4.27-sarge-security: released (2.4.27-10sarge3) -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: diff --git a/patch-tracking/retired/CVE-2006-1342 b/patch-tracking/retired/CVE-2006-1342 deleted file mode 100644 index ae41638d9..000000000 --- a/patch-tracking/retired/CVE-2006-1342 +++ /dev/null @@ -1,25 +0,0 @@ -Candidate: CVE-2006-1342 -References: - http://marc.theaimsgroup.com/?l=linux-netdev&m=114148078223594&w=2 - http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b -Description: - net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero - before returning IPv4 socket names from the (1) getsockname, (2) getpeername, - and (3) accept functions, which allows local users to obtain portions of - potentially sensitive memory. -Notes: - jmm> getorigdst() requires the fix in 2.6.8, inet_getname() is already fixed - dannf> both CVE-2006-1342 & CVE-2006-1343 were fixed by the same patch; - however we actually coincidentally already fixed 1343 in the - 043_ipsec.diff patch -Bugs: -upstream: released (2.4.33-pre3) -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: released (2.4.27-1) -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: diff --git a/patch-tracking/retired/CVE-2006-1368 b/patch-tracking/retired/CVE-2006-1368 deleted file mode 100644 index df2f4997c..000000000 --- a/patch-tracking/retired/CVE-2006-1368 +++ /dev/null @@ -1,23 +0,0 @@ -Candidate: CVE-2006-1368 -References: - http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8763716bfe4d8a16bef28c9947cf9d799b1796a5 - http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16 -Description: - Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before - 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory - corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes - memory to be allocated for the reply data but not the reply structure. -Notes: - dannf> Marcelo has posted a patch identical to ours and has asked for - feedback, so it should be upstream soon -Bugs: -upstream: released (2.6.16) -linux-2.6: released (2.6.16-1) -2.6.8-sarge-security: released (2.6.8-16sarge3) -2.4.27-sarge-security: released (2.4.27-10sarge3) -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: diff --git a/patch-tracking/retired/CVE-2006-1522 b/patch-tracking/retired/CVE-2006-1522 deleted file mode 100644 index 0122676fc..000000000 --- a/patch-tracking/retired/CVE-2006-1522 +++ /dev/null @@ -1,16 +0,0 @@ -Candidate: CVE-2006-1522 -References: -Description: -Notes: - jmm> Vulnerable code not present in 2.6.8 and 2.4 -Bugs: -upstream: released (2.6.16.3) -linux-2.6: released (2.6.16-7) -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-1523 b/patch-tracking/retired/CVE-2006-1523 deleted file mode 100644 index 61d6590a6..000000000 --- a/patch-tracking/retired/CVE-2006-1523 +++ /dev/null @@ -1,23 +0,0 @@ -Candidate: CVE-2006-1523 -References: - MLIST:[linux-kernel] 20060411 [PATCH] __group_complete_signal: remove bogus BUG_ON - URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=114476543426600&w=2 - CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188604 - BID:17640 - URL:http://www.securityfocus.com/bid/17640 -Description: - The __group_complete_signal function in the RCU signal handling (signal.c) in - Linux kernel 2.6.16, and possibly other versions, has unknown impact and - attack vectors related to improper use of BUG_ON. -Notes: -Bugs: -upstream: released (2.6.16.4) -linux-2.6: released (2.6.16-7) -2.6.8-sarge-security: released (2.6.8-16sarge3) -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-1524 b/patch-tracking/retired/CVE-2006-1524 deleted file mode 100644 index 5ed3b130b..000000000 --- a/patch-tracking/retired/CVE-2006-1524 +++ /dev/null @@ -1,28 +0,0 @@ -Candidate: CVE-2006-1524 -References: - CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6 - BID:17587 - URL:http://www.securityfocus.com/bid/17587 - SECUNIA:19664 - URL:http://secunia.com/advisories/19664 - SECUNIA:19657 - URL:http://secunia.com/advisories/19657 -Description: - madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow - file and mmap restrictions, which allows local users to bypass IPC - permissions and replace portions of readonly tmpfs files with zeroes, - aka the MADV_REMOVE vulnerability. NOTE: this description was - originally written in a way that combined two separate issues. The - mprotect issue now has a separate name, CVE-2006-2071. -Notes: -Bugs: -upstream: released (2.6.16.7) -linux-2.6: -2.6.8-sarge-security: released (2.6.8-16sarge3) -2.4.27-sarge-security: released (2.4.27-10sarge3) -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: diff --git a/patch-tracking/retired/CVE-2006-1525 b/patch-tracking/retired/CVE-2006-1525 deleted file mode 100644 index c7033bf55..000000000 --- a/patch-tracking/retired/CVE-2006-1525 +++ /dev/null @@ -1,23 +0,0 @@ -Candidate: CVE-2006-1525 -References: - CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.8 - CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189346 - URL:http://www.securityfocus.com/bid/17593 - URL:http://xforce.iss.net/xforce/xfdb/25872 -Description: - ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users to - cause a denial of service (panic) via a request for a route for a multicast - IP address, which triggers a null dereference. -Notes: - dannf> Submitted to Marcelo for 2.4 -Bugs: -upstream: released (2.6.16.8) -linux-2.6: released (2.6.16-9) -2.6.8-sarge-security: released (2.6.8-16sarge3) -2.4.27-sarge-security: released (2.4.27-10sarge3) -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: diff --git a/patch-tracking/retired/CVE-2006-1527 b/patch-tracking/retired/CVE-2006-1527 deleted file mode 100644 index 7bd36f716..000000000 --- a/patch-tracking/retired/CVE-2006-1527 +++ /dev/null @@ -1,30 +0,0 @@ -Candidate: CVE-2006-1527 -References: - CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.13 - TRUSTIX:2006-0024 - URL:http://www.trustix.org/errata/2006/0024 - BID:17806 - URL:http://www.securityfocus.com/bid/17806 - FRSIRT:ADV-2006-1632 - URL:http://www.frsirt.com/english/advisories/2006/1632 - OSVDB:25229 - URL:http://www.osvdb.org/25229 - SECUNIA:19926 - URL:http://secunia.com/advisories/19926 -Description: - The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of - service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the - for_each_sctp_chunk function. -Notes: - troyh> SCTP-netfilter code didn't exist until after 2.6.8 -Bugs: -upstream: released (2.6.16.13) -linux-2.6: released (2.6.16-12) -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-1857 b/patch-tracking/retired/CVE-2006-1857 deleted file mode 100644 index 2fe2e36ea..000000000 --- a/patch-tracking/retired/CVE-2006-1857 +++ /dev/null @@ -1,20 +0,0 @@ -Candidate: CVE-2006-1857 -References: - http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a601266e4f3c479790f373c2e3122a766d123652;hp=dd2d1c6f2958d027e4591ca5d2a04dfe36ca6512 -Description: - Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote - attackers to cause a denial of service (crash) and possibly execute arbitrary - code via a malformed HB-ACK chunk. -Notes: - dannf> Submitted to Marcelo for 2.4 -Bugs: -upstream: released (2.6.16.17) -linux-2.6: released (2.6.16-14) -2.6.8-sarge-security: released (2.6.8-16sarge3) -2.4.27-sarge-security: released (2.4.27-10sarge3) -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-1858 b/patch-tracking/retired/CVE-2006-1858 deleted file mode 100644 index 48b082a8d..000000000 --- a/patch-tracking/retired/CVE-2006-1858 +++ /dev/null @@ -1,20 +0,0 @@ -Candidate: CVE-2006-1858 -References: - http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dd2d1c6f2958d027e4591ca5d2a04dfe36ca6512;hp=61c9fed41638249f8b6ca5345064eb1beb50179f -Description: - SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a - denial of service (crash) and possibly execute arbitrary code via a chunk - length that is inconsistent with the actual length of provided parameters. -Notes: - dannf> Submitted to Marcello for 2.4 -Bugs: -upstream: released (2.6.16.17) -linux-2.6: released (2.6.16-14) -2.6.8-sarge-security: released (2.6.8-16sarge3) -2.4.27-sarge-security: released (2.4.27-10sarge3) -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-1859 b/patch-tracking/retired/CVE-2006-1859 deleted file mode 100644 index d88822dde..000000000 --- a/patch-tracking/retired/CVE-2006-1859 +++ /dev/null @@ -1,25 +0,0 @@ -Candidate: CVE-2006-1859 -References: - http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.16 - http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commit;h=1f0e637c94a9b0418 - http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=blobdiff;h=aa7f66091823dde953e15895dc427615701c39c7;hp=e75ac392a313f3fad823bf2e46a03f29701e3e34;hb=1f0e637c94a9b041833947c79110d6c02fff8618;f=fs/locks.c - http://www.securityfocus.com/bid/17943 - http://www.frsirt.com/english/advisories/2006/1767 - http://secunia.com/advisories/20083 -Description: - lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to - cause a denial of service (fcntl_setlease lockup) via actions that cause - lease_init to free a lock that might not have been allocated on the stack. -Notes: - jmm> The vulnerable NFS4 leases code was only introduced in 2.6.10 -Bugs: -upstream: released (2.6.16.6) -linux-2.6: released (2.6.16-8) -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-1860 b/patch-tracking/retired/CVE-2006-1860 deleted file mode 100644 index 8a18aa626..000000000 --- a/patch-tracking/retired/CVE-2006-1860 +++ /dev/null @@ -1,25 +0,0 @@ -Candidate: CVE-2006-1860 -References: - http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.16 - http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commit;h=1f0e637c94a9b0418 - http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=blobdiff;h=aa7f66091823dde953e15895dc427615701c39c7;hp=e75ac392a313f3fad823bf2e46a03f29701e3e34;hb=1f0e637c94a9b041833947c79110d6c02fff8618;f=fs/locks.c - http://www.securityfocus.com/bid/17943 - http://www.frsirt.com/english/advisories/2006/1767 - http://secunia.com/advisories/20083 -Description: - lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to - cause a denial of service (fcntl_setlease lockup) via actions that cause - lease_init to free a lock that might not have been allocated on the stack. -Notes: - jmm> The vulnerable NFS4 leases code was only introduced in 2.6.10 -Bugs: -upstream: released (2.6.16.6) -linux-2.6: released (2.6.16-8) -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-1863 b/patch-tracking/retired/CVE-2006-1863 deleted file mode 100644 index e44adcf05..000000000 --- a/patch-tracking/retired/CVE-2006-1863 +++ /dev/null @@ -1,17 +0,0 @@ -Candidate: CVE-2006-1863 -References: - http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=296034f7de8bdf111984ce1630ac598a9c94a253 -Description: cifs chroot escape -Notes: - jmm> 2.4 doesn't have CIFS -Bugs: -upstream: released (2.6.16.11) -linux-2.6: released (2.6.16-10) -2.6.8-sarge-security: released (2.6.8-16sarge3) -2.4.27-sarge-security: N/A -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-1864 b/patch-tracking/retired/CVE-2006-1864 deleted file mode 100644 index 70dccdfbc..000000000 --- a/patch-tracking/retired/CVE-2006-1864 +++ /dev/null @@ -1,21 +0,0 @@ -Candidate: CVE-2006-1864 -References: - CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189435 - URL:http://www.trustix.org/errata/2006/0026 - URL:http://www.securityfocus.com/bid/17735 -Description: - Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows - local users to escape chroot restrictions for an SMB-mounted filesystem via - "..\\" sequences, a similar vulnerability to CVE-2006-1863. -Notes: -Bugs: -upstream: pending (2.4.33-pre4), released (2.6.16.14) -linux-2.6: released (2.6.16-10) -2.6.8-sarge-security: released (2.6.8-16sarge3) -2.4.27-sarge-security: released (2.4.27-10sarge3) -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: diff --git a/patch-tracking/retired/CVE-2006-2271 b/patch-tracking/retired/CVE-2006-2271 deleted file mode 100644 index 28d861c57..000000000 --- a/patch-tracking/retired/CVE-2006-2271 +++ /dev/null @@ -1,27 +0,0 @@ -Candidate: CVE-2006-2271 -References: - FULLDISC:20060508 [MU-200605-01] Multiple vulnerabilities in Linux SCTP 2.6.16 - URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0227.html - MISC:http://labs.musecurity.com/advisories/MU-200605-01.txt - CONFIRM:http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e - FRSIRT:ADV-2006-1734 - URL:http://www.frsirt.com/english/advisories/2006/1734 - SECUNIA:19990 - URL:http://secunia.com/advisories/19990 -Description: - The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows remote - attackers to cause a denial of service (kernel panic) via an unexpected chunk - when the session is in CLOSED state. -Notes: - dannf> Forwarded to Marcelo for 2.4 inclusion -Bugs: -upstream: released (2.6.16.15) -linux-2.6: released (2.6.16-13) -2.6.8-sarge-security: released (2.6.8-16sarge3) -2.4.27-sarge-security: released (2.4.27-10sarge3) -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-2272 b/patch-tracking/retired/CVE-2006-2272 deleted file mode 100644 index b579d769e..000000000 --- a/patch-tracking/retired/CVE-2006-2272 +++ /dev/null @@ -1,22 +0,0 @@ -Candidate: CVE-2006-2272 -References: - CONFIRM:http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813 - URL:http://www.securityfocus.com/bid/17910 - URL:http://xforce.iss.net/xforce/xfdb/26431 -Description: - Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial - of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2) - HEARTBEAT SCTP control chunks. -Notes: - dannf> Submitted to Marcelo for inclusion in 2.4 -Bugs: -upstream: released (2.6.16.15) -linux-2.6: released (2.6.16-13) -2.6.8-sarge-security: released (2.6.8-16sarge3) -2.4.27-sarge-security: released (2.4.27-10sarge3) -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-2274 b/patch-tracking/retired/CVE-2006-2274 deleted file mode 100644 index a3dacf6c7..000000000 --- a/patch-tracking/retired/CVE-2006-2274 +++ /dev/null @@ -1,25 +0,0 @@ -Candidate: CVE-2006-2274 -References: - CONFIRM:http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6 - URL:http://www.securityfocus.com/bid/17955 - URL:http://secunia.com/advisories/20237 - URL:http://xforce.iss.net/xforce/xfdb/26432 -Description: - Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial - of service (infinite recursion and crash) via a packet that contains two or - more DATA fragments, which causes an skb pointer to refer back to itself when - the full message is reassembled, leading to infinite recursion in the - sctp_skb_pull function. -Notes: - dannf> Submitted to Marcelo for 2.4 -Bugs: -upstream: released (2.6.16.15) -linux-2.6: released (2.6.16-13) -2.6.8-sarge-security: released (2.6.8-16sarge3) -2.4.27-sarge-security: released (2.4.27-10sarge3) -2.4.19-woody-security: N/A -2.4.18-woody-security: N/A -2.4.17-woody-security: N/A -2.4.16-woody-security: N/A -2.4.17-woody-security-hppa: N/A -2.4.17-woody-security-ia64: N/A diff --git a/patch-tracking/retired/CVE-2006-2451 b/patch-tracking/retired/CVE-2006-2451 deleted file mode 100644 index 369c23e64..000000000 --- a/patch-tracking/retired/CVE-2006-2451 +++ /dev/null @@ -1,15 +0,0 @@ -Candidate: CVE-2006-2451 -References: -Description: - The suid_dumpable support in Linux kernel 2.6.13 up to versions before - 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial - of service (disk consumption) and possibly gain privileges via the - PR_SET_DUMPABLE argument of the prctl function and a program that causes a - core dump file to be created in a directory for which the user does not have - permissions. -Notes: -Bugs: -upstream: released (2.6.16.14), released (2.6.17.4) -linux-2.6: released (2.6.16-17) -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A diff --git a/patch-tracking/retired/CVE-2006-3626 b/patch-tracking/retired/CVE-2006-3626 deleted file mode 100644 index 0307c5b2b..000000000 --- a/patch-tracking/retired/CVE-2006-3626 +++ /dev/null @@ -1,14 +0,0 @@ -Candidate: CVE-2006-3626 -References: - FULLDISC:20060714, http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047907.html - http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=18b0bbd8ca6d3cb90425aa0d77b99a762c6d6de3 -Description: Linux kernel 0day - dynamite inside, don't burn your fingers - Race condition in Linux kernel 2.6.17.4 and earlier allows local users - to gain root privileges by using prctl with PR_SET_DUMPABLE in a way - that causes /proc/self/environ to become setuid root. -Notes: -Bugs: -upstream: released (2.6.16.25, 2.6.17.5) -linux-2.6: released (2.6.16-17, 2.6.17-4) -2.6.8-sarge-security: released (2.6.8-16sarge4) -2.4.27-sarge-security: N/A diff --git a/retired/CVE-2002-0429 b/retired/CVE-2002-0429 new file mode 100644 index 000000000..6d6e59f55 --- /dev/null +++ b/retired/CVE-2002-0429 @@ -0,0 +1,29 @@ +Candidate: CVE-2002-0429 +References: + CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@3dd4f4b1MbvSSVddY8E_Yx0bGPux8w?nav=index.html|src/|src/arch|src/arch/i386|src/arch/i386/kernel|related/arch/i386/kernel/entry.S + BUGTRAQ:20020308 linux <=2.4.18 x86 traps.c problem + CONFIRM:http://www.openwall.com/linux/ + DEBIAN:DSA-311 + DEBIAN:DSA-312 + DEBIAN:DSA-332 + DEBIAN:DSA-336 + DEBIAN:DSA-442 + REDHAT:RHSA-2002:158 + BID:4259 + XF:linux-ibcs-lcall-process(8420) +Description: + The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local + users to kill arbitrary processes via a a binary compatibility interface (lcall). +Notes: +Bugs: +upstream: released (2.4.20) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-6) +2.4.17-woody-security: released (2.4.17-1woody1) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2003-0001 b/retired/CVE-2003-0001 new file mode 100644 index 000000000..7cd7abbd1 --- /dev/null +++ b/retired/CVE-2003-0001 @@ -0,0 +1,38 @@ +Candidate: CVE-2003-0001 +References: + ATSTAKE:A010603-1 + URL:http://www.atstake.com/research/advisories/2003/a010603-1.txt + BUGTRAQ:20030110 More information regarding Etherleak + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104222046632243&w=2 + VULNWATCH:20030110 More information regarding Etherleak + URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html + MISC:http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf + CERT-VN:VU#412115 + URL:http://www.kb.cert.org/vuls/id/412115 + REDHAT:RHSA-2003:025 + URL:http://www.redhat.com/support/errata/RHSA-2003-025.html + OVAL:OVAL2665 + URL:http://oval.mitre.org/oval/definitions/data/oval2665.html +Description: + Multiple ethernet Network Interface Card (NIC) device drivers do not pad + frames with null bytes, which allows remote attackers to obtain information + from previous packets or kernel memory by using malformed packets, as + demonstrated by Etherleak. +Notes: + dannf> A number of drivers had to be fixed, but when looking to see where this + dannf> patch had been applied, I just tracked the de600.c file changes. My + dannf> assumption is that all of the other drivers got fixed at the same time. + . + dannf> I've e-mailed the security team + mdz, asking for a patch +Bugs: +upstream: released (2.4.21-pre4) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: needed +2.4.18-woody-security: released (2.4.18-7) +2.4.17-woody-security: released (2.4.17-1woody1) +2.4.16-woody-security: needed +2.4.17-woody-security-hppa: needed +2.4.17-woody-security-ia64: needed +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2003-0018 b/retired/CVE-2003-0018 new file mode 100644 index 000000000..d89c0b09f --- /dev/null +++ b/retired/CVE-2003-0018 @@ -0,0 +1,38 @@ +Candidate: CVE-2003-0018 +References: + DEBIAN:DSA-358 + DEBIAN:DSA-423 + MANDRAKE:MDKSA-2003:014 + REDHAT:RHSA-2003:025 + BID:6763 + XF:linux-odirect-information-leak(11249) +Description: + Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the + O_DIRECT feature, which allows local attackers with write privileges to + read portions of previously deleted files, or cause file system + corruption. +Notes: + dannf> It looks like the fix that was used in woody is to diable + dannf> O_DIRECT. Is this the upstream fix? + dannf> http://linux.bkbits.net:8080/linux-2.4/cset@3da0af3a87N78_-K9uAzGF_5cLsRkA?nav=index.html|tags|ChangeSet@..1.717.1.11 + dannf> I've asked hch via e-mail + . + dannf> and here's his response: + . + The big O_DIRECT issues we had a while ago involved redoing large parts of + the locking so it's definitily not the patch above. It was fixed in 2.4.2x + for x = 2 or 3 IIRC. The 2.5.27 kernels in sarge ff are definitly okay. + . + dannf> Therefore, I'm marking >= sarge kernels N/A +Bugs: +upstream: +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-10) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.14.1) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2003-0127 b/retired/CVE-2003-0127 new file mode 100644 index 000000000..b1b4b1cd7 --- /dev/null +++ b/retired/CVE-2003-0127 @@ -0,0 +1,62 @@ +Candidate: CVE-2003-0127 +References: + VULNWATCH:20030317 Fwd: Ptrace hole / Linux 2.2.25 + URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html + REDHAT:RHSA-2003:098 + URL:http://rhn.redhat.com/errata/RHSA-2003-098.html + REDHAT:RHSA-2003:088 + URL:http://rhn.redhat.com/errata/RHSA-2003-088.html + SUSE:SuSE-SA:2003:021 + ENGARDE:ESA-20030318-009 + DEBIAN:DSA-270 + URL:http://www.debian.org/security/2003/dsa-270 + DEBIAN:DSA-276 + URL:http://www.debian.org/security/2003/dsa-276 + DEBIAN:DSA-311 + URL:http://www.debian.org/security/2003/dsa-311 + DEBIAN:DSA-312 + URL:http://www.debian.org/security/2003/dsa-312 + DEBIAN:DSA-332 + URL:http://www.debian.org/security/2003/dsa-332 + DEBIAN:DSA-336 + URL:http://www.debian.org/security/2003/dsa-336 + DEBIAN:DSA-423 + URL:http://www.debian.org/security/2004/dsa-423 + DEBIAN:DSA-495 + URL:http://www.debian.org/security/2004/dsa-495 + MANDRAKE:MDKSA-2003:038 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:038 + MANDRAKE:MDKSA-2003:039 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:039 + CALDERA:CSSA-2003-020.0 + URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-020.0.txt + ENGARDE:ESA-20030515-017 + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2 + REDHAT:RHSA-2003:145 + URL:http://www.redhat.com/support/errata/RHSA-2003-145.html + GENTOO:GLSA-200303-17 + URL:http://security.gentoo.org/glsa/glsa-200303-17.xml + CERT-VN:VU#628849 + URL:http://www.kb.cert.org/vuls/id/628849 + OVAL:OVAL254 + URL:http://oval.mitre.org/oval/definitions/data/oval254.html +Description: + The kernel module loader in Linux kernel 2.2.x before 2.2.25, and + 2.4.x before 2.4.21, allows local users to gain root privileges by + using ptrace to attach to a child process that is spawned by the + kernel. +Notes: + Changeset comments say "Linux 2.5 is not believed to be vulnerable.", + so marking this issue as N/A for 2.6. +Bugs: +upstream: released (2.4.21-pre6) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody2) +2.4.18-woody-security: released (2.4.18-7) +2.4.17-woody-security: released (2.4.17-1woody1) +2.4.16-woody-security: released (2.4.16-1woody2) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.14.1) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2003-0187 b/retired/CVE-2003-0187 new file mode 100644 index 000000000..44f104289 --- /dev/null +++ b/retired/CVE-2003-0187 @@ -0,0 +1,25 @@ +Candidate: CVE-2003-0187 +References: + http://marc.theaimsgroup.com/?l=bugtraq&m=105986028426824&w=2 + http://oval.mitre.org/oval/definitions/data/oval260.html +Description: + The connection tracking core of Netfilter for Linux 2.4.20, with + CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote + attackers to cause a denial of service (resource consumption) due to an + inconsistency with Linux 2.4.20's support of linked lists, which causes + Netfilter to fail to identify connections with an UNCONFIRMED status and + use large timeouts. +Notes: + This was fixed before 2.6.0: + http://linux.bkbits.net:8080/linux-2.6/cset@3e631f9evO15b8EcYa8btEi07F2mYQ?nav=index.html|src/|src/include|src/include/linux|src/include/linux/netfilter_ipv4|related/include/linux/netfilter_ipv4/ip_conntrack.h +Bugs: +upstream: released (2.4.21) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2003-0244 b/retired/CVE-2003-0244 new file mode 100644 index 000000000..50f548482 --- /dev/null +++ b/retired/CVE-2003-0244 @@ -0,0 +1,50 @@ +Candidate: CVE-2003-0244 +References: + VULNWATCH:20030517 Algorithmic Complexity Attacks and the Linux Networking Code + URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0073.html + MISC:http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html + MISC:http://marc.theaimsgroup.com/?l=linux-kernel&m=104956079213417 + REDHAT:RHSA-2003:145 + URL:http://www.redhat.com/support/errata/RHSA-2003-145.html + REDHAT:RHSA-2003:147 + URL:http://www.redhat.com/support/errata/RHSA-2003-147.html + REDHAT:RHSA-2003:172 + URL:http://www.redhat.com/support/errata/RHSA-2003-172.html + ENGARDE:ESA-20030515-017 + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2 + DEBIAN:DSA-311 + URL:http://www.debian.org/security/2003/dsa-311 + DEBIAN:DSA-312 + URL:http://www.debian.org/security/2003/dsa-312 + DEBIAN:DSA-332 + URL:http://www.debian.org/security/2003/dsa-332 + DEBIAN:DSA-336 + URL:http://www.debian.org/security/2003/dsa-336 + DEBIAN:DSA-442 + URL:http://www.debian.org/security/2004/dsa-442 + MANDRAKE:MDKSA-2003:066 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:066 + MANDRAKE:MDKSA-2003:074 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074 + BUGTRAQ:20030618 [slackware-security] 2.4.21 kernels available (SSA:2003-168-01) + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105595901923063&w=2 + OVAL:OVAL261 + URL:http://oval.mitre.org/oval/definitions/data/oval261.html +Description: + The route cache implementation in Linux 2.4, and the Netfilter IP conntrack + module, allows remote attackers to cause a denial of service (CPU consumption) + via packets with forged source addresses that cause a large number of hash + table collisions. +Notes: +Bugs: +upstream: released (2.4.21-rc2) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released +2.4.18-woody-security: released (2.4.18-8) +2.4.17-woody-security: released (2.4.17-1woody1) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.14.1) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2003-0246 b/retired/CVE-2003-0246 new file mode 100644 index 000000000..6ad4dddd8 --- /dev/null +++ b/retired/CVE-2003-0246 @@ -0,0 +1,50 @@ +Candidate: CVE-2003-0246 +References: + REDHAT:RHSA-2003:172 + URL:http://www.redhat.com/support/errata/RHSA-2003-172.html + REDHAT:RHSA-2003:147 + URL:http://www.redhat.com/support/errata/RHSA-2003-147.html + ENGARDE:ESA-20030515-017 + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2 + DEBIAN:DSA-311 + URL:http://www.debian.org/security/2003/dsa-311 + DEBIAN:DSA-312 + URL:http://www.debian.org/security/2003/dsa-312 + DEBIAN:DSA-332 + URL:http://www.debian.org/security/2003/dsa-332 + DEBIAN:DSA-336 + URL:http://www.debian.org/security/2003/dsa-336 + DEBIAN:DSA-442 + URL:http://www.debian.org/security/2004/dsa-442 + MANDRAKE:MDKSA-2003:066 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:066 + MANDRAKE:MDKSA-2003:074 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074 + TURBO:TLSA-2003-41 + URL:http://www.turbolinux.com/security/TLSA-2003-41.txt + VULNWATCH:20030520 Linux 2.4 kernel ioperm vuln + URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0076.html + OVAL:OVAL278 + URL:http://oval.mitre.org/oval/definitions/data/oval278.html +Description: + The ioperm system call in Linux kernel 2.4.20 and earlier does not properly + restrict privileges, which allows local users to gain read or write access to + certain I/O ports. +Notes: + It looks like the patch originally included in woody was just a one line + change; whereas there were two larger patches that went upstream. I'm + moving our trees forward to the upstream one. + . + Patch is x86 only. +Bugs: +upstream: released (2.4.21-rc4) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: pending (2.4.18-14.5) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: released (011226.14.1) +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2003-0247 b/retired/CVE-2003-0247 new file mode 100644 index 000000000..45159ec02 --- /dev/null +++ b/retired/CVE-2003-0247 @@ -0,0 +1,42 @@ +Candidate: CVE-2003-0247 +References: + REDHAT:RHSA-2003:187 + URL:http://www.redhat.com/support/errata/RHSA-2003-187.html + REDHAT:RHSA-2003:195 + URL:http://www.redhat.com/support/errata/RHSA-2003-195.html + REDHAT:RHSA-2003:198 + URL:http://www.redhat.com/support/errata/RHSA-2003-198.html + DEBIAN:DSA-311 + URL:http://www.debian.org/security/2003/dsa-311 + DEBIAN:DSA-312 + URL:http://www.debian.org/security/2003/dsa-312 + DEBIAN:DSA-332 + URL:http://www.debian.org/security/2003/dsa-332 + DEBIAN:DSA-336 + URL:http://www.debian.org/security/2003/dsa-336 + DEBIAN:DSA-442 + URL:http://www.debian.org/security/2004/dsa-442 + MANDRAKE:MDKSA-2003:066 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:066 + MANDRAKE:MDKSA-2003:074 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074 + TURBO:TLSA-2003-41 + URL:http://www.turbolinux.com/security/TLSA-2003-41.txt + OVAL:OVAL284 + URL:http://oval.mitre.org/oval/definitions/data/oval284.html +Description: + Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows + attackers to cause a denial of service ("kernel oops"). +Notes: +Bugs: +upstream: released (2.4.21-rc3) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-9) +2.4.17-woody-security: released (2.4.17-1woody1) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.14.1) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2003-0248 b/retired/CVE-2003-0248 new file mode 100644 index 000000000..9ce634f6e --- /dev/null +++ b/retired/CVE-2003-0248 @@ -0,0 +1,42 @@ +Candidate: CVE-2003-0248 +References: + REDHAT:RHSA-2003:187 + URL:http://www.redhat.com/support/errata/RHSA-2003-187.html + REDHAT:RHSA-2003:195 + URL:http://www.redhat.com/support/errata/RHSA-2003-195.html + DEBIAN:DSA-311 + URL:http://www.debian.org/security/2003/dsa-311 + DEBIAN:DSA-312 + URL:http://www.debian.org/security/2003/dsa-312 + DEBIAN:DSA-332 + URL:http://www.debian.org/security/2003/dsa-332 + DEBIAN:DSA-336 + URL:http://www.debian.org/security/2003/dsa-336 + DEBIAN:DSA-442 + URL:http://www.debian.org/security/2004/dsa-442 + MANDRAKE:MDKSA-2003:066 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:066 + MANDRAKE:MDKSA-2003:074 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074 + TURBO:TLSA-2003-41 + URL:http://www.turbolinux.com/security/TLSA-2003-41.txt + OVAL:OVAL292 + URL:http://oval.mitre.org/oval/definitions/data/oval292.html +Description: + The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state + registers via a malformed address. +Notes: + dannf> I think this is the patch: + dannf> http://linux.bkbits.net:8080/linux-2.4/cset@3f293760h0HL1XxaPHNYxPXmpO1k8g?nav=index.html|src/|src/arch|src/arch/i386|src/arch/i386/kernel|related/arch/i386/kernel/i387.c +Bugs: +upstream: released (2.4.22-pre10) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-9) +2.4.17-woody-security: released (2.4.17-1woody1) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: released (011226.14.1) +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2003-0364 b/retired/CVE-2003-0364 new file mode 100644 index 000000000..1cc1ba9b3 --- /dev/null +++ b/retired/CVE-2003-0364 @@ -0,0 +1,40 @@ +Candidate: CVE-2003-0364 +References: + REDHAT:RHSA-2003:187 + URL:http://www.redhat.com/support/errata/RHSA-2003-187.html + REDHAT:RHSA-2003:195 + URL:http://www.redhat.com/support/errata/RHSA-2003-195.html + REDHAT:RHSA-2003:198 + URL:http://www.redhat.com/support/errata/RHSA-2003-198.html + DEBIAN:DSA-311 + URL:http://www.debian.org/security/2003/dsa-311 + DEBIAN:DSA-312 + URL:http://www.debian.org/security/2003/dsa-312 + DEBIAN:DSA-332 + URL:http://www.debian.org/security/2003/dsa-332 + DEBIAN:DSA-336 + URL:http://www.debian.org/security/2003/dsa-336 + DEBIAN:DSA-442 + URL:http://www.debian.org/security/2004/dsa-442 + TURBO:TLSA-2003-41 + URL:http://www.turbolinux.com/security/TLSA-2003-41.txt + OVAL:OVAL295 + URL:http://oval.mitre.org/oval/definitions/data/oval295.html +Description: + The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote + attackers to cause a denial of service (CPU consumption) via certain packets that + cause a large number of hash table collisions. +Notes: +Bugs: +upstream: released (2.4.21-rc7) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.2.20-woody-security: released (2.2.20-5woody2) +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-9) +2.4.17-woody-security: released (2.4.17-1woody1) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.14.1) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2003-0418 b/retired/CVE-2003-0418 new file mode 100644 index 000000000..f20986e7e --- /dev/null +++ b/retired/CVE-2003-0418 @@ -0,0 +1,21 @@ +Candidate: CVE-2003-0418 +References: + http://marc.theaimsgroup.com/?l=bugtraq&m=105519179005065&w=2 + http://www.cartel-securite.fr/pbiondi/adv/CARTSA-20030314-icmpleak.txt + http://www.kb.cert.org/vuls/id/471084 +Description: + The Linux 2.0 kernel IP stack does not properly calculate the size of an ICMP + citation, which causes it to include portions of unauthorized memory in ICMP + error responses. +Notes: +Bugs: +upstream: +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2003-0461 b/retired/CVE-2003-0461 new file mode 100644 index 000000000..c947ee683 --- /dev/null +++ b/retired/CVE-2003-0461 @@ -0,0 +1,36 @@ +Candidate: CVE-2003-0461 +References: + MISC:http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html + REDHAT:RHSA-2003:238 + URL:http://www.redhat.com/support/errata/RHSA-2003-238.html + REDHAT:RHSA-2004:188 + URL:http://www.redhat.com/support/errata/RHSA-2004-188.html + DEBIAN:DSA-358 + URL:http://www.debian.org/security/2004/dsa-358 + DEBIAN:DSA-423 + URL:http://www.debian.org/security/2004/dsa-423 + OVAL:OVAL304 + URL:http://oval.mitre.org/oval/definitions/data/oval304.html + OVAL:OVAL997 + URL:http://oval.mitre.org/oval/definitions/data/oval997.html + Description: + /proc/tty/driver/serial in Linux 2.4.x reveals the exact number + of characters used in serial links, which could allow local users + to obtain potentially sensitive information such as the length of + passwords. +Notes: + dannf> Here's the patches I used: + http://linux.bkbits.net:8080/linux-2.4/cset@41a6020dX1GoVx_Eydy1jUOqc11tpw?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/proc_tty.c + http://linux.bkbits.net:8080/linux-2.4/cset@41aca810DvutJ8aEj43OuUqJ4e1EIw?nav=index.html|src/|src/include|src/include/linux|related/include/linux/proc_fs.h +Bugs: +upstream: released (2.4.29-pre2, 2.6.1) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: released (2.4.27-1) [025_proc_tty_security.diff] +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-10) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.14.1) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2003-0462 b/retired/CVE-2003-0462 new file mode 100644 index 000000000..b5d9c8b42 --- /dev/null +++ b/retired/CVE-2003-0462 @@ -0,0 +1,47 @@ +Candidate: CVE-2003-0462 +References: + REDHAT:RHSA-2003:198 + URL:http://www.redhat.com/support/errata/RHSA-2003-198.html + REDHAT:RHSA-2003:238 + URL:http://www.redhat.com/support/errata/RHSA-2003-238.html + DEBIAN:DSA-358 + URL:http://www.debian.org/security/2004/dsa-358 + DEBIAN:DSA-423 + URL:http://www.debian.org/security/2004/dsa-423 + OVAL:OVAL309 + URL:http://oval.mitre.org/oval/definitions/data/oval309.html +Description: + A race condition in the way env_start and env_end pointers are + initialized in the execve system call and used in fs/proc/base.c + on Linux 2.4 allows local users to cause a denial of service + (crash). +Notes: + The fix for 2.4 went into a larger patch: + http://linux.bkbits.net:8080/linux-2.4/cset@41c68e9bogrpceA9rUJa-xHwBd-P6g?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/base.c + However, the patch for 2.6 is much simpler: + http://linux.bkbits.net:8080/linux-2.6/cset@3ff1101fZfOZMtqtcvKc_s-agJpLrQ?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/base.c + Unfortunately, it doesn't apply cleanly to 2.4. It looks like + the fix included in 2.4.18-10 just re-typed len in + proc_pid_environ; while in 2.6 len was also retyped in + proc_pid_cmdline. Only the former deals with evn_end/env_start + pointers and the latter doesn't apply cleanly to 2.4, so I'm + just making the proc_pid_environ change. + . + hrm.. maybe there was an earlier patch to 2.4; the above 2.4 + patch didn't go in till 2.4.29, yet it looks like this was + already fixed in our 2.4.27 .orig.tar.gz + . + jmm> I assume this was fixed upstream in 2.4.22-pre10? + jmm> o Fix /proc/self security issue +Bugs: +upstream: released (2.6.1), released (2.4.22-pre10) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-10) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.14.1) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2003-0464 b/retired/CVE-2003-0464 new file mode 100644 index 000000000..6fe42cf63 --- /dev/null +++ b/retired/CVE-2003-0464 @@ -0,0 +1,27 @@ +Candidate: CVE-2003-0464 +References: + http://www.redhat.com/support/errata/RHSA-2003-238.html + http://oval.mitre.org/oval/definitions/data/oval311.html +Description: + The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, + which could allow local users to bind to UDP ports that are used by privileged + services such as nfsd. +Notes: + I couldn't locate the patches RedHat & SuSE used, but Connectiva apparently + just #if 0'd out the sock->sk->reuse = 1; line in svcsock.c:svc_create_socket. + Upstream didn't disable it altogether; just for UDP + http://linux.bkbits.net:8080/linux-2.4/cset@3f1bdcc9r8An_GKkjlXeHBYDYOY11A?nav=index.html|src/|src/net|src/net/sunrpc|related/net/sunrpc/svcsock.c + I'm guessing this is a UDP-only problem, so that is probably the fix we want. + . + This fix was in before 2.6.0. +Bugs: +upstream: released (2.4.22-pre8) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: diff --git a/retired/CVE-2003-0465 b/retired/CVE-2003-0465 new file mode 100644 index 000000000..8ef0a9540 --- /dev/null +++ b/retired/CVE-2003-0465 @@ -0,0 +1,34 @@ +Candidate: CVE-2003-0465 +References: + CONFIRM:http://marc.theaimsgroup.com/?l=linux-kernel&m=105796021120436&w=2 + CONFIRM:http://marc.theaimsgroup.com/?l=linux-kernel&m=105796415223490&w=2 + REDHAT:RHSA-2004:188 + URL:http://www.redhat.com/support/errata/RHSA-2004-188.html +Description: + The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad + the buffer on architectures other than x86, as opposed to the expected + behavior of strncpy as implemented in libc, which could lead to + information leaks. +Notes: + 2.4.27-8 fixes s390x, ppc64 and s390 but leaves mips & alpha unfixed. + . + horms> N.B. This bug appears to be minor at best + horms> http://marc.theaimsgroup.com/?l=linux-kernel&m=105796021120436&w=2 + . + dannf> Since this is minor, I'm gonna consider the existing patch "good enough" + dannf> and mark the 2.4 issues as complete. + jmm> Alan Cox wrote in above URL that these will be addressed during the 2.5 + jmm> cycle, so I guess it's pretty safe to make all the 2.6 kernels as fixed + jmm> The ramifications are minor anyway +Bugs: +upstream: +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: released (2.4.27-8) +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: needed +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2003-0467 b/retired/CVE-2003-0467 new file mode 100644 index 000000000..b51f352f4 --- /dev/null +++ b/retired/CVE-2003-0467 @@ -0,0 +1,25 @@ +Candidate: CVE-2003-0467 +References: + http://marc.theaimsgroup.com/?l=bugtraq&m=105985703724758&w=2 +Description: + Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels + 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is + enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote + attackers to cause a denial of service (crash) in systems using NAT, possibly + due to an integer signedness error. +Notes: + http://linux.bkbits.net:8080/linux-2.4/cset@3ea42919d7UMn5WVhEYYcN5hnvM6fA?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_helper.c + . + Looks like this was fixed before 2.6.0: + http://linux.bkbits.net:8080/linux-2.6/cset@3eb76c8aWimEpZAEU5Xbu-LPK-NxeA?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_helper.c +Bugs: +upstream: released (2.4.21-rc1) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: diff --git a/retired/CVE-2003-0476 b/retired/CVE-2003-0476 new file mode 100644 index 000000000..03d471c1a --- /dev/null +++ b/retired/CVE-2003-0476 @@ -0,0 +1,37 @@ +Candidate: CVE-2003-0476 +References: + BUGTRAQ:20030626 Linux 2.4.x execve() file read race vulnerability + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105664924024009&w=2 + MANDRAKE:MDKSA-2003:074 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074 + REDHAT:RHSA-2003:238 + URL:http://www.redhat.com/support/errata/RHSA-2003-238.html + REDHAT:RHSA-2003:368 + URL:http://www.redhat.com/support/errata/RHSA-2003-368.html + REDHAT:RHSA-2003:408 + URL:http://www.redhat.com/support/errata/RHSA-2003-408.html + SUSE:SuSE-SA:2003:034 + DEBIAN:DSA-358 + URL:http://www.debian.org/security/2004/dsa-358 + DEBIAN:DSA-423 + URL:http://www.debian.org/security/2004/dsa-423 + OVAL:OVAL327 + URL:http://oval.mitre.org/oval/definitions/data/oval327.html +Description: + The execve system call in Linux 2.4.x records the file + descriptor of the executable process in the file table of the + calling process, which allows local users to gain read access to + restricted file descriptors. +Notes: +Bugs: +upstream: released (2.4.22-pre4, 2.6.1) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-10) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.14.1) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2003-0501 b/retired/CVE-2003-0501 new file mode 100644 index 000000000..abd9ec504 --- /dev/null +++ b/retired/CVE-2003-0501 @@ -0,0 +1,33 @@ +Candidate: CVE-2003-0501 +References: + BUGTRAQ:20030620 Linux /proc sensitive information disclosure + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105621758104242 + REDHAT:RHSA-2003:198 + URL:http://www.redhat.com/support/errata/RHSA-2003-198.html + REDHAT:RHSA-2003:238 + URL:http://www.redhat.com/support/errata/RHSA-2003-238.html + SUSE:SuSE-SA:2003:034 + DEBIAN:DSA-358 + URL:http://www.debian.org/security/2004/dsa-358 + DEBIAN:DSA-423 + URL:http://www.debian.org/security/2004/dsa-423 + OVAL:OVAL328 + URL:http://oval.mitre.org/oval/definitions/data/oval328.html +Description: + The /proc filesystem in Linux allows local users to obtain + sensitive information by opening various entries in /proc/self + before executing a setuid program, which causes the program to + fail to change the ownership and permissions of those entries. +Notes: +Bugs: +upstream: released (2.4.22-pre10) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-10) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.14.1) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2003-0550 b/retired/CVE-2003-0550 new file mode 100644 index 000000000..ab06812f2 --- /dev/null +++ b/retired/CVE-2003-0550 @@ -0,0 +1,26 @@ +Candidate: CVE-2003-0550 +References: + REDHAT:RHSA-2003:238 + URL:http://www.redhat.com/support/errata/RHSA-2003-238.html + DEBIAN:DSA-358 + URL:http://www.debian.org/security/2004/dsa-358 + DEBIAN:DSA-423 + URL:http://www.debian.org/security/2004/dsa-423 + OVAL:OVAL380 + URL:http://oval.mitre.org/oval/definitions/data/oval380.html +Description: + The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient + security by design, which allows attackers to modify the bridge topology. +Notes: +Bugs: +upstream: released (2.4.22-pre3) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-10) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.14.1) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2003-0551 b/retired/CVE-2003-0551 new file mode 100644 index 000000000..7e5161bcc --- /dev/null +++ b/retired/CVE-2003-0551 @@ -0,0 +1,28 @@ +Candidate: CVE-2003-0551 +References: + REDHAT:RHSA-2003:198 + URL:http://www.redhat.com/support/errata/RHSA-2003-198.html + REDHAT:RHSA-2003:238 + URL:http://www.redhat.com/support/errata/RHSA-2003-238.html + DEBIAN:DSA-358 + URL:http://www.debian.org/security/2004/dsa-358 + DEBIAN:DSA-423 + URL:http://www.debian.org/security/2004/dsa-423 + OVAL:OVAL384 + URL:http://oval.mitre.org/oval/definitions/data/oval384.html +Description: + The STP protocol implementation in Linux 2.4.x does not properly verify + certain lengths, which could allow attackers to cause a denial of service. +Notes: +Bugs: +upstream: released (2.4.22-pre3) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-10) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.14.1) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2003-0552 b/retired/CVE-2003-0552 new file mode 100644 index 000000000..c3f39485f --- /dev/null +++ b/retired/CVE-2003-0552 @@ -0,0 +1,28 @@ +Candidate: CVE-2003-0552 +References: + REDHAT:RHSA-2003:198 + URL:http://www.redhat.com/support/errata/RHSA-2003-198.html + REDHAT:RHSA-2003:238 + URL:http://www.redhat.com/support/errata/RHSA-2003-238.html + DEBIAN:DSA-358 + URL:http://www.debian.org/security/2004/dsa-358 + DEBIAN:DSA-423 + URL:http://www.debian.org/security/2004/dsa-423 + OVAL:OVAL385 + URL:http://oval.mitre.org/oval/definitions/data/oval385.html +Description: + Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table + via forged packets whose source addresses are the same as the target. +Notes: +Bugs: +upstream: released (2.4.22-pre3) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-10) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.14.1) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2003-0643 b/retired/CVE-2003-0643 new file mode 100644 index 000000000..64a7d8b11 --- /dev/null +++ b/retired/CVE-2003-0643 @@ -0,0 +1,25 @@ +Candidate: CVE-2003-0643 +References: + http://www.ultramonkey.org/bugs/cve/CAN-2003-0643.shtml + http://www.ultramonkey.org/bugs/cve-patch/CAN-2003-0643.patch + http://gentoo.kems.net/gentoo-x86-portage/sys-kernel/gentoo-sources/ChangeLog + http://mirror.clarkson.edu/pub/distributions/gentoo-portage/sys-kernel/wolk-sources/ChangeLog + http://ftp.belnet.be/linux/gentoo-portage/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2003-0643.patch +Description: + Integer signedness error in the Linux Socket Filter implementation (filter.c) + in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of + service (crash). +Notes: + Fixed before 2.6.0: + http://linux.bkbits.net:8080/linux-2.4/cset@3f216072qjoeL8BVUjH-swPkd1CRgA?nav=index.html|src/|src/net|src/net/core|related/net/core/filter.c +Bugs: +upstream: released (2.4.22-pre10) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: diff --git a/retired/CVE-2003-0699 b/retired/CVE-2003-0699 new file mode 100644 index 000000000..615d05884 --- /dev/null +++ b/retired/CVE-2003-0699 @@ -0,0 +1,24 @@ +Candidate: CVE-2003-0699 +References: + http://www.redhat.com/support/errata/RHSA-2003-198.html + http://www.redhat.com/support/errata/RHSA-2003-238.html + http://oval.mitre.org/oval/definitions/data/oval387.html +Description: + The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user + function to access userspace, which crosses security boundaries and may + facilitate the exploitation of vulnerabilities, a different vulnerability than + CVE-2003-0700. +Notes: + Fixed before 2.6.0. 2.4 patch: + http://linux.bkbits.net:8080/linux-2.4/cset@3eb6f77bdzIdwwIbhYPVK6Cu16OhBQ?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/cmpci.c +Bugs: +upstream: released (2.4.21-rc2) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: diff --git a/retired/CVE-2003-0700 b/retired/CVE-2003-0700 new file mode 100644 index 000000000..9e0299e59 --- /dev/null +++ b/retired/CVE-2003-0700 @@ -0,0 +1,24 @@ +Candidate: CVE-2003-0700 +References: + http://www.redhat.com/support/errata/RHSA-2003-238.html + http://www.redhat.com/support/errata/RHSA-2004-044.html + http://oval.mitre.org/oval/definitions/data/oval401.html +Description: + The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user + function to access userspace in certain conditions, which crosses security + boundaries and may facilitate the exploitation of vulnerabilities, a different + vulnerability than CVE-2003-0699. +Notes: + Fixed before 2.6.0. 2.4 patch: + http://linux.bkbits.net:8080/linux-2.4/cset@3f0350ec7Wnpix3ihDCUMMnS-czskg?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/cmpci.c +Bugs: +upstream: released (2.4.22-pre3) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: diff --git a/retired/CVE-2003-0961 b/retired/CVE-2003-0961 new file mode 100644 index 000000000..6db82f645 --- /dev/null +++ b/retired/CVE-2003-0961 @@ -0,0 +1,67 @@ +Candidate: CVE-2003-0961 +References: + BUGTRAQ:20031204 [iSEC] Linux kernel do_brk() vulnerability details + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107064798706473&w=2 + MISC:http://isec.pl/papers/linux_kernel_do_brk.pdf + REDHAT:RHSA-2003:368 + URL:http://www.redhat.com/support/errata/RHSA-2003-368.html + REDHAT:RHSA-2003:389 + URL:http://www.redhat.com/support/errata/RHSA-2003-389.html + DEBIAN:DSA-403 + URL:http://www.debian.org/security/2003/dsa-403 + DEBIAN:DSA-417 + URL:http://www.debian.org/security/2004/dsa-417 + DEBIAN:DSA-423 + URL:http://www.debian.org/security/2004/dsa-423 + DEBIAN:DSA-433 + URL:http://www.debian.org/security/2004/dsa-433 + DEBIAN:DSA-439 + URL:http://www.debian.org/security/2004/dsa-439 + DEBIAN:DSA-440 + URL:http://www.debian.org/security/2004/dsa-440 + DEBIAN:DSA-442 + URL:http://www.debian.org/security/2004/dsa-442 + DEBIAN:DSA-450 + URL:http://www.debian.org/security/2004/dsa-450 + DEBIAN:DSA-470 + URL:http://www.debian.org/security/2004/dsa-470 + DEBIAN:DSA-475 + URL:http://www.debian.org/security/2004/dsa-475 + MANDRAKE:MDKSA-2003:110 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:110 + CONECTIVA:CLA-2003:796 + URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000796 + SUSE:SuSE-SA:2003:049 + URL:http://www.novell.com/linux/security/advisories/2003_049_kernel.html + BUGTRAQ:20031204 Hot fix for do_brk bug + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107064830206816&w=2 + BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001 + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107394143105081&w=2 + CERT-VN:VU#301156 + URL:http://www.kb.cert.org/vuls/id/301156 + SECUNIA:10328 + URL:http://secunia.com/advisories/10328 + SECUNIA:10329 + URL:http://secunia.com/advisories/10329 + SECUNIA:10330 + URL:http://secunia.com/advisories/10330 + SECUNIA:10333 + URL:http://secunia.com/advisories/10333 + SECUNIA:10338 + URL:http://secunia.com/advisories/10338 +Description: + Integer overflow in the do_brk function for the brk system call in Linux + kernel 2.4.22 and earlier allows local users to gain root privileges. +Notes: +Bugs: +upstream: released (2.4.23-pre7) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody1) +2.4.18-woody-security: released (2.4.18-14) +2.4.17-woody-security: released (2.4.17-1woody2) +2.4.16-woody-security: released (2.4.16-1woody2) +2.4.17-woody-security-hppa: released (32.3) +2.4.17-woody-security-ia64: released (011226.14.1) +2.4.18-woody-security-hppa: released (62.2) diff --git a/retired/CVE-2003-0984 b/retired/CVE-2003-0984 new file mode 100644 index 000000000..73760da7d --- /dev/null +++ b/retired/CVE-2003-0984 @@ -0,0 +1,46 @@ +Candidate: CVE-2003-0984 +References: + SUSE:SuSE-SA:2003:049 + URL:http://www.novell.com/linux/security/advisories/2003_049_kernel.html + CONECTIVA:CLA-2004:799 + URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799 + ENGARDE:ESA-20040105-001 + URL:http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html + REDHAT:RHSA-2003:417 + URL:http://www.redhat.com/support/errata/RHSA-2003-417.html + REDHAT:RHSA-2004:188 + URL:http://www.redhat.com/support/errata/RHSA-2004-188.html + MANDRAKE:MDKSA-2004:001 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:001 + BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001 + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107394143105081&w=2 + XF:linux-rtc-memory-leak(13943) + URL:http://xforce.iss.net/xforce/xfdb/13943 + OVAL:OVAL1013 + URL:http://oval.mitre.org/oval/definitions/data/oval1013.html + OVAL:OVAL859 + URL:http://oval.mitre.org/oval/definitions/data/oval859.html +Description: + Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not + properly initialize their structures, which could leak kernel data to user + space. +Notes: + backport from dilinger; though it isn't quite what appears to have gone + upstream: + http://linux.bkbits.net:8080/linux-2.4/cset@3fd7827aNFUTifwp7_u4babSUA8Bkg?nav=index.html|src/|src/drivers|src/drivers/sbus|src/drivers/sbus/char|related/drivers/sbus/char/rtc.c + http://linux.bkbits.net:8080/linux-2.4/cset@3ff8697bFIYfsvIbsqw27h6C_rbCEA?nav=index.html|src/|src/drivers|src/drivers/sbus|src/drivers/sbus/char|related/drivers/sbus/char/rtc.c + jmm> This was fixed upstream in 2.4.24-rc1: + jmm> | : + jmm> | o /dev/rtc can leak parts of kernel memory to unpriviledged users +Bugs: +upstream: released (2.4.24-rc1, 2.6.2) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2003-0985 b/retired/CVE-2003-0985 new file mode 100644 index 000000000..16f58f01e --- /dev/null +++ b/retired/CVE-2003-0985 @@ -0,0 +1,54 @@ +Candidate: CVE-2003-0985 +References: + BUGTRAQ:20040105 Linux kernel mremap vulnerability + MISC:http://isec.pl/vulnerabilities/isec-0013-mremap.txt + BUGTRAQ:20040105 Linux kernel do_mremap() proof-of-concept exploit code + BUGTRAQ:20040106 Linux mremap bug correction + DEBIAN:DSA-423 + DEBIAN:DSA-450 + SUSE:SuSE-SA:2004:001 + SUSE:SuSE-SA:2004:003 + CONECTIVA:CLA-2004:799 + ENGARDE:ESA-20040105-001 + REDHAT:RHSA-2003:416 + REDHAT:RHSA-2003:417 + REDHAT:RHSA-2003:418 + REDHAT:RHSA-2003:419 + DEBIAN:DSA-413 + DEBIAN:DSA-417 + DEBIAN:DSA-427 + DEBIAN:DSA-439 + DEBIAN:DSA-440 + DEBIAN:DSA-442 + DEBIAN:DSA-470 + DEBIAN:DSA-475 + IMMUNIX:IMNX-2004-73-001-01 + MANDRAKE:MDKSA-2004:001 + SGI:20040102-01-U + TRUSTIX:2004-0001 + BUGTRAQ:20040107 [slackware-security] Kernel security update (SSA:2004-006-01) + BUGTRAQ:20040108 [slackware-security] Slackware 8.1 kernel security update (SSA:2004-008-01) + BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001 + XF:linux-domremap-gain-privileges(14135) + OSVDB:3315 + OVAL:OVAL860 + OVAL:OVAL867 +Description: + The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21 + does not properly perform bounds checks, which allows local users to + cause a denial of service and possibly gain privileges by causing a + remapping of a virtual memory area (VMA) to create a zero length VMA, + a different vulnerability than CAN-2004-0077. +Notes: +Bugs: +upstream: released (2.4.24-rc1), released (2.6.1) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody1) +2.4.18-woody-security: released (2.4.18-14.1) +2.4.17-woody-security: released (2.4.17-1woody2) +2.4.16-woody-security: released (2.4.16-1woody2) +2.4.17-woody-security-hppa: released (32.3, 62.3) +2.4.17-woody-security-ia64: released (011226.15) +2.4.18-woody-security-hppa: released (62.2) diff --git a/retired/CVE-2003-1040 b/retired/CVE-2003-1040 new file mode 100644 index 000000000..b4e7a03e5 --- /dev/null +++ b/retired/CVE-2003-1040 @@ -0,0 +1,28 @@ +Candidate: CVE-2003-1040 +References: + ftp://patches.sgi.com/support/free/security/advisories/20040204-01-U.asc + http://www.novell.com/linux/security/advisories/2003_049_kernel.html + http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820 + http://www.redhat.com/support/errata/RHSA-2004-065.html + http://www.redhat.com/support/errata/RHSA-2004-069.html + http://www.redhat.com/support/errata/RHSA-2004-106.html + http://www.redhat.com/support/errata/RHSA-2004-188.html + http://linux.bkbits.net:8080/linux-2.4/diffs/kernel/kmod.c@1.6?nav=index.html|src/|src/kernel|hist/kernel/kmod.c + http://xforce.iss.net/xforce/xfdb/15577 +Description: + kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which + allows local users to cause a denial of service (crash) by sending certain + signals to kmod. +Notes: + fixed before 2.6 released +Bugs: +upstream: released (2.4.23) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: needed +2.4.18-woody-security: needed +2.4.17-woody-security: needed +2.4.16-woody-security: needed +2.4.17-woody-security-hppa: needed +2.4.17-woody-security-ia64: needed diff --git a/retired/CVE-2004-0003 b/retired/CVE-2004-0003 new file mode 100644 index 000000000..730024725 --- /dev/null +++ b/retired/CVE-2004-0003 @@ -0,0 +1,89 @@ +Candidate: CVE-2004-0003 +References: + CONFIRM:http://www.linuxcompatible.org/print25630.html + DEBIAN:DSA-479 + URL:http://www.debian.org/security/2004/dsa-479 + DEBIAN:DSA-480 + URL:http://www.debian.org/security/2004/dsa-480 + DEBIAN:DSA-481 + URL:http://www.debian.org/security/2004/dsa-481 + DEBIAN:DSA-482 + URL:http://www.debian.org/security/2004/dsa-482 + DEBIAN:DSA-489 + URL:http://www.debian.org/security/2004/dsa-489 + DEBIAN:DSA-491 + URL:http://www.debian.org/security/2004/dsa-491 + DEBIAN:DSA-495 + URL:http://www.debian.org/security/2004/dsa-495 + MANDRAKE:MDKSA-2004:029 + URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:029 + REDHAT:RHSA-2004:044 + URL:http://www.redhat.com/support/errata/RHSA-2004-044.html + REDHAT:RHSA-2004:065 + URL:http://www.redhat.com/support/errata/RHSA-2004-065.html + REDHAT:RHSA-2004:106 + URL:http://www.redhat.com/support/errata/RHSA-2004-106.html + REDHAT:RHSA-2004:166 + URL:http://www.redhat.com/support/errata/RHSA-2004-166.html + SUSE:SuSE-SA:2004:005 + URL:http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html + TURBO:TLSA-2004-14 + URL:http://www.turbolinux.com/security/2004/TLSA-2004-14.txt + CIAC:O-082 + URL:http://www.ciac.org/ciac/bulletins/o-082.shtml + CIAC:O-121 + URL:http://www.ciac.org/ciac/bulletins/o-121.shtml + CIAC:O-126 + URL:http://www.ciac.org/ciac/bulletins/o-126.shtml + CIAC:O-127 + URL:http://www.ciac.org/ciac/bulletins/o-127.shtml + CIAC:O-145 + URL:http://www.ciac.org/ciac/bulletins/o-145.shtml + BID:9570 + URL:http://www.securityfocus.com/bid/9570 + SECUNIA:10782 + URL:http://secunia.com/advisories/10782 + SECUNIA:10911 + URL:http://secunia.com/advisories/10911 + SECUNIA:10912 + URL:http://secunia.com/advisories/10912 + SECUNIA:11202 + URL:http://secunia.com/advisories/11202 + SECUNIA:11361 + URL:http://secunia.com/advisories/11361 + SECUNIA:11362 + URL:http://secunia.com/advisories/11362 + SECUNIA:11369 + URL:http://secunia.com/advisories/11369 + SECUNIA:11370 + URL:http://secunia.com/advisories/11370 + SECUNIA:11376 + URL:http://secunia.com/advisories/11376 + SECUNIA:11464 + URL:http://secunia.com/advisories/11464 + SECUNIA:11891 + URL:http://secunia.com/advisories/11891 + SECUNIA:12075 + URL:http://secunia.com/advisories/12075 + OVAL:OVAL1017 + URL:http://oval.mitre.org/oval/definitions/data/oval1017.html + OVAL:OVAL834 + URL:http://oval.mitre.org/oval/definitions/data/oval834.html + XF:linux-r128-gain-priviliges(15029) + URL:http://xforce.iss.net/xforce/xfdb/15029 +Description: + Unknown vulnerability in Linux kernel before 2.4.22 allows local users to + gain privileges, related to "R128 DRI limits checking." +Notes: +Bugs: +upstream: released (2.4.26-rc4, 2.6.4) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody2) +2.4.18-woody-security: released (2.4.18-14.3) +2.4.17-woody-security: released (2.4.17-1woody3) +2.4.16-woody-security: released (2.4.16-1woody2) +2.4.17-woody-security-hppa: released (32.4, 62.3) +2.4.17-woody-security-ia64: released (011226.17) +2.4.18-woody-security-hppa: released (62.3) diff --git a/retired/CVE-2004-0010 b/retired/CVE-2004-0010 new file mode 100644 index 000000000..5420ca926 --- /dev/null +++ b/retired/CVE-2004-0010 @@ -0,0 +1,16 @@ +Candidate: CVE-2004-0010 +References: +Description: +Notes: +Bugs: +upstream: released (2.4.25-pre7), released (2.6.3) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody2) +2.4.18-woody-security: released (2.4.18-14.3) +2.4.17-woody-security: released (2.4.17-1woody3) +2.4.16-woody-security: released (2.4.16-1woody2) +2.4.17-woody-security-hppa: released (32.4, 62.3) +2.4.17-woody-security-ia64: released (011226.17) +2.4.18-woody-security-hppa: released (62.3) diff --git a/retired/CVE-2004-0077 b/retired/CVE-2004-0077 new file mode 100644 index 000000000..02f16cd4c --- /dev/null +++ b/retired/CVE-2004-0077 @@ -0,0 +1,57 @@ +Candidate: CVE-2004-0077 +References: + BUGTRAQ:20040218 Second critical mremap() bug found in all Linux kernels + VULNWATCH:20040218 Second critical mremap() bug found in all Linux kernels + MISC:http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt + CONECTIVA:CLA-2004:820 + DEBIAN:DSA-438 + DEBIAN:DSA-439 + DEBIAN:DSA-440 + DEBIAN:DSA-441 + DEBIAN:DSA-442 + DEBIAN:DSA-444 + DEBIAN:DSA-450 + DEBIAN:DSA-453 + DEBIAN:DSA-454 + DEBIAN:DSA-456 + DEBIAN:DSA-466 + DEBIAN:DSA-470 + DEBIAN:DSA-514 + DEBIAN:DSA-475 + REDHAT:RHSA-2004:065 + REDHAT:RHSA-2004:066 + REDHAT:RHSA-2004:069 + REDHAT:RHSA-2004:106 + SLACKWARE:SSA:2004-049 + SUSE:SuSE-SA:2004:005 + TRUSTIX:2004-0007 + TRUSTIX:2004-0008 + GENTOO:GLSA-200403-02 + CERT-VN:VU#981222 + XF:linux-mremap-gain-privileges(15244) + BID:9686 + OSVDB:3986 + OVAL:OVAL825 + OVAL:OVAL837 +Description: + The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 + to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the + do_munmap function when the maximum number of VMA descriptors is exceeded, + which allows local users to gain root privileges, a different vulnerability + than CAN-2003-0985. +Notes: + dannf> we think these are the patches: + 2.6: http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=59287e5eef8d33dcd842852a898b43a81fe0b2c2 + 2.4: http://linux.bkbits.net:8080/linux-2.4/cset@40327d9fxQLz7BU9yAATPsFlWiSG0A?nav=index.html|src/|src/mm|related/mm/mremap.c +Bugs: +upstream: released (2.4.25-rc4, 2.6.3) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody1) +2.4.18-woody-security: released (2.4.18-14.2) +2.4.17-woody-security: released (2.4.17-1woody2) +2.4.16-woody-security: released (2.4.16-1woody2) +2.4.17-woody-security-hppa: released (32.3, 62.3) +2.4.17-woody-security-ia64: released (011226.16) +2.4.18-woody-security-hppa: released (62.2) diff --git a/retired/CVE-2004-0109 b/retired/CVE-2004-0109 new file mode 100644 index 000000000..fc67f7535 --- /dev/null +++ b/retired/CVE-2004-0109 @@ -0,0 +1,16 @@ +Candidate: +References: +Description: +Notes: +Bugs: +upstream: released (2.4.26-rc4), released (2.6.6) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody2) +2.4.18-woody-security: released (2.4.18-14.3) +2.4.17-woody-security: released (2.4.17-1woody3) +2.4.16-woody-security: released (2.4.16-1woody2) +2.4.17-woody-security-hppa: released (32.4, 62.3) +2.4.17-woody-security-ia64: released (011226.17) +2.4.18-woody-security-hppa: released (62.3) diff --git a/retired/CVE-2004-0133 b/retired/CVE-2004-0133 new file mode 100644 index 000000000..dd6420aad --- /dev/null +++ b/retired/CVE-2004-0133 @@ -0,0 +1,29 @@ +Candidate: CVE-2004-0133 +References: + http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html + http://security.gentoo.org/glsa/glsa-200407-02.xml + http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:029 + ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc + http://marc.theaimsgroup.com/?l=bugtraq&m=108213675028441&w=2 + http://www.securityfocus.com/bid/10151 + http://secunia.com/advisories/11362 + http://xforce.iss.net/xforce/xfdb/15901 +Description: + The XFS file system code in Linux 2.4.x has an information leak in which + in-memory data is written to the device for the XFS file system, which + allows local users to obtain sensitive information by reading the raw device. +Notes: + jmm> Woody is not affected, as XFS was only added to the kernel in 2.4.25 + dannf> I never did find the actual patch - upstream fixed versions are + dannf> based on the securityfocus page above. +Bugs: +upstream: released (2.4.26-rc2, 2.6.5) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2004-0136 b/retired/CVE-2004-0136 new file mode 100644 index 000000000..77047ee20 --- /dev/null +++ b/retired/CVE-2004-0136 @@ -0,0 +1,46 @@ +Candidate: CVE-2004-0136 +References: + REDHAT:RHSA-2004:549 + URL:http://www.redhat.com/support/errata/RHSA-2004-549.html + SGI:20040601-01-P + URL:ftp://patches.sgi.com/support/free/security/advisories/20040601-01-P.asc + XF:irix-mapelf32exec-dos(16416) + URL:http://xforce.iss.net/xforce/xfdb/16416 + BID:10547 + URL:http://www.securityfocus.com/bid/10547 +Description: + The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local + users to cause a denial of service (system crash) via a "corrupted binary." +Notes: + Strange description, but I think this is actually a Linux issue; note the + RedHat URLs above. + dannf> I think I've traced this issue back to a flawed bug report, and that + dannf> this is really CAN-2004-0138. + + mitre references a RedHat advisory for this, RHSA-2004:504-13 + + RHSA-2004:504-13 does in fact reference CVE-2004-0136 + + RedHat notes that their fixed src.rpm is kernel-2.4.18-e.52.src.rpm + + The changelog in the spec file in the above .src.rpm contains the following + entry: + * Tue Nov 16 2004 Jim Paradis + - Fixes for security holes in binfmt_elf loader (Dave Anderson, + Jim Paradis), bugs 127916, 134876 + + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127916 references + CVE-2004-0136, but the patches it links to are the fixes for + CVE-2004-0138 + jmm> Red Hat accidentally used CVE-2004-0138 for this in an advisory, pulling + jmm> over the entries from it + jmm> I've verified that the fix from + jmm> http://linux.bkbits.net:8080/linux-2.4/gnupatch@4021346f79nBb-4X_usRikR3Iyb4Vg + jmm> is included in 2.6.8, thus marking 2.6.8 and linux-2.6 N/A +Bugs: +upstream: released (2.4.25-rc1) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2004-0138 b/retired/CVE-2004-0138 new file mode 100644 index 000000000..e2f1e3b58 --- /dev/null +++ b/retired/CVE-2004-0138 @@ -0,0 +1,23 @@ +Candidate: CVE-2004-0138 +References: +Description: +Notes: + Still marked **RESERVED** + dannf> However, it was already fixed in woody, whose changelog says: + * Applied patch by Chris Wright to denial of service in the ELF loader + when the interpreter architecture doesn't match the current one + + [fs/binfmt_elf.c, CAN-2004-0138] + jmm> This was a previous Red Hat internal name for CVE-2004-0136, so + jmm> Red hat advisories, which fix this are in fact for CVE-2004-0136 +Bugs: +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2004-0177 b/retired/CVE-2004-0177 new file mode 100644 index 000000000..f42298e4e --- /dev/null +++ b/retired/CVE-2004-0177 @@ -0,0 +1,28 @@ +Candidate: CVE-2004-0177 +References: +Description: +Notes: + jmm> This is resolved by the following patch by tytso: + jmm>--- kernel-source-2.4.18-2.4.18.orig/fs/jbd/journal.c + jmm>+++ kernel-source-2.4.18-2.4.18/fs/jbd/journal.c + jmm>@@ -671,6 +671,7 @@ + jmm> + jmm> bh = getblk(journal->j_dev, blocknr, journal->j_blocksize); + jmm> lock_buffer(bh); + jmm>+ memset(bh->b_data, 0, journal->j_blocksize); + jmm> BUFFER_TRACE(bh, "return this buffer"); + jmm> return journal_add_journal_head(bh); + jmm> } + jmm> This fix is present in 2.4.27 and 2.6.8, so marking them and l-2.6 N/A +Bugs: +upstream: released (2.4.26-pre4) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody2) +2.4.18-woody-security: released (2.4.18-14.3) +2.4.17-woody-security: released (2.4.17-1woody3) +2.4.16-woody-security: released (2.4.16-1woody2) +2.4.17-woody-security-hppa: released (32.4, 62.3) +2.4.17-woody-security-ia64: released (011226.17) +2.4.18-woody-security-hppa: released (62.3) diff --git a/retired/CVE-2004-0178 b/retired/CVE-2004-0178 new file mode 100644 index 000000000..3594c976e --- /dev/null +++ b/retired/CVE-2004-0178 @@ -0,0 +1,40 @@ +Candidate: CVE-2004-0178 +References: + http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846 + http://www.debian.org/security/2004/dsa-479 + http://www.debian.org/security/2004/dsa-480 + http://www.debian.org/security/2004/dsa-481 + http://www.debian.org/security/2004/dsa-482 + http://www.debian.org/security/2004/dsa-489 + http://www.debian.org/security/2004/dsa-491 + http://www.debian.org/security/2004/dsa-495 + http://security.gentoo.org/glsa/glsa-200407-02.xml + http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:029 + http://www.redhat.com/support/errata/RHSA-2004-413.html + http://www.redhat.com/support/errata/RHSA-2004-437.html + ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc + http://linux.bkbits.net:8080/linux-2.4/cset@404ce5967rY2Ryu6Z_uNbYh643wuFA + http://www.ciac.org/ciac/bulletins/o-121.shtml + http://www.ciac.org/ciac/bulletins/o-127.shtml + http://www.ciac.org/ciac/bulletins/o-193.shtml + http://www.securityfocus.com/bid/9985 + http://xforce.iss.net/xforce/xfdb/15868 +Description: + The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x + before 2.4.26, when operating in 16 bit mode, does not properly + handle certain sample sizes, which allows local users to cause a + denial of service (crash) via a sample with an odd number of bytes. +Notes: + jmm> I've verified that above patch is included in 2.6.8 +Bugs: +upstream: released (2.4.26-pre3) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody2) +2.4.18-woody-security: released (2.4.18-14.3) +2.4.17-woody-security: released (2.4.17-1woody3) +2.4.16-woody-security: released (2.4.16-1woody2) +2.4.17-woody-security-hppa: released (32.4, 62.3) +2.4.17-woody-security-ia64: released (011226.17) +2.4.18-woody-security-hppa: released (62.3) diff --git a/retired/CVE-2004-0181 b/retired/CVE-2004-0181 new file mode 100644 index 000000000..0d56ff397 --- /dev/null +++ b/retired/CVE-2004-0181 @@ -0,0 +1,27 @@ +Candidate: CVE-2004-0181 +References: + http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html + http://security.gentoo.org/glsa/glsa-200407-02.xml + http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:029 + http://marc.theaimsgroup.com/?l=bugtraq&m=108213675028441&w=2 + http://www.turbolinux.com/security/2004/TLSA-2004-14.txt + http://www.securityfocus.com/bid/10143 + http://xforce.iss.net/xforce/xfdb/15902 +Description: + The JFS file system code in Linux 2.4.x has an information leak in which + in-memory data is written to the device for the JFS file system, which allows + local users to obtain sensitive information by reading the raw device. +Notes: + jmm> JFS was merged into the 2.4 kernel in 2.4.20-pre4 and into 2.6 at 2.6.5-rc2, + jmm> so I'm marking all versions N/A +Bugs: +upstream: released (2.4.26-pre5), released (2.6.5-rc2) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2004-0228 b/retired/CVE-2004-0228 new file mode 100644 index 000000000..4b6758bb7 --- /dev/null +++ b/retired/CVE-2004-0228 @@ -0,0 +1,33 @@ +Candidate: CVE-2004-0228 +References: + http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852 + http://www.redhat.com/archives/fedora-announce-list/2004-April/msg00010.html + http://security.gentoo.org/glsa/glsa-200407-02.xml + http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:050 + http://www.novell.com/linux/security/advisories/2004_10_kernel.html + http://secunia.com/advisories/11429 + http://secunia.com/advisories/11464 + http://secunia.com/advisories/11486 + http://secunia.com/advisories/11491 + http://secunia.com/advisories/11683 + http://xforce.iss.net/xforce/xfdb/15951 +Description: + Integer signedness error in the cpufreq proc handler (cpufreq_procctl) in + Linux kernel 2.6 allows local users to gain privileges. +Notes: + jmm> 2.4 does not have cpufreq + jmm> In 2.6 the affected code has changed to drivers/cpufreq/cpufreq_userspace.c + jmm> I've verified that the isolated patch from + jmm> http://www.ultramonkey.org/bugs/cve-patch/CAN-2004-0228.patch + jmm> is included in 2.6.8 +Bugs: +upstream: +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2004-0229 b/retired/CVE-2004-0229 new file mode 100644 index 000000000..08ee50796 --- /dev/null +++ b/retired/CVE-2004-0229 @@ -0,0 +1,16 @@ +Candidate: CVE-2004-0229 +References: +Description: +Notes: + jmm> 2.4 is not affected by this problem. +Bugs: +upstream: released (2.6.6) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2004-0394 b/retired/CVE-2004-0394 new file mode 100644 index 000000000..438a46004 --- /dev/null +++ b/retired/CVE-2004-0394 @@ -0,0 +1,39 @@ +Candidate: CVE-2004-0394 +References: + CONECTIVA:CLA-2004:846 + URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846 + GENTOO:GLSA-200407-02 + URL:http://security.gentoo.org/glsa/glsa-200407-02.xml + MANDRAKE:MDKSA-2004:037 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:037 + MLIST:[fedora-announce] 20040422 Fedora alert FEDORA-2004-111 (kernel) + URL:http://lwn.net/Articles/81773/ + ENGARDE:ESA-20040428-004 + URL:http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html + SGI:20040504-01-U + URL:ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc + SGI:20040505-01-U + URL:ftp://patches.sgi.com/support/free/security/advisories/20040505-01-U.asc + SUSE:SuSE-SA:2004:010 + URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html + XF:linux-panic-bo(15953) + URL:http://xforce.iss.net/xforce/xfdb/15953 +Description: + A "potential" buffer overflow exists in the panic() function in Linux 2.4.x, + although it may not be exploitable due to the functionality of panic. +Notes: + jmm> I've verified 2.6.8 to contain the correct vsnprintf() call + jmm> For 2.4 it's fixed in 2.4.32, but unfixed in 2.4.27. I'm marking it + jmm> needed, although I guess it's not exploitable +Bugs: +upstream: released (2.4.28-pre1) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: released (2.4.27-1) +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2004-0415 b/retired/CVE-2004-0415 new file mode 100644 index 000000000..89c5fdc05 --- /dev/null +++ b/retired/CVE-2004-0415 @@ -0,0 +1,42 @@ +Candidate: CVE-2004-0415 +References: + CONECTIVA:CLA-2004:879 + URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000879 + GENTOO:GLSA-200408-24 + URL:http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml + MANDRAKE:MDKSA-2004:087 + URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:087 + REDHAT:RHSA-2004:413 + URL:http://www.redhat.com/support/errata/RHSA-2004-413.html + REDHAT:RHSA-2004:418 + URL:http://www.redhat.com/support/errata/RHSA-2004-418.html + SGI:20040804-01-U + URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc + XF:linux-pointer-info-disclosure(16877) + URL:http://xforce.iss.net/xforce/xfdb/16877 +Description: + Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, + which allows local users to access portions of kernel memory. +Notes: + dannf> Based on the 2.4.27 changelog, I think this is the 2.4 fix: + http://linux.bkbits.net:8080/linux-2.4/cset@411064f7uz3rKDb73dEb4vCqbjEIdw?nav=index.html|src/|src/drivers|src/drivers/char|related/drivers/char/i8k.c + and + http://linux.bkbits.net:8080/linux-2.4/cset@41113629fBqsXgKVAey-EzhZOkS2Lw?nav=index.html|src/|src/net|src/net/atm|related/net/atm/br2684.c + Which doesn't look like it ever made 2.6. + . + dannf> I've asked Al Viro & Marcelo for more info + dannf> Marcelo says: + 2.6 avoids the file offset race by having a copy of it at the high + level VFS functions, its safe. +Bugs: +upstream: released (2.4.27-rc5) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2004-0427 b/retired/CVE-2004-0427 new file mode 100644 index 000000000..048cc7e6f --- /dev/null +++ b/retired/CVE-2004-0427 @@ -0,0 +1,70 @@ +Candidate: CVE-2004-0427 +References: + MLIST:[linux-kernel] 20040408 [PATCH]: 2.4/2.6 do_fork() error path memory leak + URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=108139073506983&w=2 + CONECTIVA:CLA-2004:846 + URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846 + ENGARDE:ESA-20040428-004 + FEDORA:FEDORA-2004-111 + URL:http://fedoranews.org/updates/FEDORA-2004-111.shtml + GENTOO:GLSA-200407-02 + URL:http://security.gentoo.org/glsa/glsa-200407-02.xml + MANDRAKE:MDKSA-2004:037 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:037 + REDHAT:RHSA-2004:255 + URL:http://www.redhat.com/support/errata/RHSA-2004-255.html + REDHAT:RHSA-2004:260 + URL:http://www.redhat.com/support/errata/RHSA-2004-260.html + REDHAT:RHSA-2004:327 + URL:http://www.redhat.com/support/errata/RHSA-2004-327.html + SGI:20040504-01-U + URL:ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc + SGI:20040505-01-U + URL:ftp://patches.sgi.com/support/free/security/advisories/20040505-01-U.asc + SUSE:SuSE-SA:2004:010 + URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html + TURBO:TLSA-2004-14 + URL:http://www.turbolinux.com/security/2004/TLSA-2004-14.txt + MISC:http://linux.bkbits.net:8080/linux-2.4/cset@407bf20eDeeejm8t36_tpvSE-8EFHA + MISC:http://linux.bkbits.net:8080/linux-2.6/cset@407b1217x4jtqEkpFW2g_-RcF0726A + CIAC:O-164 + URL:http://www.ciac.org/ciac/bulletins/o-164.shtml + BID:10221 + URL:http://www.securityfocus.com/bid/10221 + SECUNIA:11429 + URL:http://secunia.com/advisories/11429 + SECUNIA:11464 + URL:http://secunia.com/advisories/11464 + SECUNIA:11486 + URL:http://secunia.com/advisories/11486 + SECUNIA:11541 + URL:http://secunia.com/advisories/11541 + SECUNIA:11861 + URL:http://secunia.com/advisories/11861 + SECUNIA:11891 + URL:http://secunia.com/advisories/11891 + SECUNIA:11892 + URL:http://secunia.com/advisories/11892 + OVAL:OVAL2819 + URL:http://oval.mitre.org/oval/definitions/data/oval2819.html + XF:linux-dofork-memory-leak(16002) + URL:http://xforce.iss.net/xforce/xfdb/16002 +Description: + The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, + does not properly decrement the mm_count counter when an error occurs after + the mm_struct for a child process has been activated, which triggers a memory + leak that allows local users to cause a denial of service (memory exhaustion) + via the clone (CLONE_VM) system call. +Notes: +Bugs: +upstream: released (2.4.26, 2.6.6) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2004-0447 b/retired/CVE-2004-0447 new file mode 100644 index 000000000..b3c51eef0 --- /dev/null +++ b/retired/CVE-2004-0447 @@ -0,0 +1,37 @@ +Candidate: CVE-2004-0447 +References: + MLIST:[owl-users] 20040619 Linux 2.4.26-ow2 + URL:http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html + GENTOO:GLSA-200407-16 + URL:http://security.gentoo.org/glsa/glsa-200407-16.xml + REDHAT:RHSA-2004:413 + URL:http://www.redhat.com/support/errata/RHSA-2004-413.html + SGI:20040804-01-U + URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc + CIAC:O-193 + URL:http://www.ciac.org/ciac/bulletins/o-193.shtml + BID:10783 + URL:http://www.securityfocus.com/bid/10783 + XF:linux-ia64-dos(16661) + URL:http://xforce.iss.net/xforce/xfdb/16661 +Description: + Unknown vulnerability in Linux before 2.4.26 for IA64 allows local users to + cause a denial of service, with unknown impact. NOTE: due to a typo, this + issue was accidentally assigned CVE-2004-0477. This is the proper candidate to + use for the Linux local DoS. +Notes: + jmm> I've verified that the patch from David Mosberger available at + jmm> http://marc.theaimsgroup.com/?l=linux-ia64&m=108026377907667&w=2 + jmm> is included in stock 2.4.27 and 2.6.8, so it's N/A. +Bugs: +upstream: +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2004-0491 b/retired/CVE-2004-0491 new file mode 100644 index 000000000..245dac3b2 --- /dev/null +++ b/retired/CVE-2004-0491 @@ -0,0 +1,27 @@ +Candidate: CVE-2004-0491 +References: + CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126411 + MLIST:[linux-kernel] 20040402 Re: disable-cap-mlock + URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=108087017610947&w=2 + OVAL:OVAL1117 + URL:http://oval.mitre.org/oval/definitions/data/oval1117.html +Description: + The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly + maintain the mlock page count when one process unlocks pages that belong to + another process, which allows local users to mlock more memory than specified + by the rlimit. +Notes: + dannf> It doesn't look like the code in linux-2.4.21-mlock.patch was ever + dannf> accepted upstream in 2.4 or 2.6, so it doesn't apply to us. +Bugs: +upstream: N/A +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2004-0495 b/retired/CVE-2004-0495 new file mode 100644 index 000000000..d0aed8aaf --- /dev/null +++ b/retired/CVE-2004-0495 @@ -0,0 +1,48 @@ +Candidate: CVE-2004-0495 +References: + CONECTIVA:CLA-2004:845 + URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845 + CONECTIVA:CLA-2004:846 + URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846 + FEDORA:FEDORA-2004-186 + URL:http://lwn.net/Articles/91155/ + GENTOO:GLSA-200407-02 + URL:http://security.gentoo.org/glsa/glsa-200407-02.xml + MANDRAKE:MDKSA-2004:066 + URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066 + REDHAT:RHSA-2004:255 + URL:http://www.redhat.com/support/errata/RHSA-2004-255.html + REDHAT:RHSA-2004:260 + URL:http://www.redhat.com/support/errata/RHSA-2004-260.html + SUSE:SUSE-SA:2004:020 + URL:http://www.novell.com/linux/security/advisories/2004_20_kernel.html + OVAL:OVAL2961 + URL:http://oval.mitre.org/oval/definitions/data/oval2961.html + XF:linux-drivers-gain-privileges(16449) + URL:http://xforce.iss.net/xforce/xfdb/16449 + BID:10566 + URL:http://www.securityfocus.com/bid/10566 +Description: + Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users + to gain privileges or access kernel memory, as found by the Sparse source code + checking tool. +Notes: + dannf> 2.4 patches: + http://linux.bkbits.net:8080/linux-2.4/cset@40d972a19cY-Al1qQickpmg8z_gxmg?nav=index.html|src/|src/net|src/net/decnet|related/net/decnet/dn_dev.c + http://linux.bkbits.net:8080/linux-2.4/cset@40d97303iUWCFF5wizAKNT5CC5ctJg?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/mpu401.c + http://linux.bkbits.net:8080/linux-2.4/cset@40d973835aLERLaEv4dP6Hjw31Nn5A?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/msnd.h + http://linux.bkbits.net:8080/linux-2.4/cset@40d973d9FCCgP1ZDVGknBTDKgDXw6w?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/pss.c + http://linux.bkbits.net:8080/linux-2.4/cset@40d9743al24lCKKm8wbRs-S_2CgWTA?nav=index.html|src/|src/drivers|src/drivers/net|src/drivers/net/wireless|related/drivers/net/wireless/airo.c + http://linux.bkbits.net:8080/linux-2.4/cset@40d975a2Ttlhd2amhkcgbfzndDMUZA?nav=index.html|src/|src/drivers|src/drivers/acpi|related/drivers/acpi/asus_acpi.c +Bugs: +upstream: released (2.4.27-rc2, 2.6.7) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2004-0496 b/retired/CVE-2004-0496 new file mode 100644 index 000000000..762a0bb02 --- /dev/null +++ b/retired/CVE-2004-0496 @@ -0,0 +1,26 @@ +Candidate: CVE-2004-0496 +References: + http://www.novell.com/linux/security/advisories/2004_20_kernel.html + http://xforce.iss.net/xforce/xfdb/16625 +Description: + Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain + privileges or access kernel memory, a different set of vulnerabilities than + those identified in CVE-2004-0495, as found by the Sparse source code checking + tool. +Notes: + dannf> I wasn't able to find the patches for this, but the description and + dannf> vendor advisories only note 2.6, so I'm assuming these are 2.6-only. + dannf> The description says this affects < 2.6.7. 2.6.7 contains a bunch + dannf> of sparse fixes in the changelog, so I'll label upstream + dannf> as fixed in 2.6.7. +Bugs: +upstream: released (2.6.7) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2004-0497 b/retired/CVE-2004-0497 new file mode 100644 index 000000000..2addb7105 --- /dev/null +++ b/retired/CVE-2004-0497 @@ -0,0 +1,33 @@ +Candidate: CVE-2004-0497 +References: + CONECTIVA:CLA-2004:852 + URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852 + MANDRAKE:MDKSA-2004:066 + URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066 + REDHAT:RHSA-2004:354 + URL:http://www.redhat.com/support/errata/RHSA-2004-354.html + REDHAT:RHSA-2004:360 + URL:http://www.redhat.com/support/errata/RHSA-2004-360.html + SUSE:SUSE-SA:2004:020 + URL:http://www.novell.com/linux/security/advisories/2004_20_kernel.html + XF:linux-fchown-groupid-modify(16599) + URL:http://xforce.iss.net/xforce/xfdb/16599 +Description: + Unknown vulnerability in Linux kernel 2.x may allow local users to modify the + group ID of files, such as NFS exported files in kernel 2.4. +Notes: + Changelog shows fixed in 2.4.26-3 + 2.6 patch: + http://linux.bkbits.net:8080/linux-2.6/cset@40e62e18vom8K1fHgbJfe1oQ6mdkkQ?nav=index.html|src/|src/fs|related/fs/attr.c +Bugs: +upstream: released (2.4.27, 2.6.8) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: released (2.4.27-1) +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2004-0535 b/retired/CVE-2004-0535 new file mode 100644 index 000000000..63948c790 --- /dev/null +++ b/retired/CVE-2004-0535 @@ -0,0 +1,44 @@ +Candidate: CVE-2004-0535 +References: + CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.27.log + CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125168 + CONECTIVA:CLA-2004:845 + URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845 + FEDORA:FEDORA-2004-186 + URL:http://lwn.net/Articles/91155/ + GENTOO:GLSA-200407-02 + URL:http://security.gentoo.org/glsa/glsa-200407-02.xml + MANDRAKE:MDKSA-2004:062 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:062 + REDHAT:RHSA-2004:413 + URL:http://www.redhat.com/support/errata/RHSA-2004-413.html + REDHAT:RHSA-2004:418 + URL:http://www.redhat.com/support/errata/RHSA-2004-418.html + SGI:20040804-01-U + URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc + SUSE:SUSE-SA:2004:020 + URL:http://www.novell.com/linux/security/advisories/2004_20_kernel.html + XF:linux-e1000-bo(16159) + URL:http://xforce.iss.net/xforce/xfdb/16159 + BID:10352 + URL:http://www.securityfocus.com/bid/10352 +Description: + The e1000 driver for Linux kernel 2.4.26 and earlier does not properly + initialize memory before using it, which allows local users to read portions + of kernel memory. NOTE: this issue was originally incorrectly reported as a + "buffer overflow" by some sources. +Notes: + Patch: + http://linux.bkbits.net:8080/linux-2.6/cset@4084025a6AP3ORKQ7iaTFCmOGvTJXw?nav=index.html|src/|src/drivers|src/drivers/net|src/drivers/net/e1000|related/drivers/net/e1000/e1000_ethtool.c +Bugs: +upstream: released (2.4.27, 2.6.6) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: needed +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2004-0554 b/retired/CVE-2004-0554 new file mode 100644 index 000000000..6e11727f3 --- /dev/null +++ b/retired/CVE-2004-0554 @@ -0,0 +1,54 @@ +Candidate: CVE-2004-0554 +References: + MISC:http://gcc.gnu.org/bugzilla/show_bug.cgi?id=15905 + MISC:http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html + MLIST:[linux-kernel] 20040609 timer + fpu stuff locks my console race + URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=108681568931323&w=2 + CONECTIVA:CLA-2004:845 + URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845 + ENGARDE:ESA-20040621-005 + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108793699910896&w=2 + FEDORA:FEDORA-2004-186 + URL:http://lwn.net/Articles/91155/ + GENTOO:GLSA-200407-02 + URL:http://security.gentoo.org/glsa/glsa-200407-02.xml + MANDRAKE:MDKSA-2004:062 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:062 + REDHAT:RHSA-2004:255 + URL:http://www.redhat.com/support/errata/RHSA-2004-255.html + REDHAT:RHSA-2004:260 + URL:http://www.redhat.com/support/errata/RHSA-2004-260.html + SUSE:SuSE-SA:2004:017 + URL:http://www.novell.com/linux/security/advisories/2004_17_kernel.html + TRUSTIX:2004-0034 + URL:http://www.trustix.net/errata/2004/0034/ + BUGTRAQ:20040620 TSSA-2004-011 - kernel + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108786114032681&w=2 + CERT-VN:VU#973654 + URL:http://www.kb.cert.org/vuls/id/973654 + OVAL:OVAL2915 + URL:http://oval.mitre.org/oval/definitions/data/oval2915.html + XF:linux-dos(16412) + URL:http://xforce.iss.net/xforce/xfdb/16412 + BID:10566 + URL:http://www.securityfocus.com/bid/10566 +Description: + Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of + service (system crash), possibly via an infinite loop that triggers a signal + handler with a certain sequence of fsave and frstor instructions, as + originally demonstrated using a "crash.c" program. +Notes: + jmm> I don't know at which version this was merged, but I've verified that + jmm> the stock 2.4.27 and 2.6.8 contain the fix +Bugs: 261521 +upstream: +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2004-0565 b/retired/CVE-2004-0565 new file mode 100644 index 000000000..a49abb1f1 --- /dev/null +++ b/retired/CVE-2004-0565 @@ -0,0 +1,30 @@ +Candidate: CVE-2004-0565 +References: + MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734 + MLIST:[owl-users] 20040619 Linux 2.4.26-ow2 + URL:http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html + MANDRAKE:MDKSA-2004:066 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:066 + XF:linux-ia64-info-disclosure(16644) + URL:http://xforce.iss.net/xforce/xfdb/16644 +Description: + Floating point information leak in the context switch code for Linux 2.4.x + only checks the MFH bit but does not verify the FPH owner, which allows local + users to read register values of other processes by setting the MFH bit. +Notes: + jmm> I've verified that the check for FPH ownership is included in stock 2.6.8: + jmm> # define switch_to(prev,next,last) do { \ + jmm> if (ia64_psr(ia64_task_regs(prev))->mfh && ia64_is_local_fpu_owner(prev)) { + jmm> So it's N/A, but I don't know at which time it was fixed upstream +Bugs: +upstream: released (2.4.27) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2004-0587 b/retired/CVE-2004-0587 new file mode 100644 index 000000000..72028b0d7 --- /dev/null +++ b/retired/CVE-2004-0587 @@ -0,0 +1,41 @@ +Candidate: CVE-2004-0587 +References: + FEDORA:FEDORA-2004-186 + URL:http://lwn.net/Articles/91155/ + MANDRAKE:MDKSA-2004:066 + URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066 + REDHAT:RHSA-2004:413 + URL:http://www.redhat.com/support/errata/RHSA-2004-413.html + REDHAT:RHSA-2004:418 + URL:http://www.redhat.com/support/errata/RHSA-2004-418.html + SGI:20040804-01-U + URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc + SUSE:SuSE-SA:2004:010 + URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html + BID:10279 + URL:http://www.securityfocus.com/bid/10279 + SECTRACK:1010057 + URL:http://securitytracker.com/id?1010057 + XF:suse-hbaapinode-dos(16062) + URL:http://xforce.iss.net/xforce/xfdb/16062 +Description: + Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux + allows local users to cause a denial of service. +Notes: + 2.4.26-3 has the note: + CVE-2004-0587 code is not present, not vulnerable + So the question is, did the code get added when we moved to 2.4.27, and + was it still vulnerable? + dannf> Nope; qla2xxx isn't in 2.4.27 +Bugs: +upstream: +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: needed +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2004-0596 b/retired/CVE-2004-0596 new file mode 100644 index 000000000..1ab8f8351 --- /dev/null +++ b/retired/CVE-2004-0596 @@ -0,0 +1,24 @@ +Candidate: CVE-2004-0596 +References: + CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@40d4aa72hPLWy-jMLr0eJAXMxHcNZg + XF:linux-eql-dos(16694) + URL:http://xforce.iss.net/xforce/xfdb/16694 + BID:10730 + URL:http://www.securityfocus.com/bid/10730 +Description: + The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux + kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a + non-existent device name that triggers a null dereference. +Notes: +Bugs: +upstream: released (2.4.27-rc2) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2004-0619 b/retired/CVE-2004-0619 new file mode 100644 index 000000000..1cb869e36 --- /dev/null +++ b/retired/CVE-2004-0619 @@ -0,0 +1,28 @@ +Candidate: CVE-2004-0619 +References: + http://marc.theaimsgroup.com/?l=bugtraq&m=108802653409053&w=2 + http://www.redhat.com/support/errata/RHSA-2004-549.html + http://www.redhat.com/support/errata/RHSA-2005-283.html + http://www.ciac.org/ciac/bulletins/p-047.shtml + http://www.securityfocus.com/bid/10599 + http://secunia.com/advisories/11936 + http://xforce.iss.net/xforce/xfdb/16459 +Description: + Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 + cryptonet driver allows local users to cause a denial of service (crash) + and possibly execute arbitrary code via a negative add_dsa_buf_bytes + variable, which leads to a buffer overflow. +Notes: + jmm> I've checked 2.6.8, 2.4.27 and 2.6.14, this is not included in the + jmm> stock kernel, only in Red Hat's. I'm marking Woody N/A as well. +Bugs: +upstream: N/A +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2004-0626 b/retired/CVE-2004-0626 new file mode 100644 index 000000000..8f50960dd --- /dev/null +++ b/retired/CVE-2004-0626 @@ -0,0 +1,27 @@ +Candidate: CVE-2004-0626 +References: + http://marc.theaimsgroup.com/?l=bugtraq&m=108861141304495&w=2 + http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852 + http://lwn.net/Articles/91964/ + http://www.gentoo.org/security/en/glsa/glsa-200407-12.xml + http://www.novell.com/linux/security/advisories/2004_20_kernel.html + http://xforce.iss.net/xforce/xfdb/16554 +Description: + The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, + when using iptables and TCP options rules, allows remote attackers to cause a + denial of service (CPU consumption by infinite loop) via a large option length + that produces a negative integer after a casting operation to the char type. +Notes: + jmm> The bug was introduced during a rewrite of the code that accesses the skb's + jmm> during earlier 2.6 kernels. 2.4 has the correct u_int8_t declaration. +Bugs: +upstream: released (2.6.8) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2004-0685 b/retired/CVE-2004-0685 new file mode 100644 index 000000000..131c021d2 --- /dev/null +++ b/retired/CVE-2004-0685 @@ -0,0 +1,36 @@ +Candidate: CVE-2004-0685 +References: + FEDORA:FLSA:2336 + URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 + GENTOO:GLSA-200408-24 + URL:http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml + TRUSTIX:2004-0041 + URL:http://www.trustix.net/errata/2004/0041/ + CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127921 + CERT-VN:VU#981134 + URL:http://www.kb.cert.org/vuls/id/981134 + BID:10892 + URL:http://www.securityfocus.com/bid/10892 + XF:linux-usb-gain-privileges(16931) + URL:http://xforce.iss.net/xforce/xfdb/16931 + MISC:http://www.securityspace.com/smysecure/catid.html?id=14580 +Description: + Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on + uninitialized structures, which could allow local users to obtain sensitive + information by reading memory that was not cleared from previous usage. +Notes: + jmm> This was commited into the 2.5/2.6 version before in this changeset: + jmm> http://linux.bkbits.net:8080/linux-2.6/cset@3f986b35LyBKc-OxB8G6k22oOjgYTQ + jmm> So I'm marking all 2.6 versions N/A +Bugs: +upstream: released (2.4.27) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2004-0790 b/retired/CVE-2004-0790 new file mode 100644 index 000000000..765295f8f --- /dev/null +++ b/retired/CVE-2004-0790 @@ -0,0 +1,44 @@ +Candidate: CVE-2004-0790 +References: + MISC:http://www.watersprings.org/pub/id/draft-gont-tcpm-icmp-attacks-03.txt + MISC:http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=en + MISC:http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html + HP:HPSBTU01210 + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112861397904255&w=2 + HP:SSRT4743 + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112861397904255&w=2 + HP:SSRT4884 + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112861397904255&w=2 + MS:MS05-019 + URL:http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx + SUNALERT:57746 + URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57746-1 + OVAL:OVAL3458 + URL:http://oval.mitre.org/oval/definitions/data/oval3458.html + OVAL:OVAL1910 + URL:http://oval.mitre.org/oval/definitions/data/oval1910.html + OVAL:OVAL4804 + URL:http://oval.mitre.org/oval/definitions/data/oval4804.html +Description: + Multiple TCP/IP and ICMP implementations allow remote attackers to cause a + denial of service (reset TCP connections) via spoofed ICMP error messages, aka + the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and + CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, + CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that + are SPLIT based on the underlying vulnerability. While CVE normally SPLITs + based on vulnerability, the attack-based identifiers exist due to the variety + and number of affected implementations and solutions that address the attacks + instead of the underlying vulnerabilities. +Notes: +Bugs: 305655 305664 +upstream: +linux-2.6: +2.6.8-sarge-security: released (2.6.8-16) [net-ipv4-icmp-quench.dpatch] +2.4.27-sarge-security: released (2.4.27-10) [164_net-ipv4-icmp-quench.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2004-0812 b/retired/CVE-2004-0812 new file mode 100644 index 000000000..f6fba4ae7 --- /dev/null +++ b/retired/CVE-2004-0812 @@ -0,0 +1,36 @@ +Candidate: CVE-2004-0812 +References: + REDHAT:RHSA-2004:549 + URL:http://www.redhat.com/support/errata/RHSA-2004-549.html + CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@3fad673ber4GuU7iWppydzNIyLntEQ + CIAC:P-047 + URL:http://www.ciac.org/ciac/bulletins/p-047.shtml + BID:11794 + URL:http://www.securityfocus.com/bid/11794 + SECUNIA:13359 + URL:http://secunia.com/advisories/13359 + XF:linux-tss-gain-privilege(18346) + URL:http://xforce.iss.net/xforce/xfdb/18346 +Description: + Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and + Intel EM64T architectures, associated with "setting up TSS limits," allows + local users to cause a denial of service (crash) and possibly execute + arbitrary code. +Notes: + jmm> I've verified that above bkbits fixed is included in 2.6.8, so I'm + jmm> marking 2.6 N/A + jmm> The vulnerable code doesn't seem to be present in 2.4.27. Plus, 2.4 + jmm> is unsupported for amd64 anyway, so I'm marking it N/A as well for + jmm> the 2.4 kernels +Bugs: +upstream: released (2.6.0-test10) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2004-0814 b/retired/CVE-2004-0814 new file mode 100644 index 000000000..6623e5027 --- /dev/null +++ b/retired/CVE-2004-0814 @@ -0,0 +1,38 @@ +Candidate: CVE-2004-0814 +References: + BUGTRAQ:20041020 CVE-2004-0814: Linux terminal layer races + URL:http://www.securityfocus.com/archive/1/379005 + CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672 + CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110 + FEDORA:FLSA:2336 + URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 + MANDRAKE:MDKSA-2005:022 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 + BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2 + BID:11491 + URL:http://www.securityfocus.com/bid/11491 + BID:11492 + URL:http://www.securityfocus.com/bid/11492 + XF:linux-tiocsetd-race-condition(17816) + URL:http://xforce.iss.net/xforce/xfdb/17816 +Description: + Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x + before 2.6.9, allow (1) local users to obtain portions of kernel data via a + TIOCSETD ioctl call to a terminal interface that is being accessed by another + thread, or (2) remote attackers to cause a denial of service (panic) by + switching from console to PPP line discipline, then quickly sending data that + is received during the switch. +Notes: +Bugs: +upstream: released (2.6.9) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-8) [tty-locking-fixes.dpatch, tty-locking-fixes2.dpatch, tty-locking-fixes3.dpatch, tty-locking-fixes4.dpatch, tty-locking-fixes5.dpatch, tty-locking-fixes6.dpatch, tty-locking-fixes7.dpatch, tty-locking-fixes8.dpatch] +2.4.27-sarge-security: released (2.4.27-7) [093_tty_lockup.diff, 093_tty_lockup-2.diff, 115_tty_lockup-3.diff, 093-tty_lockup-3.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2004-0816 b/retired/CVE-2004-0816 new file mode 100644 index 000000000..db95f003e --- /dev/null +++ b/retired/CVE-2004-0816 @@ -0,0 +1,35 @@ +Candidate: CVE-2004-0816 +References: + MANDRAKE:MDKSA-2005:022 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 + SUSE:SUSE-SA:2004:037 + URL:http://www.novell.com/linux/security/advisories/2004_37_kernel.html + BID:11488 + URL:http://www.securityfocus.com/bid/11488 + SECUNIA:11202 + URL:http://secunia.com/advisories/11202/ + XF:linux-ip-packet-dos(17800) + URL:http://xforce.iss.net/xforce/xfdb/17800 +Description: + Integer underflow in the firewall logging rules for iptables in Linux before + 2.6.8 allows remote attackers to cause a denial of service (application crash) + via a malformed IP packet. +Notes: + jmm> Quoting from http://groups.google.com/group/nz.comp/msg/71ec927b491f247d: + jmm> The bug, discovered by Richard Hart, does not affect the 2.4 series kernel + jmm> Quoting from http://www.novell.com/linux/security/advisories/2004_37_kernel.html: + jmm> This problem has already been fixed in the 2.6.8 upstream Linux kernel, + jmm> this update contains a backport of the fix. + jmm> So I'm marking all kernels N/A +Bugs: +upstream: +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2004-0883 b/retired/CVE-2004-0883 new file mode 100644 index 000000000..fc843e977 --- /dev/null +++ b/retired/CVE-2004-0883 @@ -0,0 +1,48 @@ +Candidate: CVE-2004-0883 +References: + BUGTRAQ:20041117 Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110072140811965&w=2 + MISC:http://security.e-matters.de/advisories/142004.html + BUGTRAQ:20041118 [USN-30-1] Linux kernel vulnerabilities + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110082989725345&w=2 + FEDORA:FLSA:2336 + URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 + MANDRAKE:MDKSA-2005:022 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 + REDHAT:RHSA-2004:537 + URL:http://www.redhat.com/support/errata/RHSA-2004-537.html + CERT-VN:VU#726198 + URL:http://www.kb.cert.org/vuls/id/726198 + SECUNIA:13232 + URL:http://secunia.com/advisories/13232/ + BID:11695 + URL:http://www.securityfocus.com/bid/11695 + XF:linux-smbprocreadxdata-dos(18135) + URL:http://xforce.iss.net/xforce/xfdb/18135 + XF:linux-smb-response-dos(18134) + URL:http://xforce.iss.net/xforce/xfdb/18134 + XF:linux-smbreceivetrans2-dos(18136) + URL:http://xforce.iss.net/xforce/xfdb/18136 +Description: + Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 + and 2.6 allow remote samba servers to cause a denial of service (crash) or + gain sensitive information from kernel memory via a samba server (1) returning + more data than requested to the smb_proc_read function, (2) returning a data + offset from outside the samba packet to the smb_proc_readX function, (3) + sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, + (4) sending a samba packet with a certain header size to the + smb_proc_readX_data function, or (5) sending a certain packet based offset for + the data in a packet to the smb_receive_trans2 function. +Notes: +Bugs: +upstream: released (2.4.28-rc3), released (2.6.10) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-9) [smbfs-overflow-fixes-2.dpatch] +2.4.27-sarge-security: released (2.4.27-6) [111-smb-client-overflow-fix-1.diff, 111-smb-client-overflow-fix-2.diff] +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2004-0887 b/retired/CVE-2004-0887 new file mode 100644 index 000000000..a9b4ef2e1 --- /dev/null +++ b/retired/CVE-2004-0887 @@ -0,0 +1,23 @@ +Candidate: CVE-2004-0887 +References: + http://www.novell.com/linux/security/advisories/2004_37_kernel.html + http://www.securityfocus.com/bid/11489 + http://xforce.iss.net/xforce/xfdb/17801 +Description: + SUSE Linux Enterprise Server 9 on the S/390 platform does not properly + handle a certain privileged instruction, which allows local users to + gain root privileges. +Notes: + dannf> 2.4 looks vulnerable; I've asked waldi's advice on applying it. +Bugs: +upstream: +linux-2.6: +2.6.8-sarge-security: released (2.6.8-10) [s390-sacf-fix.dpatch] +2.4.27-sarge-security: released (2.4.27-10sarge2) [206_s390-sacf-fix.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2004-0949 b/retired/CVE-2004-0949 new file mode 100644 index 000000000..8c716e2de --- /dev/null +++ b/retired/CVE-2004-0949 @@ -0,0 +1,40 @@ +Candidate: CVE-2004-0949 +References: + BUGTRAQ:20041117 Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110072140811965&w=2 + MISC:http://security.e-matters.de/advisories/142004.html + FEDORA:FLSA:2336 + URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 + MANDRAKE:MDKSA-2005:022 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 + REDHAT:RHSA-2004:537 + URL:http://www.redhat.com/support/errata/RHSA-2004-537.html + TRUSTIX:2004-0061 + URL:http://www.trustix.org/errata/2004/0061/ + UBUNTU:USN-30-1 + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110082989725345&w=2 + XF:linux-smbrecvtrans2-memory-leak(18137) + URL:http://xforce.iss.net/xforce/xfdb/18137 + BID:11695 + URL:http://www.securityfocus.com/bid/11695 + SECUNIA:13232 + URL:http://secunia.com/advisories/13232/ +Description: + The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux + kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented + packets correctly, which could allow remote samba servers to (1) read + arbitrary kernel information or (2) raise a counter value to an arbitrary + number by sending the first part of the fragmented packet multiple times. +Notes: +Bugs: +upstream: released (2.4.28-rc3), released (2.6.10) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-13) [smbfs-overrun.dpatch] +2.4.27-sarge-security: released (2.4.27-6) [111-smb-client-overflow-fix-1.diff, 111-smb-client-overflow-fix-2.diff] +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2004-1016 b/retired/CVE-2004-1016 new file mode 100644 index 000000000..191860c57 --- /dev/null +++ b/retired/CVE-2004-1016 @@ -0,0 +1,36 @@ +Candidate: CVE-2004-1016 +References: + VULNWATCH:20041214 Linux kernel scm_send local DoS + MISC:http://isec.pl/vulnerabilities/isec-0019-scm.txt + UBUNTU:USN-38-1 + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2 + FEDORA:FLSA:2336 + URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 + MANDRAKE:MDKSA-2005:022 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 + REDHAT:RHSA-2004:689 + URL:http://www.redhat.com/support/errata/RHSA-2004-689.html + XF:linux-scmsend-dos(18483) + URL:http://xforce.iss.net/xforce/xfdb/18483 +Description: + The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, + and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system + hang) via crafted auxiliary messages that are passed to the sendmsg function, + which causes a deadlock condition. +Notes: + dannf> 2.4.27 has a reference to CVE-2004-1016 in the changelog, but it looks + like it referred to the wrong issue - our 2.4.27 may still be + vulnerable. + dannf> on second review, those patches look correct +Bugs: +upstream: +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-11) [scm_send-dos-fix.dpatch, scm_send-dos-fix2.dpatch] +2.4.27-sarge-security: released (2.4.27-7) [116-cmsg-validation-checks.patch, 118-cmsg-validation-checks-compat.patch] +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2004-1017 b/retired/CVE-2004-1017 new file mode 100644 index 000000000..20d4709b1 --- /dev/null +++ b/retired/CVE-2004-1017 @@ -0,0 +1,27 @@ +Candidate: CVS-2004-1017 +References: + FEDORA:FLSA:2336 + URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 + REDHAT:RHSA-2004:689 + URL:http://www.redhat.com/support/errata/RHSA-2004-689.html + XF:linux-ioedgeport-bo(18433) + URL:http://xforce.iss.net/xforce/xfdb/18433 +Description: + Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x have + unknown impact and unknown attack vectors. +Notes: + jmm> I've checked 2.6.14, but I didn't find the exact upstream version when + jmm> this was fixed + jmm> The fix is required for 2.6.8 +Bugs: +upstream: +linux-2.6: released (2.4.31-rc1, 2.6.10) +2.6.8-sarge-security: released (2.6.8-16sarge2) [io_edgeport_overflow.dpatch] +2.4.27-sarge-security: released (2.4.27-9) [137_io_edgeport_overflow.diff] +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2004-1056 b/retired/CVE-2004-1056 new file mode 100644 index 000000000..e768cfaa4 --- /dev/null +++ b/retired/CVE-2004-1056 @@ -0,0 +1,27 @@ +Candidate: CVE-2004-1056 +References: + UBUNTU:USN-38-1 + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2 + FEDORA:FLSA:2336 + URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 + REDHAT:RHSA-2005:092 + URL:http://www.redhat.com/support/errata/RHSA-2005-092.html + XF:linux-i810-dma-dos(15972) + URL:http://xforce.iss.net/xforce/xfdb/15972 +Description: + Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly + check the DMA lock, which could allow remote attackers or local users to cause + a denial of service (X Server crash) and possibly modify the video output. +Notes: +Bugs: +upstream: +linux-2.6: +2.6.8-sarge-security: released (2.6.8-11) [drm-locking-fixes.dpatch] +2.4.27-sarge-security: released (2.4.27-8) [121_drm-locking-checks-1.diff, 121_drm-locking-checks-2.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2004-1057 b/retired/CVE-2004-1057 new file mode 100644 index 000000000..fab0fac1c --- /dev/null +++ b/retired/CVE-2004-1057 @@ -0,0 +1,27 @@ +Candidate: CVE-2004-1057 +References: + MISC:http://www.kernel.org/pub/linux/kernel/people/andrea/kernels/v2.4/2.4.23aa3/00_VM_IO-4 + REDHAT:RHSA-2005:016 + URL:http://www.redhat.com/support/errata/RHSA-2005-016.html + CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=137821 + XF:linux-kernel-vmio-dos(19275) + URL:http://xforce.iss.net/xforce/xfdb/19275 +Description: + Multiple drivers in Linux kernel 2.4.19 and earlier do not properly mark + memory with the VM_IO flag, which causes incorrect reference counts and may + lead to a denial of service (kernel panic) when accessing freed kernel pages. +Notes: + dannf> I see the PageReserved() check in the 2.6 code, going back to 2.4.0 + dannf> so I'll mark 2.6 N/A +Bugs: +upstream: +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: released (2.4.27-10) [165_VM_IO.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2004-1058 b/retired/CVE-2004-1058 new file mode 100644 index 000000000..b5445d343 --- /dev/null +++ b/retired/CVE-2004-1058 @@ -0,0 +1,28 @@ +Candidate: CVE-2004-1058 +References: + FEDORA:FLSA:152532 + URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532 + GENTOO:GLSA-200408-24 + URL:http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml + MANDRAKE:MDKSA-2005:022 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 + UBUNTU:USN-38-1 + URL:http://www.ubuntulinux.org/support/documentation/usn/usn-38-1 + XF:linux-spawning-race-condition(17151) + URL:http://xforce.iss.net/xforce/xfdb/17151 +Description: + Race condition in Linux kernel 2.6 allows local users to read the environment + variables of another process that is still spawning via /proc/.../cmdline. +Notes: +Bugs: +upstream: released (2.4.33-pre2) +linux-2.6: +2.6.8-sarge-security: released (2.6.8-14) [proc-cmdline-mmput-leak.dpatch] +2.4.27-sarge-security: released (2.4.27-10sarge2) [203_proc_pid_cmdline_race.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2004-1068 b/retired/CVE-2004-1068 new file mode 100644 index 000000000..550151435 --- /dev/null +++ b/retired/CVE-2004-1068 @@ -0,0 +1,33 @@ +Candidate: CVE-2004-1068 +References: + BUGTRAQ:20041119 Addendum, recent Linux <= 2.4.27 vulnerabilities + URL:http://www.securityfocus.com/archive/1/381689 + FEDORA:FLSA:2336 + URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 + MANDRAKE:MDKSA-2005:022 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 + REDHAT:RHSA-2004:537 + URL:http://www.redhat.com/support/errata/RHSA-2004-537.html + BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2 + BID:11715 + URL:http://www.securityfocus.com/bid/11715 + XF:linux-afunix-race-condition(18230) + URL:http://xforce.iss.net/xforce/xfdb/18230 +Description: + A "missing serialization" error in the unix_dgram_recvmsg function in Linux + 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain + privileges via a race condition. +Notes: +Bugs: +upstream: released (2.4.27, 2.6.9) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-11) +2.4.27-sarge-security: released (2.4.27-7) +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2004-1069 b/retired/CVE-2004-1069 new file mode 100644 index 000000000..ea4e901e2 --- /dev/null +++ b/retired/CVE-2004-1069 @@ -0,0 +1,24 @@ +Candidate: CVE-2004-1069 +References: + http://marc.theaimsgroup.com/?l=linux-kernel&m=110045613004761 + http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 + http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2 + http://xforce.iss.net/xforce/xfdb/18312 +Description: + Race condition in SELinux 2.6.x through 2.6.9 allows local users to + cause a denial of service (kernel crash) via SOCK_SEQPACKET unix + domain sockets, which are not properly handled in the sock_dgram_sendmsg + function. +Notes: +Bugs: +upstream: +linux-2.6: +2.6.8-sarge-security: released (2.6.8-11) +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2004-1070 b/retired/CVE-2004-1070 new file mode 100644 index 000000000..cb13be152 --- /dev/null +++ b/retired/CVE-2004-1070 @@ -0,0 +1,30 @@ +Candidate: CVE-2004-1070 +References: + MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt + FEDORA:FLSA:2336 + URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 + MANDRAKE:MDKSA-2005:022 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 + REDHAT:RHSA-2004:549 + URL:http://www.redhat.com/support/errata/RHSA-2004-549.html + XF:linux-elf-setuid-gain-privileges(18025) + URL:http://xforce.iss.net/xforce/xfdb/18025 +Description: + The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux + kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8 , does not properly check + return values from calls to the kernel_read function, which may allow local + users to modify sensitive memory in a setuid program and execute arbitrary + code. +Notes: +Bugs: +upstream: +linux-2.6: +2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch] +2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff] +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2004-1071 b/retired/CVE-2004-1071 new file mode 100644 index 000000000..14325cbbe --- /dev/null +++ b/retired/CVE-2004-1071 @@ -0,0 +1,29 @@ +Candidate: CVE-2004-1071 +References: + MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt + FEDORA:FLSA:2336 + URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 + MANDRAKE:MDKSA-2005:022 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 + REDHAT:RHSA-2004:537 + URL:http://www.redhat.com/support/errata/RHSA-2004-537.html + XF:linux-elf-setuid-gain-privileges(18025) + URL:http://xforce.iss.net/xforce/xfdb/18025 +Description: + The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and + 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap + function, which causes an incorrect mapped image and may allow local users to + execute arbitrary code. +Notes: +Bugs: +upstream: +linux-2.6: +2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch] +2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff] +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2004-1072 b/retired/CVE-2004-1072 new file mode 100644 index 000000000..822e3a634 --- /dev/null +++ b/retired/CVE-2004-1072 @@ -0,0 +1,32 @@ +Candidate: CVE-2004-1072 +References: + MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt + FEDORA:FLSA:2336 + URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 + MANDRAKE:MDKSA-2005:022 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 + REDHAT:RHSA-2004:537 + URL:http://www.redhat.com/support/errata/RHSA-2004-537.html + REDHAT:RHSA-2005:275 + URL:http://www.redhat.com/support/errata/RHSA-2005-275.html + XF:linux-elf-setuid-gain-privileges(18025) + URL:http://xforce.iss.net/xforce/xfdb/18025 +Description: + The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and + 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL + terminated, which could cause strings longer than PATH_MAX to be used, leading + to buffer overflows that allow local users to cause a denial of service (hang) + and possibly execute arbitrary code. +Notes: +Bugs: +upstream: +linux-2.6: +2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch] +2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff] +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2004-1073 b/retired/CVE-2004-1073 new file mode 100644 index 000000000..21cc9e6c4 --- /dev/null +++ b/retired/CVE-2004-1073 @@ -0,0 +1,28 @@ +Candidate: CVE-2004-1073 +References: + MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt + FEDORA:FLSA:2336 + URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 + MANDRAKE:MDKSA-2005:022 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 + REDHAT:RHSA-2004:549 + URL:http://www.redhat.com/support/errata/RHSA-2004-549.html + XF:linux-elf-setuid-gain-privileges(18025) + URL:http://xforce.iss.net/xforce/xfdb/18025 +Description: + The open_exec function in the execve functionality (exec.c) in Linux kernel + 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read + non-readable ELF binaries by using the interpreter (PT_INTERP) functionality. +Notes: +Bugs: +upstream: +linux-2.6: +2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch] +2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff] +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2004-1137 b/retired/CVE-2004-1137 new file mode 100644 index 000000000..de8f91b61 --- /dev/null +++ b/retired/CVE-2004-1137 @@ -0,0 +1,39 @@ +Candidate: CVE-2004-1137 +References: + VULNWATCH:20041214 Linux kernel IGMP vulnerabilities + BUGTRAQ:20041214 Linux kernel IGMP vulnerabilities + MISC:http://isec.pl/vulnerabilities/isec-0018-igmp.txt + CONECTIVA:CLA-2005:930 + URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 + FEDORA:FLSA:2336 + URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 + MANDRAKE:MDKSA-2005:022 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 + REDHAT:RHSA-2005:092 + URL:http://www.redhat.com/support/errata/RHSA-2005-092.html + BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2 + XF:linux-igmpmarksources-dos(18482) + URL:http://xforce.iss.net/xforce/xfdb/18482 + XF:linux-ipmcsource-code-execution(18481) + URL:http://xforce.iss.net/xforce/xfdb/18481 +Description: + Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to + 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial + of service or execute arbitrary code via (1) the ip_mc_source function, which + decrements a counter to -1, or (2) the igmp_marksources function, which does + not properly validate IGMP message parameters and performs an out-of-bounds + read. +Notes: +Bugs: +upstream: +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-11) [igmp-src-list-fix.dpatch] +2.4.27-sarge-security: released (2.4.27-7) [117-igmp-source-filter-fixes.patch] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2004-1144 b/retired/CVE-2004-1144 new file mode 100644 index 000000000..84734f73c --- /dev/null +++ b/retired/CVE-2004-1144 @@ -0,0 +1,27 @@ +Candidate: CVE-2004-1144 +References: + REDHAT:RHSA-2004:689 + URL:http://www.redhat.com/support/errata/RHSA-2004-689.html + SUSE:SUSE-SA:2004:046 + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110376890429798&w=2 + XF:linux-32bit-emulation-gain-privileges(18686) + URL:http://xforce.iss.net/xforce/xfdb/18686 +Description: + Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD64 + systems allows local users to gain privileges. +Notes: + jmm> 2.6 is not affected, see the comment by Andi Kleen from the patch: + jmm> # The problem only occurs on 2.4 x86-64 kernels, 2.6 doesn't have this + jmm> # hole because some unrelated changes in 2.5 fixed it as a side effect. +Bugs: +upstream: +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: released (2.4.27-9) [138_amd64_syscall_vuln.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2004-1151 b/retired/CVE-2004-1151 new file mode 100644 index 000000000..a5f83c362 --- /dev/null +++ b/retired/CVE-2004-1151 @@ -0,0 +1,28 @@ +Candidate: CVE-2004-1151 +References: + MLIST:[linux-kernel] 20041130 Buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall() + URL:http://www.ussg.iu.edu/hypermail/linux/kernel/0411.3/1467.html + MISC:http://linux.bkbits.net:8080/linux-2.6/cset@1.2079 + MISC:http://linux.bkbits.net:8080/linux-2.6/gnupatch@41ae6af1cR3mJYlW6D8EHxCKSxuJiQ + MANDRAKE:MDKSA-2005:022 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 + BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2 +Description: + Multiple buffer overflows in the (1) sys32_ni_syscall and (2) + sys32_vm86_warning functions in sys_ia32.c for Linux 2.6.x may allow local + attackers to modify kernel memory and gain privileges. +Notes: + <= 2.4.27 doesn't look vulnerable, and we don't have 2.4/x86_64 anyway. +Bugs: +upstream: released (2.6.10) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-11) [arch-x86_64-sys32_ni-overflow.dpatch] +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2004-1234 b/retired/CVE-2004-1234 new file mode 100644 index 000000000..b262dcc72 --- /dev/null +++ b/retired/CVE-2004-1234 @@ -0,0 +1,35 @@ +Candidate: CVE-2004-1234 +References: + FEDORA:FLSA:2336 + URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 + REDHAT:RHSA-2004:689 + URL:http://www.redhat.com/support/errata/RHSA-2004-689.html + CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@4076466d_SqUm4azg4_v3FIG2-X6XQ + CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@4076466d_SqUm4azg4_v3FIG2-X6XQ + CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=142965 + BID:12101 + URL:http://www.securityfocus.com/bid/12101 + XF:linux-loadelfbinary-dos(18687) + URL:http://xforce.iss.net/xforce/xfdb/18687 +Description: + load_elf_binary in Linux before 2.4.26 allows local users to cause a denial of + service (system crash) via an ELF binary in which the interpreter is NULL. +Notes: + jmm> I don't know at which version this was merged into 2.6, but I've verified + jmm> that above-mentioned fix is included in 2.6.8's binfmt_elf.c: + jmm> out_free_dentry: + jmm> allow_write_access(interpreter); + jmm> if (interpreter) + jmm> fput(interpreter); +Bugs: +upstream: released (2.4.26-rc3) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2004-1235 b/retired/CVE-2004-1235 new file mode 100644 index 000000000..122bb271a --- /dev/null +++ b/retired/CVE-2004-1235 @@ -0,0 +1,43 @@ +Candidate: CVE-2004-1235 +References: + BUGTRAQ:20050107 Linux kernel sys_uselib local root vulnerability + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110512575901427&w=2 + MISC:http://isec.pl/vulnerabilities/isec-0021-uselib.txt + CONECTIVA:CLA-2005:930 + URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 + FEDORA:FEDORA-2005-013 + URL:http://www.securityfocus.com/advisories/7806 + FEDORA:FEDORA-2005-014 + URL:http://www.securityfocus.com/advisories/7805 + FEDORA:FLSA:2336 + URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 + MANDRAKE:MDKSA-2005:022 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 + REDHAT:RHSA-2005:043 + URL:http://www.redhat.com/support/errata/RHSA-2005-043.html + REDHAT:RHSA-2005:092 + URL:http://www.redhat.com/support/errata/RHSA-2005-092.html + TRUSTIX:2005-0001 + URL:http://www.trustix.org/errata/2005/0001/ + CONFIRM:http://www.securityfocus.com/advisories/7804 + BID:12190 + URL:http://www.securityfocus.com/bid/12190 + XF:linux-uselib-gain-privileges(18800) + URL:http://xforce.iss.net/xforce/xfdb/18800 +Description: + Race condition in the (1) load_elf_library and (2) binfmt_aout function calls + for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows + local users to execute arbitrary code by manipulating the VMA descriptor. +Notes: +Bugs: +upstream: +linux-2.6: +2.6.8-sarge-security: released (2.6.8-12) [028-do_brk_security_fixes.dpatch] +2.4.27-sarge-security: released (2.4.27-8) [122_sec_brk-locked.diff] +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2004-1237 b/retired/CVE-2004-1237 new file mode 100644 index 000000000..099e2cf7b --- /dev/null +++ b/retired/CVE-2004-1237 @@ -0,0 +1,28 @@ +Candidate: CVE-2004-1237 +References: + http://www.redhat.com/support/errata/RHSA-2005-043.html + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=132245 + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=141996 + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=142091 + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=142442 + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=143886 + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=144048 +Description: + Unknown vulnerability in the system call filtering code in the audit + subsystem for Red Hat Enterprise Linux 3 allows local users to cause + a denial of service (system crash) via unknown vectors. +Notes: + jmm> What a remarkably concrete description :-) + jmm> I found the Bugzilla entries above and this seems RHEL specific. + jmm> I'm marking it at such, but please double-check someone +Bugs: +upstream: N/A +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2004-1333 b/retired/CVE-2004-1333 new file mode 100644 index 000000000..9f40c4368 --- /dev/null +++ b/retired/CVE-2004-1333 @@ -0,0 +1,32 @@ +Candidate: CVE-2004-1333 +References: + FULLDISC:20041215 fun with linux kernel + URL:http://www.securitytrap.com/mail/full-disclosure/2004/Dec/0323.html + MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html + FEDORA:FLSA:152532 + URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532 + SUSE:SUSE-SA:2005:018 + URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html + UBUNTU:USN-47-1 + URL:http://www.ubuntulinux.org/support/documentation/usn/usn-47-1 + BID:11956 + URL:http://www.securityfocus.com/bid/11956 + XF:linux-vcresize-dos(18523) + URL:http://xforce.iss.net/xforce/xfdb/18523 +Description: + Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 + before 2.6.10 allows local users to cause a denial of service (kernel crash) + via a short new screen value, which leads to a buffer overflow. +Notes: +Bugs: +upstream: released (2.6.10) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-11) [vt-of-death.dpatch] +2.4.27-sarge-security: released (2.4.27-9) [136_vc_resizing_overflow.diff] +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2004-1334 b/retired/CVE-2004-1334 new file mode 100644 index 000000000..6ac0f8dd0 --- /dev/null +++ b/retired/CVE-2004-1334 @@ -0,0 +1,25 @@ +Candidate: CVE-2004-1334 +References: + http://www.securitytrap.com/mail/full-disclosure/2004/Dec/0323.html + http://marc.theaimsgroup.com/?l=bugtraq&m=110383108211524&w=2 + http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html + http://www.securityfocus.com/bid/11956 + http://xforce.iss.net/xforce/xfdb/18522 +Description: + Integer overflow in the ip_options_get function in the Linux kernel before + 2.6.10 allows local users to cause a denial of service (kernel crash) via a + cmsg_len that contains a -1, which leads to a buffer overflow. +Notes: + dannf> This is a duplicate of CAN-2004-1016 +Bugs: +upstream: +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-11) [scm_send-dos-fix.dpatch, scm_send-dos-fix2.dpatch] +2.4.27-sarge-security: released (2.4.27-7) [116-cmsg-validation-checks.patch, 118-cmsg-validation-checks-compat.patch] +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2004-1335 b/retired/CVE-2004-1335 new file mode 100644 index 000000000..70b113099 --- /dev/null +++ b/retired/CVE-2004-1335 @@ -0,0 +1,28 @@ +Candidate: CVE-2004-1335 +References: + FULLDISC:20041215 fun with linux kernel + URL:http://www.securitytrap.com/mail/full-disclosure/2004/Dec/0323.html + MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html + BUGTRAQ:20041215 [USN-47-1] Linux kernel vulnerabilities + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110383108211524&w=2 + BID:11956 + URL:http://www.securityfocus.com/bid/11956 + XF:linux-ipoptionsget-memory-leak(18524) + URL:http://xforce.iss.net/xforce/xfdb/18524 +Description: + Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 + allows local users to cause a denial of service (memory consumption) by + repeatedly calling the ip_cmsg_send function. +Notes: +Bugs: +upstream: released (2.6.10) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-11) [fix-ip-options-leak.dpatch] +2.4.27-sarge-security: released (2.4.27-9) [135_fix_ip_options_leak.diff] +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2004-1337 b/retired/CVE-2004-1337 new file mode 100644 index 000000000..53542701c --- /dev/null +++ b/retired/CVE-2004-1337 @@ -0,0 +1,28 @@ +Candidate: +References: + BUGTRAQ:20041223 Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110384535113035&w=2 + CONECTIVA:CLA-2005:930 + URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 + BID:12093 + URL:http://www.securityfocus.com/bid/12093 + XF:linux-security-module-gain-privileges(18673) + URL:http://xforce.iss.net/xforce/xfdb/18673 +Description: + The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not + properly handle the credentials of a process that is launched before the + module is loaded, which allows local users to gain privileges. +Notes: + dannf> This code isn't in <= 2.4.27 +Bugs: +upstream: released (2.6.11) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-14) [025-track_dummy_capability.dpatch, 027-track_dummy_capability.dpatch] +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2004-2013 b/retired/CVE-2004-2013 new file mode 100644 index 000000000..d965a45be --- /dev/null +++ b/retired/CVE-2004-2013 @@ -0,0 +1,27 @@ +Candidate: CVE-2004-2013 +References: + http://archives.neohapsis.com/archives/bugtraq/2004-05/0091.html + http://lists.netsys.com/pipermail/full-disclosure/2004-May/021223.html + http://marc.theaimsgroup.com/?l=bugtraq&m=108456230815842&w=2 + http://www.securityfocus.com/bid/10326 + http://xforce.iss.net/xforce/xfdb/16117 +Description: + Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c + in the Linux kernel 2.4.25 and earlier allows local users to execute arbitrary + code via an optlen value of -1, which causes kmalloc to allocate 0 bytes of + memory. +Notes: + jmm> http://archives.neohapsis.com/archives/bugtraq/2004-05/0091.html + jmm> The vulnerable socket option was removed entirely in 2.4.26 and 2.6.*, + jmm> Woody could be affected, though +Bugs: +upstream: released (2.4.26) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: diff --git a/retired/CVE-2004-2302 b/retired/CVE-2004-2302 new file mode 100644 index 000000000..f39ee81fe --- /dev/null +++ b/retired/CVE-2004-2302 @@ -0,0 +1,25 @@ +Candidate: CVE-2004-2302 +References: + http://linux.bkbits.net:8080/linux-2.6/cset%404186a4deVoR88JjTwMa3ZnIp-_YJsA + http://kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.10-rc1/2.6.10-rc1-mm1/broken-out/fix-race-in-sysfs_read_file-and-sysfs_write_file.patch + http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:218 + http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219 + http://www.novell.com/linux/security/advisories/2005_44_kernel.html +Description: + Race condition in the sysfs_read_file and sysfs_write_file functions in Linux + kernel before 2.6.10 allows local users to read kernel memory and cause a + denial of service (crash) via large offsets in sysfs files. +Notes: + dannf> sysfs is only in 2.6, so marking 2.4 N/A +Bugs: 322339 +upstream: released (2.6.10) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-sysfs-read-write-race.dpatch] +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2004-2536 b/retired/CVE-2004-2536 new file mode 100644 index 000000000..5ae37d27e --- /dev/null +++ b/retired/CVE-2004-2536 @@ -0,0 +1,28 @@ +Candidate: CVE-2004-2536 +References: + http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1242.html + http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1265.html + http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.6 +Description: + The exit_thread function (process.c) in Linux kernel 2.6 through + 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a + process obtains IO access permissions from the ioperm function but + does not drop those permissions when it exits, which allows other + processes to access the per-TSS pointers, access restricted memory + locations, and possibly gain privileges. +Notes: + Horms> Tested against kernel-image-2.4.27-2-686 2.4.27-11 which does not + seem to exhibit the problem, although the code suggests it might. I guess + its just a 2.6 problem. I marked 2.4.27 and the woody kernels N/A +Bugs: +upstream: released (2.6.6) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2004-2607 b/retired/CVE-2004-2607 new file mode 100644 index 000000000..ec1da9376 --- /dev/null +++ b/retired/CVE-2004-2607 @@ -0,0 +1,30 @@ +Candidate: CVE-2004-2607 +References: + http://www.uwsg.iu.edu/hypermail/linux/kernel/0404.2/0313.html + http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=98cd917c1ac348d5cd94beabecc3011dcaa0a0f2 +Description: + A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to + 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of + kernel memory via a large len argument, which is received as an int but + cast to a short, which prevents a read loop from filling a buffer. +Notes: + jmm> The referenced patch was applied by Jeff Garzik on 2004-04-16, + jmm> 2.6.6 was released on 2004-05-09, so Sarge seems not affected, should + jmm> be double-checked against the source though, but my bandwidth is currently + jmm> too slim to download 2.6.8 + jmm> + jmm> The fix below is for a completely different issue, I've split it out + horms> Fix was included in 2.6.6. Checked source and 2.6.8 is not vulnerable + horms> 2.4.27 is vulnerable, added fix to SVN. Woody is likely vulnerable +Bugs: +upstream: released (2.4.33-pre2), released (2.6.6) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: released (2.4.27-10sarge2) [200_net_sdla_xfer_leak.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-0001 b/retired/CVE-2005-0001 new file mode 100644 index 000000000..97943e59c --- /dev/null +++ b/retired/CVE-2005-0001 @@ -0,0 +1,42 @@ +Candidate: CVE-2005-0001 +References: + BUGTRAQ:20050112 Linux kernel i386 SMP page fault handler privilege escalation + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110554694522719&w=2 + FULLDISC:20050112 Linux kernel i386 SMP page fault handler privilege escalation + URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030826.html + MISC:http://isec.pl/vulnerabilities/isec-0022-pagefault.txt + CONECTIVA:CLA-2005:930 + URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 + FEDORA:FLSA:2336 + URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 + MANDRAKE:MDKSA-2005:022 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 + REDHAT:RHSA-2005:043 + URL:http://www.redhat.com/support/errata/RHSA-2005-043.html + REDHAT:RHSA-2005:092 + URL:http://www.redhat.com/support/errata/RHSA-2005-092.html + TRUSTIX:2005-0001 + URL:http://www.trustix.org/errata/2005/0001/ + BUGTRAQ:20050114 [USN-60-0] Linux kernel vulnerabilities + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110581146702951&w=2 + XF:linux-fault-handler-gain-privileges(18849) + URL:http://xforce.iss.net/xforce/xfdb/18849 +Description: + Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to + 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor + machines, allows local users to execute arbitrary code via concurrent threads + that share the same virtual memory space and simultaneously request stack + expansion. +Notes: +Bugs: +upstream: +linux-2.6: +2.6.8-sarge-security: released (2.6.8-13) [034-stack_resize_exploit.dpatch] +2.4.27-sarge-security: released (2.4.27-8) [131_expand_stack_race.diff] +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2005-0003 b/retired/CVE-2005-0003 new file mode 100644 index 000000000..770719909 --- /dev/null +++ b/retired/CVE-2005-0003 @@ -0,0 +1,34 @@ +Candidate: CVE-2005-0003 +References: + CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@41c36fb6q1Z68WUzKQFjJR-40Ev3tw + MANDRAKE:MDKSA-2005:022 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 + REDHAT:RHSA-2005:043 + URL:http://www.redhat.com/support/errata/RHSA-2005-043.html + SUSE:SUSE-SA:2005:018 + URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html + TRUSTIX:2005-0001 + URL:http://www.trustix.org/errata/2005/0001/ + MISC:http://linux.bkbits.net:8080/linux-2.6/cset@41a6721cce-LoPqkzKXudYby_3TUmg + BID:12261 + URL:http://www.securityfocus.com/bid/12261 + XF:linux-vma-gain-privileges(18886) + URL:http://xforce.iss.net/xforce/xfdb/18886 +Description: + The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit + architectures, does not properly check for overlapping VMA (virtual memory + address) allocations, which allows local users to cause a denial of service + (system crash) or execute arbitrary code via a crafted ELF or a.out file. +Notes: +Bugs: +upstream: released (2.6.10) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-11) [binfmt-huge-vma-dos2.dpatch] +2.4.27-sarge-security: released (2.4.27-9) [145_insert_vm_struct-no-BUG.patch] +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2005-0090 b/retired/CVE-2005-0090 new file mode 100644 index 000000000..3a6ff8b01 --- /dev/null +++ b/retired/CVE-2005-0090 @@ -0,0 +1,22 @@ +Candidate: CVE-2005-0090 +References: + A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split + patch omits an "access check," which allows local users to cause a denial + of service (crash). +Description: + http://www.redhat.com/support/errata/RHSA-2005-092.html + http://www.securityfocus.com/bid/12599 + http://xforce.iss.net/xforce/xfdb/20618 +Notes: + Red Hat specific vulnerability +Bugs: +upstream: +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2005-0091 b/retired/CVE-2005-0091 new file mode 100644 index 000000000..589abd45e --- /dev/null +++ b/retired/CVE-2005-0091 @@ -0,0 +1,22 @@ +Candidate: CVE-2005-0091 +References: + http://www.redhat.com/support/errata/RHSA-2005-092.html + http://www.securityfocus.com/bid/12599 + http://xforce.iss.net/xforce/xfdb/20619 +Description: + Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split + patch, when using the hugemem kernel, allows local users to read and write to + arbitrary kernel memory and gain privileges via certain syscalls. +Notes: + Red Hat specific. +Bugs: +upstream: N/A +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2005-0092 b/retired/CVE-2005-0092 new file mode 100644 index 000000000..426e1b21e --- /dev/null +++ b/retired/CVE-2005-0092 @@ -0,0 +1,22 @@ +Candidate: CVE-2005-0092 +References: + http://www.redhat.com/support/errata/RHSA-2005-092.html + http://www.securityfocus.com/bid/12599 + http://xforce.iss.net/xforce/xfdb/20620 +Description: + Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split + patch, when running on x86 with the hugemem kernel, allows local users to + cause a denial of service (crash). +Notes: + Red Hat specific. +Bugs: +upstream: N/A +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2005-0135 b/retired/CVE-2005-0135 new file mode 100644 index 000000000..372db1a5a --- /dev/null +++ b/retired/CVE-2005-0135 @@ -0,0 +1,28 @@ +Candidate: CVE-2005-0135 +References: + REDHAT:RHSA-2005:284 + URL:http://www.redhat.com/support/errata/RHSA-2005-284.html + REDHAT:RHSA-2005:366 + URL:http://www.redhat.com/support/errata/RHSA-2005-366.html + CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148868 + CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41f2beablXVnAs_6fznhhITh1j5hZg + SECUNIA:15019 + URL:http://secunia.com/advisories/15019 +Description: + The unw_unwind_to_user function in unwind.c on Itanium (ia64) architectures in + Linux kernel 2.6 allows local users to cause a denial of service (system + crash). +Notes: + dannf> This is fixed in kernel-patch-2.4.27-ia64 +Bugs: +upstream: released (linux-2.4.29-ia64-050312.diff, 2.6.11) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-14) [ia64-unwind-fix.dpatch] +2.4.27-sarge-security: released (2.4.27-10) +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2005-0136 b/retired/CVE-2005-0136 new file mode 100644 index 000000000..b17e59201 --- /dev/null +++ b/retired/CVE-2005-0136 @@ -0,0 +1,18 @@ +Candidate: CVE-2005-0136 +References: + ** RESERVED ** +Description: +Notes: + dannf> This is fixed in kernel-patch-2.4.27-ia64 +Bugs: +upstream: released (linux-2.4.29-ia64-050312.diff, 2.6.11) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-14) [ia64-ptrace-fixes.dpatch, ia64-ptrace-speedup.dpatch] +2.4.27-sarge-security: released (2.4.27-10) +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-0137 b/retired/CVE-2005-0137 new file mode 100644 index 000000000..d20391d83 --- /dev/null +++ b/retired/CVE-2005-0137 @@ -0,0 +1,23 @@ +Candidate: CVE-2005-0137 +References: + REDHAT:RHSA-2005:284 + URL:http://www.redhat.com/support/errata/RHSA-2005-284.html + REDHAT:RHSA-2005:293 + URL:http://www.redhat.com/support/errata/RHSA-2005-293.html +Description: + Linux kernel 2.6 on Itanium (ia64) architectures allows local users to cause a + denial of service via a "missing Itanium syscall table entry." +Notes: + dannf> This is actually 2.4 specific - the mitre description is incorrect. +Bugs: +upstream: released (2.4.30-rc2) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: released (2.4.27-10) [165_arch-ia64-kernel-missing-sysctl.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-0176 b/retired/CVE-2005-0176 new file mode 100644 index 000000000..87dd16a60 --- /dev/null +++ b/retired/CVE-2005-0176 @@ -0,0 +1,27 @@ +Candidate: CVE-2005-0176 +References: + http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2 + http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 + http://www.redhat.com/support/errata/RHSA-2005-092.html + http://oval.mitre.org/oval/definitions/data/oval1225.html + http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commit;h=2637792e3d9ae50079238615fd16384a0d393b30 +Description: + The shmctl function in Linux 2.6.9 and earlier allows local users to unlock + the memory of other processes, which could cause sensitive memory to be swapped + to disk, which could allow it to be read by other users once it has been released. +Notes: + It appears that 2.6.8 and earlier are not vulnerable as prior to the + following patch, local users could not effect lock or unlock + http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commit;h=16698c49bbb42567c0bbc528d3820d18885e4642 + That is, only 2.6.10 is effected. +Bugs: +upstream: +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2005-0177 b/retired/CVE-2005-0177 new file mode 100644 index 000000000..c87b59549 --- /dev/null +++ b/retired/CVE-2005-0177 @@ -0,0 +1,26 @@ +Candidate: CVE-2005-0177 +References: + CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41e2bfbeOiXFga62XrBhzm7Kv9QDmQ + CONECTIVA:CLA-2005:930 + URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 + REDHAT:RHSA-2005:092 + URL:http://www.redhat.com/support/errata/RHSA-2005-092.html + BUGTRAQ:20050215 [USN-82-1] Linux kernel vulnerabilities + URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2 +Description: + nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows + attackers to cause a denial of service (kernel crash) via a buffer overflow. +Notes: + dannf> nls_ascii.c isn't in <= 2.4.27 +Bugs: +upstream: released (2.6.8.1, 2.6.11) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-14) [nls-table-overflow.dpatch] +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2005-0178 b/retired/CVE-2005-0178 new file mode 100644 index 000000000..eb3a56dd3 --- /dev/null +++ b/retired/CVE-2005-0178 @@ -0,0 +1,30 @@ +Candidate: CVE-2005-0178 +References: + CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41ddda70CWJb5nNL71T4MOlG2sMG8A + CONECTIVA:CLA-2005:930 + URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 + REDHAT:RHSA-2005:092 + URL:http://www.redhat.com/support/errata/RHSA-2005-092.html + BUGTRAQ:20050215 [USN-82-1] Linux kernel vulnerabilities + URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2 +Description: + Race condition in the setsid function in Linux before 2.6.8.1 allows local + users to cause a denial of service (crash) and possibly access portions of + kernel memory, related to TTY changes, locking, and semaphores. +Notes: + dannf> Alan Cox suggested that this is not a 2.4 issue: + Alan> Is it actually needed for 2.4. In the 2.4 case your controlling tty is + Alan> private not thread group so a setsid() can't race because you can't + Alan> setsid in the same thread as is opening current->tty. +Bugs: +upstream: released (2.6.8.1, 2.6.11) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-14) [setsid-race.dpatch] +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2005-0180 b/retired/CVE-2005-0180 new file mode 100644 index 000000000..01275bf59 --- /dev/null +++ b/retired/CVE-2005-0180 @@ -0,0 +1,28 @@ +Candidate: CVE-2005-0180 +References: + http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html + http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 + http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:218 + http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219 + http://www.redhat.com/support/errata/RHSA-2005-092.html +Description: + Multiple integer signedness errors in the sg_scsi_ioctl function in + scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel + memory via negative integers in arguments to the scsi ioctl, which + bypass a maximum length check before calling the copy_from_user and + copy_to_user functions. +Notes: + jmm> The 2.4.27 version, scsi_ioctl_send_command(), is not affected, as + jmm> intlen and outlen are unsigned ints +Bugs: +upstream: +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-12) [031-sg_scsi_ioctl_int_overflows.dpatch] +2.4.27-sarge-security: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-0204 b/retired/CVE-2005-0204 new file mode 100644 index 000000000..d663b2ed5 --- /dev/null +++ b/retired/CVE-2005-0204 @@ -0,0 +1,23 @@ +Candidate: CVE-2005-0204 +References: + REDHAT:RHSA-2005:092 + URL:http://www.redhat.com/support/errata/RHSA-2005-092.html +Description: + Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T + architectures, allows local users to write to privileged IO ports via the OUTS + instruction. +Notes: + jmm> 190_outs-2.diff had regressions +Bugs: 296700 +upstream: +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-14) [outs.dpatch] +2.4.27-sarge-security: released (2.4.27-9) [143_outs.diff] +2.4.27-sid: released (2.4.27-12) [190_outs-2.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-0207 b/retired/CVE-2005-0207 new file mode 100644 index 000000000..effeab57c --- /dev/null +++ b/retired/CVE-2005-0207 @@ -0,0 +1,27 @@ +Candidate: CVE-2005-0207 +References: + CONECTIVA:CLA-2005:930 + URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000930 + SUSE:SUSE-SA:2005:003 + URL:http://www.securityfocus.com/advisories/7880 + BID:12330 + URL:http://www.securityfocus.com/bid/12330 + http://www.acm.cs.rpi.edu/~dilinger/patches/2.6.10/as2/linux-2.6.10-as2/026-nfs_o_direct_error.patch + http://linux.bkbits.net:8080/linux-2.6/cset@41db2d65wbgJvuXTv4x9_quExW0vEA +Description: + Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS + clients to cause a denial of service via O_DIRECT. +Notes: + dannf> The vulnerable code doesn't exist in <= 2.4.27 +Bugs: +upstream: released (2.6.11) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-14) [nfs-O_DIRECT-fix.dpatch] +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2005-0209 b/retired/CVE-2005-0209 new file mode 100644 index 000000000..7c5941a6c --- /dev/null +++ b/retired/CVE-2005-0209 @@ -0,0 +1,25 @@ +Candidate: CVE-2005-0209 +References: + BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2 + CONECTIVA:CLA-2005:945 + URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945 + SUSE:SUSE-SA:2005:018 + URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html + http://oss.sgi.com/archives/netdev/2005-01/msg01072.html +Description: + Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of + service (kernel crash) via crafted IP packet fragments. +Notes: +Bugs: +upstream: +linux-2.6: +2.6.8-sarge-security: released (2.6.8-14) [skb-reset-ip_summed.dpatch] +2.4.27-sarge-security: released (2.4.27-9) [134_skb_reset_ip_summed.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-0210 b/retired/CVE-2005-0210 new file mode 100644 index 000000000..804e62c1b --- /dev/null +++ b/retired/CVE-2005-0210 @@ -0,0 +1,25 @@ +Candidate: CVE-2005-0210 +References: + BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2 + CONECTIVA:CLA-2005:945 + URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945 + SUSE:SUSE-SA:2005:018 + URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html +Description: + Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a denial of + service (memory consumption) via certain packet fragments that are reassembled + twice, which causes a data structure to be allocated twice. +Notes: +Bugs: +upstream: +linux-2.6: +2.6.8-sarge-security: released (2.6.8-15) [ip_copy_metadata_leak.dpatch, ip6_copy_metadata_leak.dpatch] +2.4.27-sarge-security: released (2.4.27-9) [146_ip6_copy_metadata_leak.diff, 147_ip_copy_metadata_leak.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-0384 b/retired/CVE-2005-0384 new file mode 100644 index 000000000..133e2209c --- /dev/null +++ b/retired/CVE-2005-0384 @@ -0,0 +1,31 @@ +Candidate: CVE-2005-0384 +References: + FEDORA:FLSA:152532 + URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532 + REDHAT:RHSA-2005:283 + URL:http://www.redhat.com/support/errata/RHSA-2005-283.html + REDHAT:RHSA-2005:284 + URL:http://www.redhat.com/support/errata/RHSA-2005-284.html + SUSE:SUSE-SA:2005:018 + URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html + TRUSTIX:2005-0009 + URL:http://www.trustix.org/errata/2005/0009/ + UBUNTU:USN-95-1 + URL:http://www.ubuntulinux.org/support/documentation/usn/usn-95-1 +Description: + Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows + remote attackers to cause a denial of service (kernel crash) via a pppd + client. +Notes: +Bugs: +upstream: +linux-2.6: +2.6.8-sarge-security: released (2.6.8-15) [drivers-net-ppp_async-fix-dos.dpatch] +2.4.27-sarge-security: released (2.4.27-9) [153_ppp_async_dos.diff] +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2005-0400 b/retired/CVE-2005-0400 new file mode 100644 index 000000000..840633425 --- /dev/null +++ b/retired/CVE-2005-0400 @@ -0,0 +1,32 @@ +Candidate: CVE-2005-0400 +References: + BUGTRAQ:20050401 Information leak in the Linux kernel ext2 implementation + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111238764720696&w=2 + MISC:http://arkoon.net/advisories/ext2-make-empty-leak.txt + FEDORA:FLSA:152532 + URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532 + UBUNTU:USN-103-1 + URL:http://www.ubuntulinux.org/support/documentation/usn/usn-103-1 + XF:kernel-ext2-information-disclosure(19866) + URL:http://xforce.iss.net/xforce/xfdb/19866 + CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6 + SECUNIA:14713 + URL:http://secunia.com/advisories/14713/ +Description: + The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not + properly initialize memory when creating a block for a new directory entry, + which allows local users to obtain potentially sensitive information by + reading the block. +Notes: +Bugs: 301799 303294 +upstream: released (2.6.11.6) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-16) [fs-ext2-info-leak.dpatch] +2.4.27-sarge-security: released (2.4.27-10) [156_fs-ext2-info-leak.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-0449 b/retired/CVE-2005-0449 new file mode 100644 index 000000000..62875ef27 --- /dev/null +++ b/retired/CVE-2005-0449 @@ -0,0 +1,20 @@ +Candidate: CVE-2005-0449 +References: + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0449 + http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1e01441051dda3bb01c455b6e20bce6d00563\d82 + http://oss.sgi.com/archives/netdev/2005-01/msg01107.html +Description: + The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to + cause a denial of service (kernel crash) or bypass firewall rules via crafted + packets, which are not properly handled by the skb_checksum_help function. +Notes: + ** CHANGES ABI ** + ipv4-fragment-queues-[1,2,2.1].dpatch are in sarge's 2.6.8. + ipv4-fragment-queues-[3,4].dpatch are awaiting an ABI event + . + 150_private_fragment_queues-[1,2].diff are awaiting a 2.4.27 ABI event +Bugs: +upstream: released (2.6.8.1) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-16sarge2) [ipv4-fragment-queues-1.dpatch, ipv4-fragment-queues-2.dpatch, ipv4-fragment-queues-3.dpatch, ipv4-fragment-queues-4.dpatch] +2.4.27-sarge-security: released (2.4.27-10sarge2) [150_private_fragment_queues-1.diff, 150_private_fragment_queues-2.diff] diff --git a/retired/CVE-2005-0528 b/retired/CVE-2005-0528 new file mode 100644 index 000000000..d896c0f6d --- /dev/null +++ b/retired/CVE-2005-0528 @@ -0,0 +1,28 @@ +Candidate: CVE-2005-0528 +References: +Description: +Notes: + From Joey's 2.4.18-14.4 changelog: + * Applied patch by Andrea Arcangeli from 2.4.24 to fix privilege + escalation in the mremap() syscall [mm/mremap.c, CAN-2004-nnnn] + jmm> Isn't this CVE-2004-0077? + dannf> Looks like this is a different issue. Joey's patch is here: + http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremap + dannf> But it doesn't look like mitre has released the details yet: + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0528 + jmm> The patch is merged as of 2.4.27, but I'm not sure at which exact version + dannf> It looks like this would apply to 2.6, but isn't necessary because + dannf> its already fixed in a different way. 2.6 checks for a 0 new_len + dannf> earlier and errors out + jmm> This turned out to be a dupe of CVE-2003-0985 +Bugs: +upstream: N/A +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) diff --git a/retired/CVE-2005-0529 b/retired/CVE-2005-0529 new file mode 100644 index 000000000..c941380b6 --- /dev/null +++ b/retired/CVE-2005-0529 @@ -0,0 +1,31 @@ +Candidate: CVE-2005-0529 +References: + FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke + URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2 + MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html + CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4201818eC6aMn0x3GY_9rw3ueb2ZWQ + CONECTIVA:CLA-2005:930 + URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 + SUSE:SUSE-SA:2005:018 + URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html + BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2 +Description: + Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset + arguments to the proc_file_read and locks_read_proc functions, which leads to + a heap-based buffer overflow when a signed comparison causes negative integers + to be used in a positive context. +Notes: + dannf> 2.4 doesn't do the signed cast, so it shouldn't be vulnerable +Bugs: +upstream: released (2.6.11) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-14) [115-proc_file_read_nbytes_signedness_fix.dpatch] +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2005-0530 b/retired/CVE-2005-0530 new file mode 100644 index 000000000..042124ce3 --- /dev/null +++ b/retired/CVE-2005-0530 @@ -0,0 +1,38 @@ +Candidate: CVE-2005-0530 +References: + FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke + URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2 + MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html + CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@420181322LZmhPTewcCOLkubGwOL3w + CONECTIVA:CLA-2005:930 + URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 + SUSE:SUSE-SA:2005:018 + URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html + BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2 +Description: + Signedness error in the copy_from_read_buf function in n_tty.c for Linux + kernel 2.6.10 and 2.6.11rc1 allows local users to read kernel memory via a + negative argument. +Notes: + dannf> This doesn't affect 2.4: + marcello> v2.4 does not suffer from the issue mentioned by Guninski because + marcello> the first argument of the arithmetic comparison is not casted + marcello> to a "signed" value: + . + marcello> n = min((ssize_t)*nr, n); + . + marcello> That was the problem in v2.6, where an unsigned value bigger than + marcello> 2^31 would be treated as a negative signed. +Bugs: +upstream: released (2.6.11) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-14) [116-n_tty_copy_from_read_buf_signedness_fixes.dpatch] +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2005-0531 b/retired/CVE-2005-0531 new file mode 100644 index 000000000..5a095abd9 --- /dev/null +++ b/retired/CVE-2005-0531 @@ -0,0 +1,20 @@ +Candidate: CVE-2005-0531 +References: + FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke + URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2 + MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html + CONFIRM:http://linux.bkbits.net:8080/linux-2.6/gnupatch@4208e1fcfccuD-eH2OGM5mBhihmQ3A + CONECTIVA:CLA-2005:930 + URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 + BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2 +Description: + The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before + 2.6.11-rc4 may allow local users to trigger a buffer overflow via negative + arguments. +Notes: +Bugs: +upstream: released (2.6.11-rc4) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-14) [123-atm_get_addr_signedness_fix.dpatch] +2.4.27-sarge-security: released (2.4.27-9) [151_atm_get_addr_signedness_fix.diff] diff --git a/retired/CVE-2005-0532 b/retired/CVE-2005-0532 new file mode 100644 index 000000000..ec7873f68 --- /dev/null +++ b/retired/CVE-2005-0532 @@ -0,0 +1,29 @@ +Candidate: CVE-2005-0532 +References: + FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke + URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2 + MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html + CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@42018227TkNpHlX6BefnItV_GqMmzQ + SUSE:SUSE-SA:2005:018 + URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html + BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2 +Description: + The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for + Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit + architectures, may allow local users to trigger a buffer overflow as a result + of casting discrepancies between size_t and int data types. +Notes: + dannf> Vulnerable code didn't exist in 2.4 +Bugs: +upstream: released (2.6.11-rc3) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-14) [117-reiserfs_file_64bit_size_t_fixes.dpatch] +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2005-0736 b/retired/CVE-2005-0736 new file mode 100644 index 000000000..d6d730db0 --- /dev/null +++ b/retired/CVE-2005-0736 @@ -0,0 +1,22 @@ +Candidate: CVE-2005-0736 +References: + http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032314.html + http://linux.bkbits.net:8080/linux-2.6/cset@422dd06a1p5PsyFhoGAJseinjEq3ew?nav=index.html|ChangeSet@-1d + http://www.novell.com/linux/security/advisories/2005_18_kernel.html + http://www.ubuntulinux.org/support/documentation/usn/usn-95-1 + http://www.securityfocus.com/bid/12763 +Description: + Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 + allows local users to overwrite kernel memory via a large number of events. +Notes: 2.4.* doesn't have epoll() +Bugs: +upstream: released (2.6.11.2) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2005-0749 b/retired/CVE-2005-0749 new file mode 100644 index 000000000..44137f1c8 --- /dev/null +++ b/retired/CVE-2005-0749 @@ -0,0 +1,28 @@ +Candidate: CVE-2005-0749 +References: + FEDORA:FLSA:152532 + URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532 + UBUNTU:USN-103-1 + URL:http://www.ubuntulinux.org/support/documentation/usn/usn-103-1 + CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6 + SECUNIA:14713 + URL:http://secunia.com/advisories/14713/ + XF:kernel-loadelflibrary-dos(19867) + URL:http://xforce.iss.net/xforce/xfdb/19867 +Description: + The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to + cause a denial of service (kernel crash) via a crafted ELF library or + executable, which causes a free of an invalid pointer. +Notes: +Bugs: 301799, 303498 +upstream: released (2.6.11.6) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-16) [fs-binfmt_elf-dos.dpatch] +2.4.27-sarge-security: released (2.4.27-10) [158_fs-binfmt_elf-dos.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-0750 b/retired/CVE-2005-0750 new file mode 100644 index 000000000..7b2ad7794 --- /dev/null +++ b/retired/CVE-2005-0750 @@ -0,0 +1,32 @@ +Candidate: CVE-2005-0750 +References: + BUGTRAQ:20050327 local root security bug in linux >= 2.4.6 <= 2.4.30-rc1 and 2.6.x.y <= 2.6.11.5 + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111204562102633&w=2 + FULLDISC:20050327 local root security bug in linux >= 2.4.6 <= 2.4.30-rc1 and 2.6.x.y <= 2.6.11.5 + URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032913.html + FEDORA:FLSA:152532 + URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532 + REDHAT:RHSA-2005:283 + URL:http://www.redhat.com/support/errata/RHSA-2005-283.html + REDHAT:RHSA-2005:284 + URL:http://www.redhat.com/support/errata/RHSA-2005-284.html + XF:kernel-bluezsockcreate-integer-underflow(19844) + URL:http://xforce.iss.net/xforce/xfdb/19844 +Description: + The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 + through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain + privileges via (1) socket or (2) socketpair call with a negative protocol + value. +Notes: +Bugs: 301799 +upstream: released (2.6.11.5) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-16) [net-bluetooth-signdness-fix.dpatch] +2.4.27-sarge-security: released (2.4.27-10) [155_net-bluetooth-signdness-fix.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-0756 b/retired/CVE-2005-0756 new file mode 100644 index 000000000..de676ae12 --- /dev/null +++ b/retired/CVE-2005-0756 @@ -0,0 +1,19 @@ +Candidate: CVE-2005-0756 +References: + http://www.ubuntulinux.org/support/documentation/usn/usn-137-1 +Description: + ptrace 2.6.8.1 does not properly verify addresses on the amd64 platform, + which allows local users to cause a denial of service (kernel crash). +Notes: +Bugs: +upstream: +linux-2.6: +2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-kernel-ptrace-canonical-rip-2.dpatch] +2.4.27-sarge-security: released (2.4.27-10sarge1) +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-0757 b/retired/CVE-2005-0757 new file mode 100644 index 000000000..49061609a --- /dev/null +++ b/retired/CVE-2005-0757 @@ -0,0 +1,21 @@ +Candidate: CVE-2005-0757 +References: +Description: + source: Trawled out of Red Hat's kernel-2.4.21-32.0.1.EL.src.rpm by Horms + inclusion: upstream code has been reworked and doesn't appear vulnerable + descrition: on 64 bit architectures incorrect handling of xattr offsets + may cause a local DoS + revision date: Fri, 29 Jul 2005 12:04:57 +0900 +Notes: +Bugs: +upstream: +2.4.27-sarge-security: released (2.4.27-10sarge1) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-ext3-64bit-offset.dpatch] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-0767 b/retired/CVE-2005-0767 new file mode 100644 index 000000000..48d7e7372 --- /dev/null +++ b/retired/CVE-2005-0767 @@ -0,0 +1,22 @@ +Candidate: CVE-2005-0767 +References: + http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945 + http://www.ubuntulinux.org/support/documentation/usn/usn-95-1 +Description: + Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allows + local users with DRI privileges to execute arbitrary code as root. +Notes: + horms> For the record: + horms> The patch seems to already be present in 2.6.11. + horms> And the bug does not seem to be present in 2.4.27. +Bugs: 297203 +upstream: released (2.6.11-rc4) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-15) +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2005-0815 b/retired/CVE-2005-0815 new file mode 100644 index 000000000..19302776b --- /dev/null +++ b/retired/CVE-2005-0815 @@ -0,0 +1,28 @@ +Candidate: CVE-2005-0815 +References: + BUGTRAQ:20050317 Linux ISO9660 handling flaws + URL:http://www.securityfocus.com/archive/1/393590 + CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.12-rc1 + FEDORA:FLSA:152532 + URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532 + BID:12837 + URL:http://www.securityfocus.com/bid/12837 + XF:kernel-iso9660-filesystem(19741) + URL:http://xforce.iss.net/xforce/xfdb/19741 +Description: + Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux + 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt + memory via a crafted filesystem. +Notes: +Bugs: 301799 +upstream: released (2.6.12-rc1) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-16) [fs-isofs-range-check-1.dpatch, fs-isofs-range-check-2.dpatch, fs-isofs-range-check-3.dpatch] +2.4.27-sarge-security: released (2.4.27-10) [157_fs-isofs-range-check-1.diff, 157_fs-isofs-range-check-2.diff, 157_fs-isofs-range-check-3.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-0839 b/retired/CVE-2005-0839 new file mode 100644 index 000000000..5a933031d --- /dev/null +++ b/retired/CVE-2005-0839 @@ -0,0 +1,23 @@ +Candidate: CVE-2005-0839 +References: + MLIST:[linux-kernel] 20050301 Re: Breakage from patch: Only root should be able to set the N_MOUSE line discipline. + URL:http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg64704.html + MISC:http://linux.bkbits.net:8080/linux-2.6/cset@41fa6464E1UuGu6zmketEYxm73KSyQ +Description: + Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE line + discipline for a TTY, which allows local users to gain privileges by injecting + mouse or keyboard events into other user sessions. +Notes: + dannf> This file isn't in <= 2.4.27 +Bugs: 301372 +upstream: released (2.6.11) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-16) [drivers-input-serio-nmouse.dpatch] +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2005-0867 b/retired/CVE-2005-0867 new file mode 100644 index 000000000..116d7497f --- /dev/null +++ b/retired/CVE-2005-0867 @@ -0,0 +1,22 @@ +Candidate: CVE-2005-0867 +References: + http://www.novell.com/linux/security/advisories/2005_18_kernel.html +Description: + Integer overflow in Linux kernel 2.6 allows local users to overwrite kernel + memory by writing to a sysfs file. +Notes: + horms> The Debian Packages for 2.6.8 and 2.6.11 do not appear to + horms> have this bug. 2.4.27 does not include sysfs, and thus + horma> also does not have this bug. + jmm> The patch for the vulnerability in question can be found in the BTS +Bugs: 306137 +upstream: +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2005-0916 b/retired/CVE-2005-0916 new file mode 100644 index 000000000..9ed5249f2 --- /dev/null +++ b/retired/CVE-2005-0916 @@ -0,0 +1,22 @@ +Candidate: CVE-2005-0916 +References: + http://groups-beta.google.com/group/linux.kernel/browse_thread/thread/13b43bd5783842f6/7ce3c5a514a497ab + http://linux.bkbits.net:8080/linux-2.6/cset%404248c8c0es30_4YVdwa6vteKi7h_nw + http://www.novell.com/linux/security/advisories/2005_50_kernel.html +Description: + AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with + CONFIG_HUGETLB_PAGE enabled allows local panic) via a process that executes + the io_queue_init function but exits without running io_queue_release, which + to fail. +Notes: +Bugs: +upstream: released (2.6.12) +linux-2.6: released (2.6.12-1) +2.6.8-sarge-security: released (2.6.8-16) [arch-ppc64-hugepage-aio-panic.dpatch] +2.4.27-sarge-security: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: diff --git a/retired/CVE-2005-1041 b/retired/CVE-2005-1041 new file mode 100644 index 000000000..c27caac5f --- /dev/null +++ b/retired/CVE-2005-1041 @@ -0,0 +1,22 @@ +Candidate: CVE-2005-1041 +References: + http://marc.theaimsgroup.com/?l=bk-commits-head&m=111186506706769&w=2 +Description: + The fib_seq_start function in fib_hash.c in Linux kernel allows local + users to cause a denial of service (system crash) via /proc/net/route. +Notes: + horms> 2.4.27 is not effected by 304548 as the buggy code is a complete + horms> rework for 2.6. I looked over the way that proc/route is handled + horms> for 2.4.27, and it seems fine. +Bugs: 304548 +upstream: released (2.6.11.5) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-16) +2.4.27-sarge-security: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-1263 b/retired/CVE-2005-1263 new file mode 100644 index 000000000..4c749bfd5 --- /dev/null +++ b/retired/CVE-2005-1263 @@ -0,0 +1,28 @@ +Candidate: CVE-2005-1263 +References: + BUGTRAQ:20050511 Linux kernel ELF core dump privilege elevation + URL:http://www.securityfocus.com/archive/1/397966 + MISC:http://www.isec.pl/vulnerabilities/isec-0023-coredump.txt + FRSIRT:ADV-2005-0524 + URL:http://www.frsirt.com/english/advisories/2005/0524 + OVAL:OVAL1122 + URL:http://oval.mitre.org/oval/definitions/data/oval1122.html +Description: + The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to + 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users + to execute arbitrary code via an ELF binary that, in certain conditions + involving the create_elf_tables function, causes a negative length argument + to pass a signed integer comparison, leading to a buffer overflow. +Notes: +Bugs: +upstream: released (2.2.27-rc2, 2.4.31-pre1, 2.6.12-rc4) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-16) +2.4.27-sarge-security: released (2.4.27-10) +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-1368 b/retired/CVE-2005-1368 new file mode 100644 index 000000000..03933ce25 --- /dev/null +++ b/retired/CVE-2005-1368 @@ -0,0 +1,23 @@ +Candidate: CVE-2005-1368 +References: + http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.8 + http://linux.bkbits.net:8080/linux-2.6/cset%40423078fafVa6mAyny23YZ87hDipmTw +Description: + The key_user_lookup function in security/keys/key.c in Linux kernel 2.6.10 to 2.6.11.8 may allow + attackers to cause a denial of service (oops) via SMP. +Notes: + horms> The fix for CAN-2005-1368 is in SVN for 2.6.11. + horms> The code that this bug manifests in is not present + horms> in 2.6.8 or 2.4.27. + jmm> The code in question isn't present in Woody either +Bugs: +upstream: released (2.6.11.8) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2005-1369 b/retired/CVE-2005-1369 new file mode 100644 index 000000000..10d7dd87f --- /dev/null +++ b/retired/CVE-2005-1369 @@ -0,0 +1,24 @@ +Candidate: CVE-2005-1369 +References: + http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.8 + http://lkml.org/lkml/2005/4/20/159 +Description: + The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before 2.6.11.8, + and 2.6.12 before 2.6.12-rc2, create the sysfs "alarms" file with write + permissions, which allows local users to cause a denial of service (CPU + consumption) by attempting to write to the file, which does not have an + associated store function. +Notes: + jmm> These drivers are not present in 2.4 +Bugs: 307552 +upstream: released (2.6.11.8) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-16) +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2005-1589 b/retired/CVE-2005-1589 new file mode 100644 index 000000000..da505ae32 --- /dev/null +++ b/retired/CVE-2005-1589 @@ -0,0 +1,36 @@ +Candidate: CVE-2005-1589 +References: + http://marc.theaimsgroup.com/?l=linux-kernel&m=111630531515901&w=2 + http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html + http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html + http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0047.html + http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10 + http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219 + http://www.frsirt.com/english/advisories/2005/0557 +Description: + The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) + in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before + passing an ioctl to the block device, which crosses security boundaries by + making kernel address space accessible from user space and allows local users + to cause a denial of service and possibly execute arbitrary code, a similar + vulnerability to CVE-2005-1264. +Notes: + horms> (discussing this and a similar problem): + horms> 2.6.8 is only vulnerable to the raw ioctl problem, + horms> which I believe is CAN-2005-1264. + horms> (unstable/testing-proposed-updates) and sarge-security + horms> (testing-security) branches and it should appear in 2.6.8-16 and + horms> 2.6.8-15sarge1 respectively. + horms> 2.4.27 does not appear to be vulnerable to either of these problems. +Bugs: 309429 +upstream: released (2.6.11.10), released (2.6.12-rc5) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-16) +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2005-1761 b/retired/CVE-2005-1761 new file mode 100644 index 000000000..13f917137 --- /dev/null +++ b/retired/CVE-2005-1761 @@ -0,0 +1,25 @@ +Candidate: CVE-2005-1761 +References: + http://www.novell.com/linux/security/advisories/2005_44_kernel.html + http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ea78729b8dbfc400fe165a57b90a394a7275a54 +Description: + Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users + to cause a denial of service (kernel crash) via ptrace and the + restore_sigcontext function. +Notes: + jmm> This uses arch-ia64-ptrace-restore_sigcontext.dpatch, correct? + dannf> 2.4 patch for ia64 from SuSE in: CVE-2005-1761-linux24.patch + dannf> Unfortunately, its against an older 2.4, so this doesn't apply + dannf> trivially +Bugs: +upstream: released (2.6.12.1) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-private-tss.dpatch, arch-x86_64-nmi.dpatch, arch-ia64-ptrace-getregs-putregs.dpatch, arch-ia64-ptrace-restore_sigcontext.dpatch] +2.4.27-sarge-security: released (2.4.27-10sarge2) [204_arch-ia64-ptrace-getregs-putregs.diff, 205_arch-ia64-ptrace-restore_sigcontext.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-1762 b/retired/CVE-2005-1762 new file mode 100644 index 000000000..cdf20f53e --- /dev/null +++ b/retired/CVE-2005-1762 @@ -0,0 +1,22 @@ +Candidate: CVE-2005-1762 +References: + http://www.novell.com/linux/security/advisories/2005_29_kernel.html + http://www.ubuntulinux.org/support/documentation/usn/usn-143-1 + http://secunia.com/advisories/15786 +Description: + The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 + platform allows local users to cause a denial of service (kernel + crash) via a "non-canonical" address. +Notes: +Bugs: +upstream: released (2.6.12-rc5) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch] +2.4.27-sarge-security: released (2.4.27-10sarge1) [169_arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-1764 b/retired/CVE-2005-1764 new file mode 100644 index 000000000..26a1a60b1 --- /dev/null +++ b/retired/CVE-2005-1764 @@ -0,0 +1,30 @@ +Candidate: CVE-2005-1764 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1764 + Final-Decision: + Interim-Decision: + Modified: + Proposed: + Assigned: 20050531 + Category: SF + CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=637716a3825e186555361574aa1fa3c0ebf8018b + CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=637716a3825e186555361574aa1fa3c0ebf8018bReference: SUSE:SUSE-SA:2005:029 + URL:http://freshmeat.net/articles/view/1678/ +Description: + Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard + page for the 47-bit address page to protect against an AMD K8 bug, + which allows local users to cause a denial of service. +Notes: + horms> I believe that only 2.6.11 is vulnerable to this +upstream: released (2.6.11.11) +2.6.8-sarge-security: N/A +2.4.27-sid/sarge: N/A +2.4.27-sarge-security: N/A +linux-2.6: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2005-1765 b/retired/CVE-2005-1765 new file mode 100644 index 000000000..f17d7dbcd --- /dev/null +++ b/retired/CVE-2005-1765 @@ -0,0 +1,24 @@ +Candidate: CVE-2005-1765 +References: + http://www.novell.com/linux/security/advisories/2005_29_kernel.html + http://www.ubuntulinux.org/support/documentation/usn/usn-143-1 +Description: + syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, + when running in 32-bit compatibility mode, allows local users to cause + a denial of service (kernel hang) via crafted arguments. +Notes: + jmm> I've extracted the patch from the Ubuntu update (CVE-2005-1765.patch) + dannf> This code was very different in 2.4, and we don't ship 2.4/amd64, so + I'll mark 2.4 N/A +Bugs: +upstream: +linux-2.6: +2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-mm-mmap.dpatch] +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2005-1767 b/retired/CVE-2005-1767 new file mode 100644 index 000000000..e1cbe9950 --- /dev/null +++ b/retired/CVE-2005-1767 @@ -0,0 +1,23 @@ +Candidate: CVE-2005-1767 +References: + CONFIRM:http://kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=51e31546a2fc46cb978da2ee0330a6a68f07541e + http://www.novell.com/linux/security/advisories/2005_44_kernel.html + http://www.ubuntu.com/usn/usn-187-1 +Description: + traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception + stack, which allows local users to cause a denial of service (oops and stack fault exception). +Notes: + This is already fixed in 2.6 and added for completeness. + Horms> This is amd64 specific, and thus should not affect 2.4 +Bugs: +upstream: released (2.6.12, 2.4.32) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-kernel-stack-faults.dpatch, arch-x86_64-nmi.dpatch, arch-x86_64-kernel-stack-faults.dpatch] +2.4.27-sarge-security: released (2.4.27-10sarge1) [181_arch-x86_64-kernel-stack-faults.diff] +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2005-1768 b/retired/CVE-2005-1768 new file mode 100644 index 000000000..00eb28330 --- /dev/null +++ b/retired/CVE-2005-1768 @@ -0,0 +1,34 @@ +Candidate: CVE-2005-1768 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1768 + Final-Decision: + Interim-Decision: + Modified: + Proposed: + Assigned: 20050531 + Category: SF + BUGTRAQ:20050711 [ Suresec Advisories ] - Linux kernel ia32 compatibility (ia64/x86-64) + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112110120216116&w=2 + MISC:http://www.suresec.org/advisories/adv4.pdf +Description: + Race condition in the ia32 compatibility code for the execve system + call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows + local users to cause a denial of service (kernel panic) and possibly + execute arbitrary code via a concurrent thread that increments a + pointer count after the nargs function has counted the pointers, but + before the count is copied from user space to kernel space, which + leads to a buffer overflow. +Notes: + 167_arch-ia64-x86_64_execve.diff (note 2.4 is not supported for amd64) +upstream: released (2.4.31, 2.6.6) +2.6.8-sarge-security: N/A +2.4.27-sid/sarge: released (2.4.27-11) +2.4.27-sarge-security: released (2.4.27-10sarge1) +linux-2.6: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-1913 b/retired/CVE-2005-1913 new file mode 100644 index 000000000..e3ccfe9f9 --- /dev/null +++ b/retired/CVE-2005-1913 @@ -0,0 +1,37 @@ +Candidate: CVE-2005-1913 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1913 + Final-Decision: + Interim-Decision: + Modified: + Proposed: + Assigned: 20050608 + Category: SF + CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.1 + UBUNTU:USN-178-1 + URL:http://www.ubuntu.com/usn/usn-178-1 + BID:14054 + URL:http://www.securityfocus.com/bid/14054 + SECUNIA:15786 + URL:http://secunia.com/advisories/15786/ + XF:kernel-subthread-dos(21138) + URL:http://xforce.iss.net/xforce/xfdb/21138 +Description: + The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a + denial of service (kernel panic) via a non group-leader thread + executing a different program than was pending in itimer, which causes + the signal to be delivered to the old group-leader task, which does + not exist. +Notes: +upstream: released (2.6.12.1) +2.6.8-sarge-security: N/A +2.4.27-sid/sarge: N/A +2.4.27-sarge-security: N/A +linux-2.6: released (2.6.12-1) [linux-2.6.12.1.patch] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-2098 b/retired/CVE-2005-2098 new file mode 100644 index 000000000..20aaf4f50 --- /dev/null +++ b/retired/CVE-2005-2098 @@ -0,0 +1,33 @@ +Candidate: CVE-2005-2098 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2098 + Final-Decision: + Interim-Decision: + Modified: + Proposed: + Assigned: 20050630 + Category: SF + CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5 + UBUNTU:USN-169-1 + URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1 + SECUNIA:16355 + URL:http://secunia.com/advisories/16355/ +Description: + The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before + 2.6.12.5 contains an error path that does not properly release the + session management semaphore, which allows local users or remote + attackers to cause a denial of service (semaphore hang) via a new + session keyring (1) with an empty name string, (2) with a long name + string, (3) with the key quota reached, or (4) ENOMEM. +upstream: released (2.6.12.5) +2.6.8-sarge-security: N/A +2.4.27-sid/sarge: N/A +2.4.27-sarge-security: N/A +linux-2.6: released (2.6.12-3) [linux-2.6.12.5.patch] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-2099 b/retired/CVE-2005-2099 new file mode 100644 index 000000000..15e33c8a5 --- /dev/null +++ b/retired/CVE-2005-2099 @@ -0,0 +1,32 @@ +Candidate: CVE-2005-2099 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2099 + Final-Decision: + Interim-Decision: + Modified: + Proposed: + Assigned: 20050630 + Category: SF + CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5 + UBUNTU:USN-169-1 + URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1 + SECUNIA:16355 + URL:http://secunia.com/advisories/16355/ +Description: + The Linux kernel before 2.6.12.5 does not properly destroy a keyring + that is not instantiated properly, which allows local users or remote + attackers to cause a denial of service (kernel oops) via a keyring + with a payload that is not empty, which causes the creation to fail, + leading toa null dereference in the keyring destructor. +upstream: released (2.6.12.5) +2.6.8-sarge-security: N/A +2.4.27-sid/sarge: N/A +2.4.27-sarge-security: N/A +linux-2.6: released (2.6.12-3) [linux-2.6.12.5.patch] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-2100 b/retired/CVE-2005-2100 new file mode 100644 index 000000000..343d09d61 --- /dev/null +++ b/retired/CVE-2005-2100 @@ -0,0 +1,24 @@ +Candidate: CVE-2005-2100 +References: + CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165547 + REDHAT:RHSA-2005:514 + URL:http://www.redhat.com/support/errata/RHSA-2005-514.html +Description: + The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in + Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows + local users to cause a denial of service (crash). +Notes: + horms> This is a bug in the Red Hat 4G/4G patch, and doesn't appear + in Upstream or Debian Kernels. +Bugs: +upstream: +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-2456 b/retired/CVE-2005-2456 new file mode 100644 index 000000000..90b2a29a1 --- /dev/null +++ b/retired/CVE-2005-2456 @@ -0,0 +1,32 @@ +Candidate: CVE-2005-2456 +References: + http://www.mail-archive.com/netdev@vger.kernel.org/msg00520.html + http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a4f1bac62564049ea4718c4624b0fadc9f597c84 + http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=8da3e25b2c4c1f305fd85428d3a9eb62b543bfba;hp=ecade4893a139cc35d4fe345ce70242ede5358c4;hb=a4f1bac62564049ea4718c4624b0fadc9f597c84;f=net/xfrm/xfrm_user.c + http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219 + http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:220 + http://www.ubuntulinux.org/support/documentation/usn/usn-169-1 + http://www.novell.com/linux/security/advisories/2005_50_kernel.html + http://www.securityfocus.com/bid/14477 + http://secunia.com/advisories/16298 + http://secunia.com/advisories/16500 + http://xforce.iss.net/xforce/xfdb/21710 +Description: + Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c + in Linux kernel 2.6 allows local users to cause a denial of service (oops + or deadlock) and possibly execute arbitrary code via a p->dir value that is + larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy + array. +Notes: +Bugs: 321401 +upstream: +linux-2.6: released (2.6.12-2) +2.6.8-sarge-security: released (2.6.8-16sarge1) +2.4.27-sarge-security: released (2.4.27-10sarge1) [176_ipsec-array-overflow.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-2457 b/retired/CVE-2005-2457 new file mode 100644 index 000000000..06715f7f6 --- /dev/null +++ b/retired/CVE-2005-2457 @@ -0,0 +1,27 @@ +Candidate: CVE-2005-2457 +References: + URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2457 + CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5 + UBUNTU:USN-169-1 + URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1 + BID:14614 + URL:http://www.securityfocus.com/bid/14614 + SECUNIA:16355 + URL:http://secunia.com/advisories/16355/ +Description: + The driver for compressed ISO file systems (zisofs) in the Linux + kernel before 2.6.12.5 allows local users and remote attackers to + cause a denial of service (kernel crash) via a crafted compressed ISO + file system. +upstream: released (2.6.12.5) +2.6.8-sarge-security: released (2.6.8-16sarge2) [zisofs.diff] +2.4.27-sid/sarge: pending [187_zisofs-2.diff] +2.4.27-sarge-security: released (2.4.27-10sarge2) [187_zisofs-2.diff] +linux-2.6: released (2.6.12-3) [linux-2.6.12.5.patch] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-2458 b/retired/CVE-2005-2458 new file mode 100644 index 000000000..6d7b55a27 --- /dev/null +++ b/retired/CVE-2005-2458 @@ -0,0 +1,32 @@ +Candidate: CVE-2005-2458 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2458 + Final-Decision: + Interim-Decision: + Modified: + Proposed: + Assigned: 20050805 + Category: SF + MLIST:[bug-gnu-utils] 19990625 Re: bug in gzip: segfault when doing "gzip -t" on a broken file + URL:http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html + CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5 + UBUNTU:USN-169-1 + URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1 + SECUNIA:16355 + URL:http://secunia.com/advisories/16355/ +Description: + inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 + allows remote attackers to cause a denial of service (kernel crash) + via a compressed file with "improper tables". +upstream: released (2.6.12.5) +linux-2.6: released (2.6.12-3) [linux-2.6.12.5.patch] +2.6.8-sarge-security: released (2.6.8-16sarge1) [linux-zlib-fixes.dpatch] +2.4.27-sid/sarge: released (2.4.27-11) [182_linux-zlib-fixes.diff] +2.4.27-sarge-security: released (2.4.27-10sarge1) [182_linux-zlib-fixes.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-2459 b/retired/CVE-2005-2459 new file mode 100644 index 000000000..2bdc6f428 --- /dev/null +++ b/retired/CVE-2005-2459 @@ -0,0 +1,31 @@ +Candidate: CVE-2005-2459 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2459 + MISC:http://bugs.gentoo.org/show_bug.cgi?id=94584 + CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5 + UBUNTU:USN-169-1 + URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1 + SECUNIA:16355 + URL:http://secunia.com/advisories/16355/ +Description: + The huft_build function in inflate.c in the zlib routines in the Linux + kernel before 2.6.12.5 returns the wrong value, which allows remote + attackers to cause a denial of service (kernel crash) via a certain + compressed file that leads to a null pointer dereference, a different + vulnerability than CVE-2005-2458. +Notes: + This is a bogus fix that was applied in 2.6.12.5 and reverted in 2.6.12.6 + http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.6 + We included the broken fix in the sarge1 releases, so this backs it out. +upstream: released (2.6.12.5) +linux-2.6: released (2.6.12.3) +2.6.8-sarge-security: released (2.6.8-16sarge1) [linux-zlib-fixes.dpatch] +2.4.27-sid/sarge: released (2.4.27-11) [182_linux-zlib-fixes.diff] +2.4.27-sarge-security: released (2.4.27-10sarge1) [182_linux-zlib-fixes.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-2490 b/retired/CVE-2005-2490 new file mode 100644 index 000000000..d06ca1724 --- /dev/null +++ b/retired/CVE-2005-2490 @@ -0,0 +1,36 @@ +Candidate: CVE-2005-2490 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2490 + Final-Decision: + Interim-Decision: + Modified: + Proposed: + Assigned: 20050808 + Category: SF + MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166248 + CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.1 + UBUNTU:USN-178-1 + URL:http://www.ubuntu.com/usn/usn-178-1 + BID:14785 + URL:http://www.securityfocus.com/bid/14785 + SECUNIA:16747 + URL:http://secunia.com/advisories/16747/ + XF:kernel-sendmsg-bo(22217) + URL:http://xforce.iss.net/xforce/xfdb/22217 +Description: + Stack-based buffer overflow in the sendmsg function call in the Linux + kernel 2.6 before 2.6.13.1 allows local users execute arbitrary code + by calling sendmsg and modifying the message contents in another + thread. +upstream: released (2.6.13.1), released (2.4.33-pre1) +linux-2.6: released (2.6.12-7, 2.6.13-1) [sendmsg-stackoverflow.patch, linux-2.6.13.1.patch] +2.6.8-sarge-security: released (2.6.8-16sarge2) [sendmsg-stackoverflow.dpatch] +2.4.27-sid/sarge: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-2492 b/retired/CVE-2005-2492 new file mode 100644 index 000000000..efc21d417 --- /dev/null +++ b/retired/CVE-2005-2492 @@ -0,0 +1,35 @@ +Candidate: CVE-2005-2492 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2492 + Final-Decision: + Interim-Decision: + Modified: + Proposed: + Assigned: 20050808 + Category: SF + MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166830 + CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.1 + UBUNTU:USN-178-1 + URL:http://www.ubuntu.com/usn/usn-178-1 + BID:14787 + URL:http://www.securityfocus.com/bid/14787 + SECUNIA:16747 + URL:http://secunia.com/advisories/16747/ + XF:kernel-rawsendmsg-obtain-information(22218) + URL:http://xforce.iss.net/xforce/xfdb/22218 +Description: + The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 + allows local users to cause a denial of service (change hardware + state) or read from arbitrary memory via crafted input. +upstream: released (2.6.13.1) +linux-2.6: released (2.6.12-7, 2.6.13-1) [sendmsg-DoS.patch, linux-2.6.13.1.patch] +2.6.8-sarge-security: N/A +2.4.27-sid/sarge: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-2548 b/retired/CVE-2005-2548 new file mode 100644 index 000000000..7aa9f590f --- /dev/null +++ b/retired/CVE-2005-2548 @@ -0,0 +1,27 @@ +Candidate: CVE-2005-2548 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2548 + Final-Decision: + Interim-Decision: + Modified: + Proposed: + Assigned: 20050812 + Category: SF + CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=309308 +Description: + vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a + denial of service (kernel oops from null dereference) via certain UDP + packets that lead to a function call with the wrong argument, as + demonstrated using snmpwalk on snmpd. +upstream: released (2.4.29) +2.6.8-sarge-security: released (2.6.8-16sarge1) [vlan-mii-ioctl.dpatch] +2.4.27-sid/sarge: N/A +2.4.27-sarge-security: N/A +linux-2.6: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-2553 b/retired/CVE-2005-2553 new file mode 100644 index 000000000..444d853ce --- /dev/null +++ b/retired/CVE-2005-2553 @@ -0,0 +1,24 @@ +Candidate: CVE-2005-2553 +References: + URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2553 + CONFIRM:http://lkml.org/lkml/2005/1/5/245 + CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@41dd3455GwQPufrGvBJjcUOXQa3WXA +Description: + The find_target function in ptrace32.c in the Linux kernel 2.4.x + before 2.4.29 does not properly handle a NULL return value from + another function, which allows local users to cause a denial of + service (kernel crash/oops) by running a 32-bit ltrace program with + the -i option on a 64-bit executable program. +Bugs: +upstream: released (2.4.29) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sid/sarge: pending [184_arch-x86_64-ia32-ptrace32-oops.diff] +2.4.27-sarge-security: released (2.4.27-10sarge1) [184_arch-x86_64-ia32-ptrace32-oops.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-2555 b/retired/CVE-2005-2555 new file mode 100644 index 000000000..4c4665195 --- /dev/null +++ b/retired/CVE-2005-2555 @@ -0,0 +1,21 @@ +Candidate: CVE-2005-2555 +References: + URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2555 +Description: + Linux kernel 2.6.x does not properly restrict socket policy access to users + with the CAP_NET_ADMIN capability, which could allow local users to conduct + unauthorized activities via (1) ipv4/ip_sockglue.c and + (2) ipv6/ipv6_sockglue.c. +Notes: +Bugs: +upstream: released (2.6.13) +linux-2.6: released (2.6.13-1) +2.6.8-sarge-security: released (2.6.8-16sarge2) +2.4.27-sarge-security: released (2.4.27-10sarge2) +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-2708 b/retired/CVE-2005-2708 new file mode 100644 index 000000000..8c10fd12f --- /dev/null +++ b/retired/CVE-2005-2708 @@ -0,0 +1,24 @@ +Candidate: CVE-2005-2708 +References: + CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161925 +Description: + The search_binary_handler function in exec.c in Linux kernel on 64-bit x86 + architectures does not check a return code for a particular function call when + virtual memory is low, which allows local users to cause a denial of service + (panic), as demonstrated by running a process using the bash ulimit -v + command. +Notes: + This bug only affects 2.4 and AMD64, a combination that does not exist in + Debian +Bugs: +upstream: released (2.4.33-pre1) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-2709 b/retired/CVE-2005-2709 new file mode 100644 index 000000000..12eb1c7e1 --- /dev/null +++ b/retired/CVE-2005-2709 @@ -0,0 +1,30 @@ +Candidate: CVE-2005-2709 +References: + CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob_plain;h=5dbbdc13a7bdbc132de44bc00e13079afaf033d0;f=2.6.14.1/cve-2005-2709-sysctl-unregistration-oops.patch +Description: + From: Al Viro + . + You could open the /proc/sys/net/ipv4/conf// file, then + wait for interface to go away, try to grab as much memory as possible in + hope to hit the (kfreed) ctl_table. Then fill it with pointers to your + function. Then do read from file you've opened and if you are lucky, + you'll get it called as ->proc_handler() in kernel mode. +Notes: + CVE is reserved, so we can't take the description from there yet + . + dannf> arch/s390/appldata/appldata_base.c doesn't exist in 2.4, so I dropped + dannf> that hunk in my backport + . + **THIS IS AN ABI CHANGE** +Bug: +upstream: released (2.6.14.1), released (2.4.33-pre1) +linux-2.6: released (2.6.14-3) +2.6.8-sarge-security: released (2.6.8-16sarge2) [sysctl-unregistration-oops.dpatch] +2.4.27-sarge-security: released (2.4.27-10sarge2) [196_sysctl-unregistration-oops.patch] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-2800 b/retired/CVE-2005-2800 new file mode 100644 index 000000000..6174e4950 --- /dev/null +++ b/retired/CVE-2005-2800 @@ -0,0 +1,24 @@ +Candidate: CVE-2005-2800 +References: + URL:http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2005-2800 +Description: + Memory leak in the seq_file implemenetation in the SCSI procfs interface + (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a + denial of service (memory consumption) via certain repeated reads from the + /proc/scsi/sg/devices file, which is not properly handled when the next() + iterator returns NULL or an error. +Notes: + dannf> seq_file is a 2.6ism, so marking 2.4 as N/A + dannf> There's a trivial test case - can it be reproduce this on 2.4? +Bugs: +upstream: released (2.6.12.6) +linux-2.6: released (2.6.12-6) +2.6.8-sarge-security: released (2.6.8-16sarge2) +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2005-2801 b/retired/CVE-2005-2801 new file mode 100644 index 000000000..975e4eec2 --- /dev/null +++ b/retired/CVE-2005-2801 @@ -0,0 +1,26 @@ +Candidate: CVE-2005-2801 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801 + MLIST:[Acl-Devel] 20050205 [FIX] Long-standing xattr sharing bug + URL:http://acl.bestbits.at/pipermail/acl-devel/2005-February/001848.html + MLIST:[debian-kernel] 20050809 Re: ACL patches in Debian 2.4 series kernel. + URL:http://lists.debian.org/debian-kernel/2005/08/msg00238.html + SUSE:SUSE-SA:2005:018 + URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html +Description: + xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 + does not properly compare the name_index fields when sharing xattr + blocks, which could prevent default ACLs from being applied. +Bugs: 332381 +upstream: released (2.6.11) +2.6.8-sarge-security: released (2.6.8-16sarge1) [fs_ext2_ext3_xattr-sharing.dpatch] +2.4.27-sarge-security: released (2.4.27-10sarge1) [178_fs_ext2_ext3_xattr-sharing.diff] +2.4.27-sid: released (2.4.27-12) [178_fs_ext2_ext3_xattr-sharing.diff] +linux-2.6: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-2872 b/retired/CVE-2005-2872 new file mode 100644 index 000000000..5fb79ff8a --- /dev/null +++ b/retired/CVE-2005-2872 @@ -0,0 +1,31 @@ +Candidate: CVE-2005-2872 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2872 + Final-Decision: + Interim-Decision: + Modified: + Proposed: + Assigned: 20050909 + Category: SF + Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322237 + Reference: + CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/lsm-2.6.git;a=commit;h=bcfff0b471a60df350338bcd727fc9b8a6aa54b2 +Description: + The ipt_recent kernel module (ipt_recent.c) in Linux kernel before + 2.6.12, when running on 64-bit processors such as AMD64, allows remote + attackers to cause a denial of service (kernel panic) via certain + attacks such as SSH brute force, which leads to memset calls using a + length based on the u_int32_t type, acting on an array of unsigned + long elements, a different vulnerability than CVE-2005-2873. +upstream: released (2.6.12) +2.6.8-sarge-security: released (2.6.8-16sarge1) [net-ipv4-netfilter-ip_recent-last_pkts.dpatch] +2.4.27-sid/sarge: released (2.4.27-12) [179_net-ipv4-netfilter-ip_recent-last_pkts.diff] +2.4.27-sarge-security: released (2.4.27-10sarge1) [179_net-ipv4-netfilter-ip_recent-last_pkts.diff] +linux-2.6: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-2973 b/retired/CVE-2005-2973 new file mode 100644 index 000000000..ba46533dc --- /dev/null +++ b/retired/CVE-2005-2973 @@ -0,0 +1,21 @@ +Candidate: CVE-2005-2973 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973 + CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4342df67SNhRx_3FGhUrrU-FXLlQIA +Description: + Fix infinite loop in udp_v6_get_port(). +Bugs: +Notes: + submitted for inclusion in 2.4.32-rc2 +upstream: released (2.6.14-rc4) +2.6.8-sarge-security: released (2.6.8-16sarge2) [net-ipv6-udp_v6_get_port-loop.patch] +2.4.27-sarge-security: released (2.4.27-10sarge2) [195_net-ipv6-udp_v6_get_port-loop.diff] +2.4.27-sarge/sid: pending (2.4.27-12) +linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1) +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3053 b/retired/CVE-2005-3053 new file mode 100644 index 000000000..27a385f0b --- /dev/null +++ b/retired/CVE-2005-3053 @@ -0,0 +1,28 @@ +Candidate: CVE-2005-3053 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3053 + Final-Decision: + Interim-Decision: + Modified: + Proposed: + Assigned: 20050926 + Category: SF + Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@42eef8b09C5r6iI0LuMe5Uy3k05c5g +Description: + The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x + allows local users to cause a denial of service (kernel BUG()) via a + negative first argument. +Notes: + horms> http://lkml.org/lkml/2005/9/30/218 +upstream: released (2.6.12.5) +linux-2.6: released (2.6.12-3) +2.6.8-sarge-security: released (2.6.8-16sarge2) [mempolicy-check-mode.dpatch] +2.4.27-sid/sarge: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3055 b/retired/CVE-2005-3055 new file mode 100644 index 000000000..c4da25294 --- /dev/null +++ b/retired/CVE-2005-3055 @@ -0,0 +1,33 @@ +Candidate: CVE-2005-3055 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3055 + Final-Decision: + Interim-Decision: + Modified: + Proposed: + Assigned: 20050926 + Category: SF + MLIST:[linux-kernel] 20050925 [BUG/PATCH/RFC] Oops while completing async USB via usbdevio + URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=112766129313883 +Description: + Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial + of service (kernel OOPS) via a userspace process that issues a USB + Request Block (URB) to a USB device and terminates before the URB is + finished, which leads to a stale pointer reference. +Notes: + horms> http://lkml.org/lkml/mbox/2005/10/11/90 + horms> http://lkml.org/lkml/2005/10/11/90 + horms> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330287;msg=21 +Bugs: 330287, 332587 +upstream: released (2.6.14-rc4) +linux-2.6: released (2.6.14-1) +2.6.8-sarge-security: released (2.6.8-16sarge2) +2.4.27-sid/sarge: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3106 b/retired/CVE-2005-3106 new file mode 100644 index 000000000..7b2b2e997 --- /dev/null +++ b/retired/CVE-2005-3106 @@ -0,0 +1,33 @@ +Candidate: CVE-2005-3106 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3106 + Final-Decision: + Interim-Decision: + Modified: + Proposed: + Assigned: 20050930 + Category: SF + CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.156?nav=index.html|src/|src/fs|hist/fs/exec.c +Description: + Race condition in Linux 2.6, when threads are sharing memory mapping + via CLONE_VM (such as linuxthreads and vfork), might allow local users + to cause a denial of service (deadlock) by triggering a core dump + while waiting for a thread that has just performed an exec. + . + Extra information from Moritz Muehlenhof: + CVE-2005-3106: + DoS through race condition in processes that share a memory mapping through + CLONE_VM + http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.156?nav=index.html|src/|src/fs|hist/fs/exec.c +upstream: released (2.6.11) +2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-exec-ptrace-core-exec-race.dpatch] +2.4.27-sid/sarge: N/A +2.4.27-sarge-security: N/A +linux-2.6: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3107 b/retired/CVE-2005-3107 new file mode 100644 index 000000000..5123c7b37 --- /dev/null +++ b/retired/CVE-2005-3107 @@ -0,0 +1,33 @@ +Candidate: CVE-2005-3107 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3107 + Final-Decision: + Interim-Decision: + Modified: + Proposed: + Assigned: 20050930 + Category: SF + CONFIRM:http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.11-rc1/2.6.11-rc1-mm1/broken-out/fix-coredump_wait-deadlock-with-ptracer-tracee-on-shared-mm.patch + CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.155?nav=index.html|src/|src/fs|hist/fs/exec.c +Description: + fs/exec.c in Linux 2.6, when one thread is tracing another thread that + shares the same memory map, might allow local users to cause a denial + of service (deadlock) by forcing a core dump when the traced thread is + in the TASK_TRACED state. + . + Extra information from Moritz Muehlenhof: + Local DoS through threads tracing each other by forcing a core dump, while the traced + thread is in TASK_TRACED state. + http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.11-rc1/2.6.11-rc1-mm1/broken-out/fix-coredump_wait-deadlock-with-ptracer-tracee-on-shared-mm.patch +upstream: released (2.6.11) +2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-exec-ptrace-deadlock.dpatch] +2.4.27-sid/sarge: N/A +2.4.27-sarge-security: N/A +linux-2.6: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3108 b/retired/CVE-2005-3108 new file mode 100644 index 000000000..54985b8e0 --- /dev/null +++ b/retired/CVE-2005-3108 @@ -0,0 +1,31 @@ +Candidate: CVE-2005-3108 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3108 + Final-Decision: + Interim-Decision: + Modified: + Proposed: + Assigned: 20050930 + Category: SF + CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2 +Description: + mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to + cause a denial of service or an information leak via an iremap on a + certain memory map that causes the iounmap to perform a lookup of a + page that does not exist. +Notes: + Extra information from Moritz Muehlenhof: + DoS and potential information leak in ioremap (seemingly specific to amd64) + http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2 +upstream: released (2.6.11.12) +2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-mm-ioremap-page-lookup.dpatch] +2.4.27-sid/sarge: N/A +2.4.27-sarge-security: N/A +linux-2.6: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3109 b/retired/CVE-2005-3109 new file mode 100644 index 000000000..2d36440f0 --- /dev/null +++ b/retired/CVE-2005-3109 @@ -0,0 +1,32 @@ +Candidate: CVE-2005-3109 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3109 + Final-Decision: + Interim-Decision: + Modified: + Proposed: + Assigned: 20050930 + Category: SF + CONFIRM:http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=945b092011c6af71a0107be96e119c8c08776f3f +Description: + The HFS and HFS+ (hfsplus) modules in Linux 2.6 allows attackers to + cause a denial of service (oops) by using hfsplus to mount a + filesystem that is not hfsplus. +Notes: + Extra information from Moritz Muehlenhof: + Local DoS through oops by mounting a non-HFS+ filesystem as HFS+. + Asking upstream about 2.4: http://lkml.org/lkml/2005/10/7/3/index.html + dannf> Looks like, from the above thread, that 2.4 is not affected; marking + as such. +upstream: released (2.6.11.12) +2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-hfs-oops-and-leak.dpatch] +2.4.27-sid/sarge: N/A +2.4.27-sarge-security: N/A +linux-2.6: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2005-3110 b/retired/CVE-2005-3110 new file mode 100644 index 000000000..7b5f4922c --- /dev/null +++ b/retired/CVE-2005-3110 @@ -0,0 +1,32 @@ +Candidate: CVE-2005-3110 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3110 + Final-Decision: + Interim-Decision: + Modified: + Proposed: + Assigned: 20050930 + Category: SF + Reference: CONFIRM:http://sourceforge.net/mailarchive/forum.php?thread_id=6800453&forum_id=8572 +Description: + Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, + when running on an SMP system that is operating under a heavy load, + might allow remote attackers to cause a denial of service (crash) via + a series of packets that cause a value to be modified after it has + been read but before it has been locked. +Notes: + Extra information from Moritz Muehlenhof: + DoS on SMP, potentially 2.4 and 2.6 + http://sourceforge.net/mailarchive/forum.php?thread_id=6800453&forum_id=8572 +upstream: released (2.6.11.11) +2.6.8-sarge-security: released (2.6.8-16sarge1) [net-bridge-netfilter-etables-smp-race.dpatch] +2.4.27-sid/sarge: N/A +2.4.27-sarge-security: N/A +linux-2.6: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3119 b/retired/CVE-2005-3119 new file mode 100644 index 000000000..85710594d --- /dev/null +++ b/retired/CVE-2005-3119 @@ -0,0 +1,30 @@ +Candidate: CVE-2005-3119 +References: + URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3119 + CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@43483fddCiQX1WyG_orbko06TrjMVA + REDHAT:RHSA-2005:808 + URL:http://www.redhat.com/support/errata/RHSA-2005-808.html + SECUNIA:17364 + URL:http://secunia.com/advisories/17364 +Description: + Memory leak in the request_key_auth_destroy function in request_key_auth in Linux + kernel 2.6.13 and earlier allows local users to cause a denial of service (memory + consumption) via a large number of authorization token keys. +Notes: + Plug request_key_auth memleak. This can be triggered by unprivileged + users, so is local DoS. + http://www.ussg.iu.edu/hypermail/linux/kernel/0510.0/1860.html + . + dannf> This file doesn't exist in 2.6.8, so sarge isn't vulnerable +upstream: released (2.6.13.4, 2.6.14) +linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1) +2.6.8-sarge-security: N/A +2.4.27-sid/sarge: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3179 b/retired/CVE-2005-3179 new file mode 100644 index 000000000..f2b7e5470 --- /dev/null +++ b/retired/CVE-2005-3179 @@ -0,0 +1,27 @@ +Candidate: CVE-2005-3179 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3179 + Reference: CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=d7067d7d1f92cba14963a430cfbd53098cbbc8fd + Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=107893 +Description: + drm.c in Linux kernel 2.6.13 and earlier creates a debug file in sysfs + with world-readable and world-writable permissions, which allows local + users to enable DRM debugging and obtain sensitive information. +Notes: + (from Horms) + > > From: Dave Jones + > > + > > Please consider for next 2.6.13, it is a minor security issue allowing + > > users to turn on drm debugging when they shouldn't... +upstream: released (2.6.13.4) +linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1) +2.6.8-sarge-security: N/A +2.4.27-sid/sarge: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3180 b/retired/CVE-2005-3180 new file mode 100644 index 000000000..70d585c35 --- /dev/null +++ b/retired/CVE-2005-3180 @@ -0,0 +1,31 @@ +Candidate: CVE-2005-3180 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180 + CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=feecb2ffde28639e60ede769c6f817dc536c677b +Description: + The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does + not properly clear memory from a previously used packet whose length + is increased, which allows remote attackers to obtain sensitive + information. +Notes: + > > From: Pavel Roskin + > > + > > The orinoco driver can send uninitialized data exposing random pieces of + > > the system memory. This happens because data is not padded with zeroes + > > when its length needs to be increased. + horms> a better fix for this is + horms> http://mirror.local.valinux.co.jp/linux/kernel/v2.6/ChangeLog-2.6.15 + horms> 192_orinoco-info-leak.diff is missing the ALIGN macro which is not + horms> defined elsewhere in 2.4. + horms> is added by 192_orinoco-info-leak-2.diff +upstream: released (2.6.13.4), released (2.4.33-pre2) +linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1) +2.6.8-sarge-security: released (2.6.8-16sarge2) [orinoco-info-leak.dpatch] +2.4.27-sarge-security: released (2.4.27-10sarge2) [192_orinoco-info-leak.diff, 192_orinoco-info-leak-2.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3181 b/retired/CVE-2005-3181 new file mode 100644 index 000000000..614a43ea9 --- /dev/null +++ b/retired/CVE-2005-3181 @@ -0,0 +1,24 @@ +Candidate: CVE-2005-3181 +References: + URL: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2005-3181 + CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=829841146878e082613a49581ae252c071057c23 +Description: + Linux kernel before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an + incorrect function to free names_cache memory, which prevents the memory + from being tracked by AUDITSYSCALL code and leads to a memory leak that + allows attackers to cause a denial of service (memory consumption). +Notes: + 2.4 isn't vulnerable because AUDITSYSCALL doesn't exist in 2.4 +Bugs: +upstream: released (2.6.13.4) +2.6.8-sarge-security: released (2.6.8-16sarge2) +2.4.27-sarge-security: N/A +2.4.27-sarge/sid: N/A +linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1) +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3257 b/retired/CVE-2005-3257 new file mode 100644 index 000000000..f2dfa81ff --- /dev/null +++ b/retired/CVE-2005-3257 @@ -0,0 +1,25 @@ +Candidate: CVE-2005-3257 +References: + URL: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2005-3257 + CONFIRM: http://article.gmane.org/gmane.linux.debian.devel.bugs.general/8533 +Description: + The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12 allows local + users to use the KDSKBSENT ioctl on terminals of other users and gain + privileges, as demonstrated by modifying key bindings using loadkeys. +Bugs: 334113 +Notes: + The first patch is the bit that adds the capability check; the second + one makes it less anal (only apply to writes). + jmm> The patch targeted to 2.6.14.4 is slightly different, needs to be + jmm> sorted out. +upstream: released (2.4.32-rc3), released (2.6.15-rc1), released (2.6.14.4) +2.6.8-sarge-security: released (2.6.8-16sarge2) [setkeys-needs-root-1.dpatch, setkeys-needs-root-2.dpatch] +2.4.27-sarge-security: released (2.4.27-10sarge2) [197_setkeys-needs-root-1.diff, 197_setkeys-needs-root-2.diff] +linux-2.6: released (2.6.14-6) +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3271 b/retired/CVE-2005-3271 new file mode 100644 index 000000000..f2300a6c3 --- /dev/null +++ b/retired/CVE-2005-3271 @@ -0,0 +1,24 @@ +Candidate: CVE-2005-3271 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3271 + MLIST:[linux-kernel] 20040911 [PATCH] exec: fix posix-timers leak and pending signal loss + URL:http://www.ussg.iu.edu/hypermail/linux/kernel/0409.1/1107.html + CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@414b332fsZQvEUsfzKJIo-q2_ZH0hg +Description: + Exec in Linux kernel 2.6 does not properly clear posix-timers in + multi-threaded environments, which results in a resource leak and + could allow a large number of multiple local users to cause a denial + of service by using more posix-timers than specified by the quota for + a single user. +Bugs: +upstream: released (2.6.9) +2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-exec-posix-timers-leak-1.dpatch] +2.4.27-sarge-security: N/A +linux-2.6: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3272 b/retired/CVE-2005-3272 new file mode 100644 index 000000000..62faaf83b --- /dev/null +++ b/retired/CVE-2005-3272 @@ -0,0 +1,20 @@ +Candidate: CVE-2005-3272 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3272 + CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3097.18.19?nav=index.html|src/|src/net|src/net/bridge|related/net/bridge/br_input.c +Description: + Linux kernel before 2.6.12 allows remote attackers to poison the + bridge forwarding table using frames that have already been dropped by + filtering, which can cause the bridge to forward spoofed packets. +Bugs: +upstream: released (2.6.12) +2.6.8-sarge-security: released (2.6.8-16sarge1) [net-bridge-forwarding-poison-1.dpatch, net-bridge-mangle-oops-1.dpatch, net-bridge-mangle-oops-2.dpatch] +2.4.27-sarge-security: N/A +linux-2.6: released (2.6.12-1) +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3273 b/retired/CVE-2005-3273 new file mode 100644 index 000000000..7226e3d86 --- /dev/null +++ b/retired/CVE-2005-3273 @@ -0,0 +1,22 @@ +Candidate: CVE-2005-3273 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3273 + CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/net/rose/rose_route.c@1.16?nav=index.html|src/|src/net|src/net/rose|related/net/rose/rose_route.c|cset@1.2009.1.46 + CONFIRM:http://lkml.org/lkml/2005/5/23/169 +Description: + The rose_rt_ioctl function in rose_route.c for ROSE in Linux 2.6 + kernels prior to 2.6.12 does not properly verify the ndigis argument + for a new route, which allows attackers to trigger array out-of-bounds + errors with a large number of digipeats. +Bugs: +upstream: released (2.6.12) +2.6.8-sarge-security: released (2.6.8-16sarge1) [net-rose-ndigis-verify.dpatch] +2.4.27-sarge-security: N/A +linux-2.6: released (2.6.12-1) +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3274 b/retired/CVE-2005-3274 new file mode 100644 index 000000000..46e16aab9 --- /dev/null +++ b/retired/CVE-2005-3274 @@ -0,0 +1,24 @@ +Candidate: CVE-2005-3274 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3274 + CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=e684f066dff5628bb61ad1912de6e8058b5b4c7d + CONFIRM:http://lkml.org/lkml/2005/6/23/249 + CONFIRM:http://lkml.org/lkml/2005/6/24/173 +Description: + Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 + before 2.4.32-pre2, when running on SMP systems, allows local users to + cause a denial of service (null dereference) by causing a connection + timer to expire while the connection table is being flushed before the + appropriate lock is acquired. +Bugs: +upstream: released (2.6.13, 2.4.32-pre2) +linux-2.6: released (2.6.13-1) +2.6.8-sarge-security: released (2.6.8-16sarge1) [net-ipv4-ipvs-conn_tab-race.dpatch] +2.4.27-sarge-security: released (2.4.27-10sarge1) +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3275 b/retired/CVE-2005-3275 new file mode 100644 index 000000000..9fc10e886 --- /dev/null +++ b/retired/CVE-2005-3275 @@ -0,0 +1,23 @@ +Candidate: CVE-2005-3275 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275 + CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3596.79.34?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_proto_udp.c +Description: + The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in + Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly + declares a variable to be static, which allows remote attackers to + cause a denial of service (memory corruption) by causing two packets + for the same protocol to be NATed at the same time, which leads to + memory corruption. +Bugs: +upstream: released (2.6.12.3) +2.6.8-sarge-security: released (2.6.8-16sarge1) [netfilter-NAT-memory-corruption.dpatch] +2.4.27-sarge-security: released (2.4.27-10sarge1) [174_net-ipv4-netfilter-nat-mem.diff] +linux-2.6: released (2.6.12-1) +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3276 b/retired/CVE-2005-3276 new file mode 100644 index 000000000..56a01b840 --- /dev/null +++ b/retired/CVE-2005-3276 @@ -0,0 +1,21 @@ +Candidate: CVE-2005-3276 +References: + CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3700.4.106?nav=index.html|src/|src/arch|src/arch/i386|src/arch/i386/kernel|related/arch/i386/kernel/process.c + CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=71ae18ec690953e9ba7107c7cc44589c2cc0d9f1 + URL:http://lkml.org/lkml/2005/8/3/36 +Description: + The sys_get_thread_area function in Linux 2.6 kernels prior to 2.6.12.4 and + 2.6.13 does not entirely clear a user_desc structure before copying it + to userspace, resulting in a small information leak. +Bugs: +upstream: released (2.6.12.4) +linux-2.6: released (2.6.12-2) +2.6.8-sarge-security: released (2.6.8-16sarge1) [sys_get_thread_area-leak.dpatch] +2.4.27-sarge-security: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3356 b/retired/CVE-2005-3356 new file mode 100644 index 000000000..4da47902a --- /dev/null +++ b/retired/CVE-2005-3356 @@ -0,0 +1,34 @@ +Candidate: CVE-2005-3356 +References: + http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=7c7dce9209161eb260cdf9e9172f72c3a02379e6h+p=12dbf3fc4d06d2c0c4c44dc0612df04248b3cfd3 +Description: + [PATCH] Fix double decrement of mqueue_mnt->mnt_count in sys_mq_open + . + Fixed the refcounting on failure exits in sys_mq_open() and + cleaned the logics up. Rules are actually pretty simple - dentry_open() + expects vfsmount and dentry to be pinned down and it either transfers + them into created struct file or drops them. Old code had been very + confused in that area - if dentry_open() had failed either in do_open() + or do_create(), we ended up dentry and mqueue_mnt dropped twice, once + by dentry_open() cleanup and then by sys_mq_open(). + . + Fix consists of making the rules for do_create() and do_open() + same as for dentry_open() and updating the sys_mq_open() accordingly; + that actually leads to more straightforward code and less work on + normal path. + . + Signed-off-by: Al Viro + Signed-off-by: Linus Torvalds +Notes: + jmm> Discovered by Doug Chapman +Bugs: +upstream: released (2.6.15.2) +linux-2.6: released (2.6.15-4) +2.6.8-sarge-security: released (2.6.8-16sarge2) +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2005-3358 b/retired/CVE-2005-3358 new file mode 100644 index 000000000..bcb2ae93a --- /dev/null +++ b/retired/CVE-2005-3358 @@ -0,0 +1,22 @@ +Candidate: CVE-2005-3358 +References: + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175683 +Description: + Linux kernel 2.6.x, possibly before 2.6.11, allows local users to + cause a denial of service (panic) via a set_mempolicy call with a + 0 bitmask, which causes a panic when a page fault occurs. +Notes: + jmm> This was initially believed to be fixed as of 2.6.11, but this + jmm> turned out to be wrong. +Bugs: +upstream: released (2.6.15) +linux-2.6: released (2.6.15-1) +2.6.8-sarge-security: released (2.6.8-16sarge2) [mempolicy-undefined-nodes.dpatch] +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2005-3359 b/retired/CVE-2005-3359 new file mode 100644 index 000000000..54534cbd1 --- /dev/null +++ b/retired/CVE-2005-3359 @@ -0,0 +1,35 @@ +Candidate: CVE-2005-3359 +References: + http://linux.bkbits.net:8080/linux-2.6/cset@4339c66aLroC1_zunYKhEIbtIWrnwg + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175769 + http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a79af59efd20990473d579b1d8d70bb120f0920c + CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4339c66aLroC1_zunYKhEIbtIWrnwg + CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175769 + UBUNTU:USN-263-1 + URL:http://www.ubuntulinux.org/support/documentation/usn/usn-263-1 + BID:17078 + URL:http://www.securityfocus.com/bid/17078 + SECUNIA:19220 + URL:http://secunia.com/advisories/19220 +Description: + The atm module in Linux kernel 2.6 before 2.6.14 allows local users to cause a + denial of service (panic) via certain socket calls that produce inconsistent + reference counts for loadable protocol modules. +Notes: + dannf> Easily reproduced on 2.6.8, not reproducible on 2.4.27, so marking + dannf> 2.4 N/A + . + dannf> Note that atm is marked experimental in 2.6.8, and is not built + dannf> as a module on i386, amd64 or ia64 - but of course users could + dannf> build their own kernels, and this isn't atm specific +Bugs: +upstream: released (2.6.14) +linux-2.6: released (2.6.14-1) +2.6.8-sarge-security: released (2.6.8-16sarge3) +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2005-3623 b/retired/CVE-2005-3623 new file mode 100644 index 000000000..928c8ebd9 --- /dev/null +++ b/retired/CVE-2005-3623 @@ -0,0 +1,21 @@ +Candidate: CVE-2005-3623 +References: + http://permalink.gmane.org/gmane.linux.kernel/360868 +Description: + We must check for MAY_SATTR before setting acls, which includes + checking for read-only exports: the lower-level setxattr operation + that eventually sets the acl cannot check export-level restrictions. +Notes: + jmm> NFS ACLs were only introduced somewhere between 2.6.12-2.6.14, so + jmm> Sarge and Woody are not vulnerable +Bugs: +upstream: released (2.6.14.5), released (2.6.15-pre7) +linux-2.6: released (2.6.14-7) +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2005-3783 b/retired/CVE-2005-3783 new file mode 100644 index 000000000..5edfb1da8 --- /dev/null +++ b/retired/CVE-2005-3783 @@ -0,0 +1,22 @@ +Candidate: CVE-2005-3783 +References: + http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=commit;h=082d52c56f642d21b771a13221068d40915a1409 + http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=blobdiff;h=fcfc4568b45f3f190ba320b0d5853836921cb8bc;hp=019e04ec065a55d8f28157d3a1f7ba06cafd347f;hb=082d52c56f642d21b771a13221068d40915a1409;f=kernel/ptrace.c +Description: + The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14.2, + using CLONE_THREAD, does not use the thread group ID to check whether it + is attaching to itself, which allows local users to cause a denial of + service (crash). +Notes: +Bugs: +upstream: released (2.4.33-pre1, 2.6.14.2) +linux-2.6: released (2.6.14-3) +2.6.8-sarge-security: released (2.6.8-16sarge2) [ptrace-fix_self-attach_rule.dpatch] +2.4.27-sarge-security: released (2.4.27-10sarge2) [201_ptrace-fix_self-attach_rule.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3784 b/retired/CVE-2005-3784 new file mode 100644 index 000000000..ecaa8893e --- /dev/null +++ b/retired/CVE-2005-3784 @@ -0,0 +1,21 @@ +Candidate: CVE-2005-3784 +References: + http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ed0175a462c4c30f6df6fac1cccac058f997739 +Description: + The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 includes processes + with ptrace attached,which leads to a dangling ptrace reference and allows local users + to cause a denial of service (crash). +Notes: + jmm,horms> 2.4 code seems very different and not vulnerable +Bugs: +upstream: released (2.6.15) +linux-2.6: released (2.6.15-1) +2.6.8-sarge-security: released (2.6.8-16sarge2) [kernel-dont-reap-traced.dpatch] +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2005-3805 b/retired/CVE-2005-3805 new file mode 100644 index 000000000..dee7bc66c --- /dev/null +++ b/retired/CVE-2005-3805 @@ -0,0 +1,22 @@ +Candidate: CVE-2005-3805 +References: + http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=25f407f0b668f5e4ebd5d13e1fb4306ba6427ead +Description: + A locking problem in POSIX timer cleanup handling on exit in Linux kernel + 2.6.10 to 2.6.14, when running on SMP systems, allows local users to cause + a denial of service (deadlock) involving process CPU timers. +Notes: + The referenced patch was actually added in 2.6.14, so I think the vulnerable + versions listed in the description are wrong. +Bugs: +upstream: released (2.6.14) +linux-2.6: released (2.6.14-1) +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A diff --git a/retired/CVE-2005-3806 b/retired/CVE-2005-3806 new file mode 100644 index 000000000..de1ca2187 --- /dev/null +++ b/retired/CVE-2005-3806 @@ -0,0 +1,23 @@ +Candidate: CVE-2005-3806 +References: + http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ea6a8046bb49d43c950898f0cb4e1994ef6c89d + http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=bbbe80cdaf72a75a463aff9551e60b31e2f69061;hp=f841bde30c18493a94fd5d522b84724a8eb82a4a;hb=4ea6a8046bb49d43c950898f0cb4e1994ef6c89d;f=net/ipv6/ip6_flowlabel.c +Description: + The IPv6 flowlabel handling code (ip6_flowlabel.c) in Linux kernels + 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in + certain circumstances, which allows local users to corrupt kernel memory + or cause a denial of service (crash) by triggering a free of non-allocated + memory. +Notes: +Bugs: +upstream: released (2.6.14) +linux-2.6: released (2.6.14-1) +2.6.8-sarge-security: released (2.6.8-16sarge2) [net-ipv6-flowlabel-refcnt.dpatch] +2.4.27-sarge-security: released (2.4.27-10sarge2) [net-ipv6-flowlabel-refcnt.dpatch] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3807 b/retired/CVE-2005-3807 new file mode 100644 index 000000000..28c164ba4 --- /dev/null +++ b/retired/CVE-2005-3807 @@ -0,0 +1,24 @@ +Candidate: CVE-2005-3807 +References: + CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dc15ae14e97ee9d5ed740cbb0b94996076d8b37e +Description: + [PATCH] VFS: Fix memory leak with file leases + . + Memory leak in the VFS file lease handling in locks.c in Linux kernels + 2.6.10 to 2.6.15 allows local users to cause a denial of service + (memory exhaustion) via certain Samba activities that cause an fasync + entry to be re-allocated by the fcntl_setlease function after the + fasync queue has already +Notes: +Bugs: +upstream: released (2.6.14.3) +linux-2.6: released (2.6.14-4) +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3808 b/retired/CVE-2005-3808 new file mode 100644 index 000000000..47f74a1da --- /dev/null +++ b/retired/CVE-2005-3808 @@ -0,0 +1,19 @@ +Candidate: CVE-2005-3808 +References: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=479ef592f3664dd629417098c8599261c0f689ab +Description: + Fix a 32 bit integer overflow in invalidate_inode_pages2_range. Local DoS +Notes: + horms> I don't see any evidence of this on 2.6.8 or 2.4.27 + I didn't check the woody kernels, but it seems very unlikely it is there +Bugs: +upstream: released (2.6.14.4) +linux-2.6: released (2.6.14-4) +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3809 b/retired/CVE-2005-3809 new file mode 100644 index 000000000..93e4f5db6 --- /dev/null +++ b/retired/CVE-2005-3809 @@ -0,0 +1,16 @@ +Candidate: CVE-2005-3809 +References: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=51df784ed739246a3774b300e5f536e17bec36ed +Description: +Notes: +Bugs: +upstream: released (2.6.15-rc1, 2.6.14.3) +linux-2.6: pending (2.6.14-4) +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3810 b/retired/CVE-2005-3810 new file mode 100644 index 000000000..786a92354 --- /dev/null +++ b/retired/CVE-2005-3810 @@ -0,0 +1,20 @@ +Candidate: CVE-2005-3810 +References: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=439a9994bb6ae3c7cab1f0b776bca6bc7aa58a11 +Description: + [NETFILTER] ctnetlink: Fix oops when no ICMP ID info in message + . + This patch fixes an userspace triggered oops. If there is no ICMP_ID + info the reference to attr will be NULL. +Notes: +Bugs: +upstream: released (2.6.15-rc1, 2.6.14.3) +linux-2.6: released (2.6.14-4) +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3847 b/retired/CVE-2005-3847 new file mode 100644 index 000000000..84af9587b --- /dev/null +++ b/retired/CVE-2005-3847 @@ -0,0 +1,30 @@ +Candidate: CVE-2005-3847 +References: + CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dd12f48d4e8774415b528d3991ae47c28f26e1ac;hp=ade6648b3b11a5d81f6f28135193ab6d85d621db + MISC:http://groups.google.com/group/linux.kernel/browse_thread/thread/74683bcc8dbf0df3/bf540370894d3de0%23bf540370894d3de0?sa=X&oi=groupsr&start=0&num=3 + MISC:http://svn.debian.org/wsvn/kernel/dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/nptl-signal-delivery-deadlock-fix.dpatch?op=file&rev=4458&sc=0 +Description: + Bhavesh P. Davda reported a race condition that exists in Linux 2.6 kernels prior to + 2.6.13 and 2.6.12.6. A deadlock can occur when a SIGKILL signal is sent to a real-time + threaded process that is dumping core, which can be used by a local user to initiate + a denial of service attack. +Notes: + handle_stop_signal() in 2.4 looks significantly different, and since this bug + is associated with NPTL, I don't think we need to worry about in 2.4. + CVE description is actually as follows: + signal.c in Linux kernel before 2.6.13 and 2.6.12.6 and earlier allows + local users to cause a denial of service (deadlock) by sending a + SIGKILL to a real-time threaded process while it is performing a core + dump. +Bug: +upstream: released (2.6.12.6, 2.6.13) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-16sarge2) [nptl-signal-delivery-deadlock-fix.dpatch] +2.4.27-sarge-security: N/A +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3848 b/retired/CVE-2005-3848 new file mode 100644 index 000000000..13cb13981 --- /dev/null +++ b/retired/CVE-2005-3848 @@ -0,0 +1,32 @@ +Candidate: CVE-2005-3848 +References: + CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb94c62c252796f42bb83fe40960d12f3ea5a82a + MISC:http://lkml.org/lkml/2005/8/26/173 +Description: + Ollie Wild discovered a leak in the icmp_push_reply() function in Linux 2.6, + in which an ignored error returned by ip_append_data() would result in the + route and net_device not being freed. A malicious remote user could exploit + this in order to initiate a denial of service attack. This issue was fixed + in Linux 2.6.12.6 and 2.6.13. +Notes: + This code looks completely different in 2.4; neither ip_append_data() (the + function that returns an error) nor icmp_push_reply() (the function that fails + to check this error) exist. So, I'm marking 2.4 as unaffected. + Actual CVE description: + Memory leak in the icmp_push_reply function in Linux 2.6 before + 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of + service (memory consumption) via a large number of crafted packets + that cause the ip_append_data function to fail, aka "DST leak in + icmp_push_reply." +upstream: released (2.6.12.6, 2.6.13) +2.6.8-sarge-security: released (2.6.8-16sarge2) [fix-dst-leak-in-icmp_push_reply.dpatch] +2.4.27-sid/sarge: released (2.4.27-12) [188_fix-dst-leak-in-icmp_push_reply.diff] +2.4.27-sarge-security: released (2.4.27-10sarge2) [188_fix-dst-leak-in-icmp_push_reply.diff] +linux-2.6: +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3857 b/retired/CVE-2005-3857 new file mode 100644 index 000000000..414ec8fbc --- /dev/null +++ b/retired/CVE-2005-3857 @@ -0,0 +1,24 @@ +Candidate: CVE-2005-3857 +References: + CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3a9388e4ebea57583272007311fffa26ebbb305 +Description: + [PATCH] VFS: local denial-of-service with file leases + . + The time_out_leases function in locks.c for Linux kernel before 2.6.15 + allows local users to cause a denial of service (kernel log message + consumption) by causing a large number of broken leases, which is + recorded to the log using the printk function. +Notes: + Sent for inclusion in 2.4.33 +Bugs: +upstream: released (2.6.15-rc2), needed (2.6.33) +linux-2.6: released (2.6.14+2.6.15-rc5-0experimental.1) +2.6.8-sarge-security: released (2.6.8-16sarge2) +2.4.27-sarge-security: released (2.4.27-10sarge2) +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-3858 b/retired/CVE-2005-3858 new file mode 100644 index 000000000..0da7beedf --- /dev/null +++ b/retired/CVE-2005-3858 @@ -0,0 +1,24 @@ +Candidate: CVE-2005-3858 +References: + CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=f982542ed2f495cbe94e6d9001878f27ea738b36 + MISC:http://lkml.org/lkml/2005/8/26/175 +Description: + ip6_input_finish() contains a memory leak in Linux kernels prior to + 2.6.12.6 and 2.6.13. This could potentially be used to trigger a remote + denial of service (DoS) attack. +Notes: + dannf> Though the code in 2.4 is quite different, it looks to me like the + dannf> 2.4 code could be vulnerable. +Bugs: +upstream: released (2.6.12.6, 2.6.13) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-16sarge2) +2.4.27-sarge-security: released (2.4.27-10sarge2) [189_ipv6-skb-leak.diff] +2.4.27-sid: released (2.4.27-12) [189_ipv6-skb-leak.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: diff --git a/retired/CVE-2005-4351 b/retired/CVE-2005-4351 new file mode 100644 index 000000000..63dec1f56 --- /dev/null +++ b/retired/CVE-2005-4351 @@ -0,0 +1,23 @@ +Candidate: CVE-2005-4351 +References: + http://www.redteam-pentesting.de/advisories/rt-sa-2005-15.txt +Description: + The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, + DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass + immutable settings for files by mounting another filesystem that masks the + immutable files while the system is running. +Notes: + jmm> This affects the LSM module for BSD secure levels, not included in 2.4 and + jmm> 2.6.8 + jmm> To be removed in 2.6.18 or 2.6.19 +Bugs: +upstream: +linux-2.6: +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2005-4352 b/retired/CVE-2005-4352 new file mode 100644 index 000000000..5ac5c560e --- /dev/null +++ b/retired/CVE-2005-4352 @@ -0,0 +1,24 @@ +Candidate: CVE-2005-4352 +References: + http://www.redteam-pentesting.de/advisories/rt-sa-2005-16.txt +Description: + The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 + and earlier, allows local users to bypass time setting restrictions and set + the clock backwards by setting the clock ahead to the maximum unixtime value + (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), + which can then be set ahead to the desired time, aka "settimeofday() time wrap." +Notes: + jmm> This affects the LSM module for BSD secure levels, not included in 2.6.8 + jmm> and 2.4.27 + jmm> To be removed in 2.6.18 or 2.6.19 +Bugs: +upstream: +linux-2.6: +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2005-4605 b/retired/CVE-2005-4605 new file mode 100644 index 000000000..e6f755755 --- /dev/null +++ b/retired/CVE-2005-4605 @@ -0,0 +1,25 @@ +Candidate: CVE-2005-4605 +References: + http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8b90db0df7187a01fb7177f1f812123138f562cf + http://marc.theaimsgroup.com/?l=full-disclosure&m=113535380422339&w=2 + http://linux.bkbits.net:8080/linux-2.6/gnupatch@43b562ae6hJGLWZA4TNf2k-RzXnVlQ +Description: + The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions + before 2.6.15 allows attackers to read sensitive kernel memory via + unspecified vectors in which a signed value is added to an unsigned + value. +Notes: + jmm> 2.4 not affected as proc_file_lseek() contains a check for this + jmm> if (offset>=0 && (unsigned long long)offset<=file->f_dentry->d_inode->i_sb->s_maxbytes) { + jmm> Discovered by Karl Janmar +Bugs: +upstream: released (2.6.15), released (2.6.14.6) +linux-2.6: released (2.6.15-1) +2.6.8-sarge-security: released (2.6.8-16sarge2) [proc-legacy-loff-underflow.dpatch] +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2005-4618 b/retired/CVE-2005-4618 new file mode 100644 index 000000000..c4e87ac69 --- /dev/null +++ b/retired/CVE-2005-4618 @@ -0,0 +1,22 @@ +Candidate: CVE-2005-4618 +References: + http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15 + http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8febdd85adaa41fa1fc1cb31286210fc2cd3ed0c +Description: + Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows + local users to cause a denial of service and possibly execute arbitrary + code via a long string, which causes sysctl to write a zero byte outside + the buffer. +Notes: + jmm> Discovered by Yi Ying +Bugs: +upstream: released (2.6.15) +linux-2.6: released (2.6.15-1) +2.6.8-sarge-security: released (2.6.8-16sarge2) +2.4.27-sarge-security: released (2.4.27-10sarge2) +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: diff --git a/retired/CVE-2005-4635 b/retired/CVE-2005-4635 new file mode 100644 index 000000000..f0696f608 --- /dev/null +++ b/retired/CVE-2005-4635 @@ -0,0 +1,29 @@ +Candidate: CVE-2005-4635 +References: + MISC:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ea86575eaf99a9262a969309d934318028dbfacb + CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15 + BID:16139 + URL:http://www.securityfocus.com/bid/16139 + FRSIRT:ADV-2006-0035 + URL:http://www.frsirt.com/english/advisories/2006/0035 + SECUNIA:18216 + URL:http://secunia.com/advisories/18216 +Description: + The nl_fib_input function in fib_frontend.c in the Linux kernel before 2.6.15 + does not check for valid lengths of the header and payload, which allows + remote attackers to cause a denial of service (invalid memory reference) via + malformed fib_lookup netlink messages. +Notes: + dannf> Well, I don't know how it could be exploited by an unpriveleged user - dannf> but I don't think we need to worry about it. The vulnerable function + dannf> wasn't added until after 2.6.12, and is already fixed in 2.6.15. +Bugs: +upstream: released (2.6.15) +linux-2.6: released (2.6.15-1) +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2005-4639 b/retired/CVE-2005-4639 new file mode 100644 index 000000000..1fb9348bb --- /dev/null +++ b/retired/CVE-2005-4639 @@ -0,0 +1,25 @@ +Candidate: CVE-2005-4639 +References: + CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15 + URL:http://www.securityfocus.com/bid/16142 + URL:http://www.frsirt.com/english/advisories/2006/0035 + URL:http://secunia.com/advisories/18216 +Description: + Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST Frontend/ + Card in Linux kernel 2.6.12 and other versions before 2.6.15 allows + local users to cause a denial of service (crash) and possibly execute + arbitrary code by "reading more than 8 bytes into an 8 byte long array". +Notes: + jmm> Discovered by Perceval Anichini + dannf> Driver wasn't added till after 2.6.8 +Bugs: +upstream: released (2.6.15) +linux-2.6: released (2.6.15-1) +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-0035 b/retired/CVE-2006-0035 new file mode 100644 index 000000000..fbcdac979 --- /dev/null +++ b/retired/CVE-2006-0035 @@ -0,0 +1,19 @@ +Candidate: CVE-2006-0035 +References: + http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad8e4b75c8a7bed475d72ce09bf5267188621961 +Description: + Sanity check nlmsg_len during netlink_rcv_skb. An nlmsg_len == 0 can cause + infinite loop in kernel, effectively DoSing machine. Noted by Matin Murray. +Notes: + dannf> The vulnerable code doesn't exist in <= 2.6.8 +Bugs: +upstream: released (2.6.15.1) +linux-2.6: released (2.6.15-3) +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-0036 b/retired/CVE-2006-0036 new file mode 100644 index 000000000..0f8115357 --- /dev/null +++ b/retired/CVE-2006-0036 @@ -0,0 +1,21 @@ +Candidate: CVE-2006-0036 +References: + http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=15db34702cfafd24acc60295cf14861e4975\02ab +Description: + When an inbound PPTP_IN_CALL_REQUEST packet is received the + PPTP NAT helper uses a NULL pointer in pointer arithmentic to + calculate the offset in the packet which needs to be mangled + and corrupts random memory or crashes. +Notes: + jmm> This is not included in 2.4 and 2.6.8 +Bugs: +upstream: released (2.6.15.1) +linux-2.6: released (2.6.15-3) +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-0037 b/retired/CVE-2006-0037 new file mode 100644 index 000000000..b9e978432 --- /dev/null +++ b/retired/CVE-2006-0037 @@ -0,0 +1,21 @@ +Candidate: CVE-2006-0037 +References: http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=03b9feca89366952ae5dfe4ad8107b1ece50b710 +Description: + The PPTP NAT helper calculates the offset at which the packet needs + to be mangled as difference between two pointers to the header. With + non-linear skbs however the pointers may point to two seperate buffers + on the stack and the calculation results in a wrong offset beeing + used. +Notes: + jmm> The vulnerable code isn't present in 2.4 and 2.6.8 +Bugs: +upstream: released (2.6.15.1) +linux-2.6: released (2.6.15-3) +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-0038 b/retired/CVE-2006-0038 new file mode 100644 index 000000000..504f0c1dc --- /dev/null +++ b/retired/CVE-2006-0038 @@ -0,0 +1,22 @@ +Candidate: CVE-2006-0038 +References: + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=186295 + http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ee4bb818ae35f68d1f848eae0a7b150a38eb4168 +Description: + Integer overflow in the do_replace function in netfilter for Linux + before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ, + allows local users with CAP_NET_ADMIN rights to cause a buffer overflow + in the copy_from_user function. +Notes: + dannf> Submitted to Marcelo for 2.4 +Bugs: +upstream: released (2.6.16-rc3) +linux-2.6: released (2.6.16-1) +2.6.8-sarge-security: released (2.6.8-16sarge3) [netfilter-do_replace-overflow.dpatch] +2.4.27-sarge-security: released (2.4.27-10sarge3) [221_netfilter-do_replace-overflow.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: diff --git a/retired/CVE-2006-0039 b/retired/CVE-2006-0039 new file mode 100644 index 000000000..895971721 --- /dev/null +++ b/retired/CVE-2006-0039 @@ -0,0 +1,13 @@ +Candidate: CVE-2006-0039 +References: + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698 +Description: netfilter do_add_counters race +Notes: + jmm> Only exploitable with CAP_NET_ADMIN privilege + jmm> exposure is leakage of sensitive information + dannf> Submitted to Marcelo for 2.4 +Bugs: +upstream: released (2.6.16.17) +linux-2.6: released (2.6.16-14) +2.6.8-sarge-security: released (2.6.8-16sarge3) +2.4.27-sarge-security: released (2.4.27-10sarge3) diff --git a/retired/CVE-2006-0095 b/retired/CVE-2006-0095 new file mode 100644 index 000000000..44fc3af17 --- /dev/null +++ b/retired/CVE-2006-0095 @@ -0,0 +1,22 @@ +Candidate: CVE-2006-0095 +References: + http://article.gmane.org/gmane.linux.kernel/363528/match=dm+crypt +Description: + dm-crypt does not clear struct crypt_config before freeing it. Thus, + information on the key could leak f.e. to a swsusp image even after the + encrypted device has been removed. The attached patch against 2.6.14 / + 2.6.15 fixes it. +Notes: + jhorms> 2.4 not affected as dm-crypt doesn't seem to exist + jmm> Discovered by Stefan Rompf +Bugs: +upstream: released (2.6.16-rc1) +linux-2.6: released (2.6.16-1) +2.6.8-sarge-security: released (2.6.8-16sarge2) [dm-crypt-zero-key.dpatch] +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-0096 b/retired/CVE-2006-0096 new file mode 100644 index 000000000..d3adfd460 --- /dev/null +++ b/retired/CVE-2006-0096 @@ -0,0 +1,34 @@ +Candidate: CVE-2006-0096 +References: +http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=0f1d4813a4a65296e1131f320a60741732bc068f +http://linux.bkbits.net:8080/linux-2.4/cset@1.1448.91.23?nav=index.html|src/|src/drivers|src/drivers/net|src/drivers/net/wan|related/drivers/net/wan/sdla.c +Description: +Notes: + jmm> This was accidentally released as a fix for CVE-2004-2607 in 2.4.27-8: + jmm> + jmm> diff -Nru a/drivers/net/wan/sdla.c b/drivers/net/wan/sdla.c + jmm> --- a/drivers/net/wan/sdla.c 2005-01-13 08:41:42 -08:00 + jmm> +++ b/drivers/net/wan/sdla.c 2005-01-13 08:41:42 -08:00 + jmm> @@ -1300,6 +1300,8 @@ + jmm> + jmm> case SDLA_WRITEMEM: + jmm> case SDLA_READMEM: + jmm> + if(!capable(CAP_SYS_RAWIO)) + jmm> + return -EPERM; + jmm> return(sdla_xfer(dev, (struct sdla_mem *)ifr->ifr_data, cmd == SDLA_READMEM)); + jmm> + jmm> case SDLA_START: + horms> I only see reference to CVE-2004-2607 in patch-tracking, + horms> not in the changelog for 2.4.27-8, so I don't think the first line + horms> of the statement above is correct +Bugs: +upstream: released (2.6.11), fixed (2.4.29) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-16sarge2) [net-sdla-coverty.dpatch] +2.4.27-sarge-security: released (2.4.27-8) [129_net_sdla_coverty.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: diff --git a/retired/CVE-2006-0456 b/retired/CVE-2006-0456 new file mode 100644 index 000000000..b164ee1a0 --- /dev/null +++ b/retired/CVE-2006-0456 @@ -0,0 +1,20 @@ +Candidate: CVE-2006-0456 +References: + http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=331c46591414f7f92b1cec048009abe89892ee79 +Description: + strnlen_user() on s390 and s390x does not return a value greater than + maxlen if the string is looking at is longer than maxlen; instead it + returns maxlen. +Notes: + jmm> 2.4 doesn't have an assembly version +Bugs: +upstream: released (2.6.16) +linux-2.6: released (2.6.16-1) +2.6.8-sarge-security: released (2.6.8-16sarge3) +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-0457 b/retired/CVE-2006-0457 new file mode 100644 index 000000000..e413d34eb --- /dev/null +++ b/retired/CVE-2006-0457 @@ -0,0 +1,31 @@ +Candidate: CVE-2006-0457 +References: + http://linux.bkbits.net:8080/linux-2.6/cset@43e385c7rMAIqryXIl7lGGdWgZ1Ivg + MANDRIVA:MDKSA-2006:059 + URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:059 + UBUNTU:USN-263-1 + URL:http://www.ubuntulinux.org/support/documentation/usn/usn-263-1 + BID:17084 + URL:http://www.securityfocus.com/bid/17084 + OSVDB:23894 + URL:http://www.osvdb.org/23894 + SECUNIA:19220 + URL:http://secunia.com/advisories/19220 +Description: + Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions + in Linux kernel 2.6.x allows local users to cause a denial of service (crash) + or read sensitive kernel memory by modifying the length of a string argument + between the time that the kernel calculates the length and when it copies the + data into kernel memory. +Notes: +Bugs: +upstream: released (2.6.10) +linux-2.6: released (2.6.10-1) +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-0482 b/retired/CVE-2006-0482 new file mode 100644 index 000000000..471004487 --- /dev/null +++ b/retired/CVE-2006-0482 @@ -0,0 +1,21 @@ +Candidate: CVE-2006-0482 +References: http://lists.debian.org/debian-sparc/2006/01/msg00129.html + http://marc.theaimsgroup.com/?t=113861017400002&r=1&w=2 + http://marc.theaimsgroup.com/?l=linux-sparc&m=113861287813463&w=2 +Description: date -s run as a normal user hangs machine on sparc64 +Notes: + Jurij Smakov> sparc32 would be tricky to test and i don't know about 2.4.27 + dannf> Code isn't present in 2.4, and Jurij couldn't reproduce it there + dannf> I can't reproduce on sparc32, which makes sense because the bug is + dannf> in sparc64 32-bit compat code +Bugs: +upstream: pending (2.6.16-rc2) +linux-2.6: pending (2.6.16-4) [sparc64-clock-settime.patch] +2.6.8-sarge-security: released (2.6.8-16sarge2) [sparc64-clock-settime.dpatch] +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-0554 b/retired/CVE-2006-0554 new file mode 100644 index 000000000..d6117ab63 --- /dev/null +++ b/retired/CVE-2006-0554 @@ -0,0 +1,18 @@ +Candidate: CVE-2006-0554 +References: + http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5 +Description: + Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitive + information via a crafted XFS ftruncate call, which may return stale data. +Notes: +Bugs: +upstream: released (2.6.15.5) +linux-2.6: released (2.6.15-8) +2.6.8-sarge-security: released (2.6.8-16sarge3) +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-0555 b/retired/CVE-2006-0555 new file mode 100644 index 000000000..1d38a731e --- /dev/null +++ b/retired/CVE-2006-0555 @@ -0,0 +1,19 @@ +Candidate: CVE-2006-0555 +References: + http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5 +Description: + The Linux Kernel before 2.6.15.5 allows local users to cause a denial of + service (NFS client panic) via unknown attack vectors related to the use of + O_DIRECT (direct I/O). +Notes: UBUNTU:USN-263-1 +Bugs: +upstream: released (2.6.15.5) +linux-2.6: released (2.6.15-8) +2.6.8-sarge-security: released (2.6.8-16sarge3) +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-0557 b/retired/CVE-2006-0557 new file mode 100644 index 000000000..07b4435a2 --- /dev/null +++ b/retired/CVE-2006-0557 @@ -0,0 +1,20 @@ +Candidate: CVE-2006-0557 +References: + http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=636f13c174dd7c84a437d3c3e8fa66f03f7fda63 + http://www.securityfocus.com/bid/16924 +Description: + Local DoS in mempolicy code; certain maxnodes values cause a crash. +Notes: + Fixed in git on Feb 17, dunno about 2.6.15.x + dannf> mempolicy.c doesn't exist in 2.4, marking N/A +Bugs: +upstream: released (2.6.16-rc4) +linux-2.6: released (2.6.16-1) +2.6.8-sarge-security: released (2.6.8-16sarge3) +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-0741 b/retired/CVE-2006-0741 new file mode 100644 index 000000000..0fcd6859b --- /dev/null +++ b/retired/CVE-2006-0741 @@ -0,0 +1,20 @@ +Candidate: CVE-2006-0741 +References: +Description: + Fixes a local DOS on Intel systems that lead to an endless +recursive fault. AMD machines don't seem to be affected. +Notes: + 2.6: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5342fba5412cead88b61ead07168615dbeba1ee3 + . + This is amd64-specific (em64t in particular), so we could ignore it for 2.4 +Bugs: +upstream: released (2.6.15.5) +linux-2.6: released (2.6.15-8) +2.6.8-sarge-security: released (2.6.8-16sarge3) [binfmt-bad-elf-entry-address.dpatch] +2.4.27-sarge-security: released (2.4.27-10sarge3) [222_binfmt-bad-elf-entry-address.diff] +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-0742 b/retired/CVE-2006-0742 new file mode 100644 index 000000000..365464753 --- /dev/null +++ b/retired/CVE-2006-0742 @@ -0,0 +1,21 @@ +Candidate: CVE-2006-0742 +References: + http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e963701a761aede31c9c1bfc74cf8e0ec671f0f4;hp=eb0911e27e8c6778d6c8ec95b7dd60c002d923c3 +Description: + The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux kernel + 2.6.x before 2.6.15.6, possibly when compiled with certain versions of gcc, + has the "noreturn" attribute set, which allows local users to cause a denial + of service by causing user faults on Itanium systems. +Notes: + dannf> Forwarded to Bjorn for 2.4-ia64 inclusion +Bugs: +upstream: released (2.6.15.6) +linux-2.6: released (2.6.15-8) +2.6.8-sarge-security: released (2.6.8-16sarge3) +2.4.27-sarge-security: released (2.4.27-10sarge3) +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: diff --git a/retired/CVE-2006-1055 b/retired/CVE-2006-1055 new file mode 100644 index 000000000..3b264a567 --- /dev/null +++ b/retired/CVE-2006-1055 @@ -0,0 +1,26 @@ +Candidate: CVE-2006-1055 +References: +Description: + Quoting Greg KH: + Al just pointed me at an old sysfs patch that went into the tree last + year that has some potential security problems. Turns out that if you + write to a sysfs file exactly PAGE_SIZE worth of data, with no zeros in + it, there's a good chance you could read off the end of the kernel + buffer into who knows where. +Notes: + jmm> This was judged non-exploitable by Al Viro, but it's still a local DoS + jmm> 2.4 N/A, as it doesn't have sysfs + . + troyh> N/A for sarge, it was broken in 2.6.12 - 2.6.17-rc1. 2.6.8 is fine, + and since its's sysfs 2.4 is N/A. +Bugs: +upstream: released (2.6.17-rc1), released (2.6.16.2) +linux-2.6: released (2.6.16-6) +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-1056 b/retired/CVE-2006-1056 new file mode 100644 index 000000000..af49eed2f --- /dev/null +++ b/retired/CVE-2006-1056 @@ -0,0 +1,29 @@ +Candidate: CVE-2006-1056 +References: + CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910 + CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911 + URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=114548768214478&w=2 + URL:http://www.securityfocus.com/bid/17600 + URL:http://xforce.iss.net/xforce/xfdb/25871 +Description: + The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on + AMD64 and other 7th and 8th generation AuthenticAMD processors, only + save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an + exception is pending, which allows one process to determine portions of the + state of floating point instructions of other processes, which can be + leveraged to obtain sensitive information such as cryptographic keys. NOTE: + this is the documented behavior of AMD64 processors, but it is inconsistent + with Intel processers in a security-relevant fashion that was not addressed + by the kernels. +Notes: +Bugs: +upstream: released (2.4.33-pre3), released (2.6.16.9) +linux-2.6: released (2.6.16-9) +2.6.8-sarge-security: released (2.6.8-16sarge3) +2.4.27-sarge-security: released (2.4.27-10sarge3) +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: diff --git a/retired/CVE-2006-1066 b/retired/CVE-2006-1066 new file mode 100644 index 000000000..7636fdd76 --- /dev/null +++ b/retired/CVE-2006-1066 @@ -0,0 +1,40 @@ +Candidate: CVE-2006-1066 +References: +Description: 2.6.8 ia64 kernel w/ PREEMPT enabled permits local DoS (oops) +Notes: + From: dann frazier + To: team@security.debian.org + Subject: kernel-image-2.6.8-ia64 - disable preempt + Date: Fri, 25 Mar 2005 18:57:59 -0700 + . + hey security team, + Its likely that kernel-image-2.6.8-ia64 (2.6.8-12) will be the version + that ships in sarge. This kernel has CONFIG_PREEMPT enabled, which has + at least one known issue in ptrace code that lets an unpriveleged + userspace process trigger an oops. This issue went away upstream by + 2.6.9, but its unclear what actually fixed it. SuSE/RedHat disable + PREEMPT for ia64 (or so I'm told), so they are not affected. This same + test case does _not_ fail on x86, which also has PREEMPT enabled for + sarge. + . + This issue has been known for a while, but I waited until after d-i + RC3 to upload it, since it changes the ABI. This fix is in the 2.6.8-13 + build in unstable, but the release team is blocking this kernel from + normal sarge propagation to keep the kernel udebs in sync. + . + . + dannf> This is only a config change, so it requires no changes to + dannf> kernel-source-2.6.8, but I'll use the kernel-source version + dannf> for the pending/released tags to match the others. +Bugs: +upstream: +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-16sarge2) +2.4.27-sarge-security: N/A +2.6.8: needed +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-1242 b/retired/CVE-2006-1242 new file mode 100644 index 000000000..08a09c4a2 --- /dev/null +++ b/retired/CVE-2006-1242 @@ -0,0 +1,38 @@ +Candidate: CVE-2006-1242 +References: +http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1a55d57b107c3e06935763905dc0fb235214569d +Description: + [TCP]: Do not use inet->id of global tcp_socket when sending RST. + . + The problem is in ip_push_pending_frames(), which uses: + . if (!df) { + . __ip_select_ident(iph, &rt->u.dst, 0); + . } else { + . iph->id = htons(inet->id++); + . } + . + instead of ip_select_ident(). + . + Right now I think the code is a nonsense. Most likely, I copied it from + old ip_build_xmit(), where it was really special, we had to decide + whether to generate unique ID when generating the first (well, the last) + fragment. + . + In ip_push_pending_frames() it does not make sense, it should use plain + ip_select_ident() instead. +Notes: + jmm> 2.4 doesn't seem to be affected, but I'd prefer a second look before + jmm> marking it N/A + . + dannf> troyh gave me a patch for 2.4, so I guess it is affected +Bugs: +upstream: released (2.6.16.1) +linux-2.6: released (2.6.16-4) +2.6.8-sarge-security: released (2.6.8-16sarge3) +2.4.27-sarge-security: released (2.4.27-10sarge3) +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: diff --git a/retired/CVE-2006-1342 b/retired/CVE-2006-1342 new file mode 100644 index 000000000..ae41638d9 --- /dev/null +++ b/retired/CVE-2006-1342 @@ -0,0 +1,25 @@ +Candidate: CVE-2006-1342 +References: + http://marc.theaimsgroup.com/?l=linux-netdev&m=114148078223594&w=2 + http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b +Description: + net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero + before returning IPv4 socket names from the (1) getsockname, (2) getpeername, + and (3) accept functions, which allows local users to obtain portions of + potentially sensitive memory. +Notes: + jmm> getorigdst() requires the fix in 2.6.8, inet_getname() is already fixed + dannf> both CVE-2006-1342 & CVE-2006-1343 were fixed by the same patch; + however we actually coincidentally already fixed 1343 in the + 043_ipsec.diff patch +Bugs: +upstream: released (2.4.33-pre3) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: released (2.4.27-1) +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: diff --git a/retired/CVE-2006-1368 b/retired/CVE-2006-1368 new file mode 100644 index 000000000..df2f4997c --- /dev/null +++ b/retired/CVE-2006-1368 @@ -0,0 +1,23 @@ +Candidate: CVE-2006-1368 +References: + http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8763716bfe4d8a16bef28c9947cf9d799b1796a5 + http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16 +Description: + Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before + 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory + corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes + memory to be allocated for the reply data but not the reply structure. +Notes: + dannf> Marcelo has posted a patch identical to ours and has asked for + feedback, so it should be upstream soon +Bugs: +upstream: released (2.6.16) +linux-2.6: released (2.6.16-1) +2.6.8-sarge-security: released (2.6.8-16sarge3) +2.4.27-sarge-security: released (2.4.27-10sarge3) +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: diff --git a/retired/CVE-2006-1522 b/retired/CVE-2006-1522 new file mode 100644 index 000000000..0122676fc --- /dev/null +++ b/retired/CVE-2006-1522 @@ -0,0 +1,16 @@ +Candidate: CVE-2006-1522 +References: +Description: +Notes: + jmm> Vulnerable code not present in 2.6.8 and 2.4 +Bugs: +upstream: released (2.6.16.3) +linux-2.6: released (2.6.16-7) +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-1523 b/retired/CVE-2006-1523 new file mode 100644 index 000000000..61d6590a6 --- /dev/null +++ b/retired/CVE-2006-1523 @@ -0,0 +1,23 @@ +Candidate: CVE-2006-1523 +References: + MLIST:[linux-kernel] 20060411 [PATCH] __group_complete_signal: remove bogus BUG_ON + URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=114476543426600&w=2 + CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188604 + BID:17640 + URL:http://www.securityfocus.com/bid/17640 +Description: + The __group_complete_signal function in the RCU signal handling (signal.c) in + Linux kernel 2.6.16, and possibly other versions, has unknown impact and + attack vectors related to improper use of BUG_ON. +Notes: +Bugs: +upstream: released (2.6.16.4) +linux-2.6: released (2.6.16-7) +2.6.8-sarge-security: released (2.6.8-16sarge3) +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-1524 b/retired/CVE-2006-1524 new file mode 100644 index 000000000..5ed3b130b --- /dev/null +++ b/retired/CVE-2006-1524 @@ -0,0 +1,28 @@ +Candidate: CVE-2006-1524 +References: + CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6 + BID:17587 + URL:http://www.securityfocus.com/bid/17587 + SECUNIA:19664 + URL:http://secunia.com/advisories/19664 + SECUNIA:19657 + URL:http://secunia.com/advisories/19657 +Description: + madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow + file and mmap restrictions, which allows local users to bypass IPC + permissions and replace portions of readonly tmpfs files with zeroes, + aka the MADV_REMOVE vulnerability. NOTE: this description was + originally written in a way that combined two separate issues. The + mprotect issue now has a separate name, CVE-2006-2071. +Notes: +Bugs: +upstream: released (2.6.16.7) +linux-2.6: +2.6.8-sarge-security: released (2.6.8-16sarge3) +2.4.27-sarge-security: released (2.4.27-10sarge3) +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: diff --git a/retired/CVE-2006-1525 b/retired/CVE-2006-1525 new file mode 100644 index 000000000..c7033bf55 --- /dev/null +++ b/retired/CVE-2006-1525 @@ -0,0 +1,23 @@ +Candidate: CVE-2006-1525 +References: + CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.8 + CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189346 + URL:http://www.securityfocus.com/bid/17593 + URL:http://xforce.iss.net/xforce/xfdb/25872 +Description: + ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users to + cause a denial of service (panic) via a request for a route for a multicast + IP address, which triggers a null dereference. +Notes: + dannf> Submitted to Marcelo for 2.4 +Bugs: +upstream: released (2.6.16.8) +linux-2.6: released (2.6.16-9) +2.6.8-sarge-security: released (2.6.8-16sarge3) +2.4.27-sarge-security: released (2.4.27-10sarge3) +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: diff --git a/retired/CVE-2006-1527 b/retired/CVE-2006-1527 new file mode 100644 index 000000000..7bd36f716 --- /dev/null +++ b/retired/CVE-2006-1527 @@ -0,0 +1,30 @@ +Candidate: CVE-2006-1527 +References: + CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.13 + TRUSTIX:2006-0024 + URL:http://www.trustix.org/errata/2006/0024 + BID:17806 + URL:http://www.securityfocus.com/bid/17806 + FRSIRT:ADV-2006-1632 + URL:http://www.frsirt.com/english/advisories/2006/1632 + OSVDB:25229 + URL:http://www.osvdb.org/25229 + SECUNIA:19926 + URL:http://secunia.com/advisories/19926 +Description: + The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of + service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the + for_each_sctp_chunk function. +Notes: + troyh> SCTP-netfilter code didn't exist until after 2.6.8 +Bugs: +upstream: released (2.6.16.13) +linux-2.6: released (2.6.16-12) +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-1857 b/retired/CVE-2006-1857 new file mode 100644 index 000000000..2fe2e36ea --- /dev/null +++ b/retired/CVE-2006-1857 @@ -0,0 +1,20 @@ +Candidate: CVE-2006-1857 +References: + http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a601266e4f3c479790f373c2e3122a766d123652;hp=dd2d1c6f2958d027e4591ca5d2a04dfe36ca6512 +Description: + Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote + attackers to cause a denial of service (crash) and possibly execute arbitrary + code via a malformed HB-ACK chunk. +Notes: + dannf> Submitted to Marcelo for 2.4 +Bugs: +upstream: released (2.6.16.17) +linux-2.6: released (2.6.16-14) +2.6.8-sarge-security: released (2.6.8-16sarge3) +2.4.27-sarge-security: released (2.4.27-10sarge3) +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-1858 b/retired/CVE-2006-1858 new file mode 100644 index 000000000..48b082a8d --- /dev/null +++ b/retired/CVE-2006-1858 @@ -0,0 +1,20 @@ +Candidate: CVE-2006-1858 +References: + http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dd2d1c6f2958d027e4591ca5d2a04dfe36ca6512;hp=61c9fed41638249f8b6ca5345064eb1beb50179f +Description: + SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a + denial of service (crash) and possibly execute arbitrary code via a chunk + length that is inconsistent with the actual length of provided parameters. +Notes: + dannf> Submitted to Marcello for 2.4 +Bugs: +upstream: released (2.6.16.17) +linux-2.6: released (2.6.16-14) +2.6.8-sarge-security: released (2.6.8-16sarge3) +2.4.27-sarge-security: released (2.4.27-10sarge3) +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-1859 b/retired/CVE-2006-1859 new file mode 100644 index 000000000..d88822dde --- /dev/null +++ b/retired/CVE-2006-1859 @@ -0,0 +1,25 @@ +Candidate: CVE-2006-1859 +References: + http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.16 + http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commit;h=1f0e637c94a9b0418 + http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=blobdiff;h=aa7f66091823dde953e15895dc427615701c39c7;hp=e75ac392a313f3fad823bf2e46a03f29701e3e34;hb=1f0e637c94a9b041833947c79110d6c02fff8618;f=fs/locks.c + http://www.securityfocus.com/bid/17943 + http://www.frsirt.com/english/advisories/2006/1767 + http://secunia.com/advisories/20083 +Description: + lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to + cause a denial of service (fcntl_setlease lockup) via actions that cause + lease_init to free a lock that might not have been allocated on the stack. +Notes: + jmm> The vulnerable NFS4 leases code was only introduced in 2.6.10 +Bugs: +upstream: released (2.6.16.6) +linux-2.6: released (2.6.16-8) +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-1860 b/retired/CVE-2006-1860 new file mode 100644 index 000000000..8a18aa626 --- /dev/null +++ b/retired/CVE-2006-1860 @@ -0,0 +1,25 @@ +Candidate: CVE-2006-1860 +References: + http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.16 + http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commit;h=1f0e637c94a9b0418 + http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=blobdiff;h=aa7f66091823dde953e15895dc427615701c39c7;hp=e75ac392a313f3fad823bf2e46a03f29701e3e34;hb=1f0e637c94a9b041833947c79110d6c02fff8618;f=fs/locks.c + http://www.securityfocus.com/bid/17943 + http://www.frsirt.com/english/advisories/2006/1767 + http://secunia.com/advisories/20083 +Description: + lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to + cause a denial of service (fcntl_setlease lockup) via actions that cause + lease_init to free a lock that might not have been allocated on the stack. +Notes: + jmm> The vulnerable NFS4 leases code was only introduced in 2.6.10 +Bugs: +upstream: released (2.6.16.6) +linux-2.6: released (2.6.16-8) +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-1863 b/retired/CVE-2006-1863 new file mode 100644 index 000000000..e44adcf05 --- /dev/null +++ b/retired/CVE-2006-1863 @@ -0,0 +1,17 @@ +Candidate: CVE-2006-1863 +References: + http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=296034f7de8bdf111984ce1630ac598a9c94a253 +Description: cifs chroot escape +Notes: + jmm> 2.4 doesn't have CIFS +Bugs: +upstream: released (2.6.16.11) +linux-2.6: released (2.6.16-10) +2.6.8-sarge-security: released (2.6.8-16sarge3) +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-1864 b/retired/CVE-2006-1864 new file mode 100644 index 000000000..70dccdfbc --- /dev/null +++ b/retired/CVE-2006-1864 @@ -0,0 +1,21 @@ +Candidate: CVE-2006-1864 +References: + CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189435 + URL:http://www.trustix.org/errata/2006/0026 + URL:http://www.securityfocus.com/bid/17735 +Description: + Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows + local users to escape chroot restrictions for an SMB-mounted filesystem via + "..\\" sequences, a similar vulnerability to CVE-2006-1863. +Notes: +Bugs: +upstream: pending (2.4.33-pre4), released (2.6.16.14) +linux-2.6: released (2.6.16-10) +2.6.8-sarge-security: released (2.6.8-16sarge3) +2.4.27-sarge-security: released (2.4.27-10sarge3) +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: diff --git a/retired/CVE-2006-2271 b/retired/CVE-2006-2271 new file mode 100644 index 000000000..28d861c57 --- /dev/null +++ b/retired/CVE-2006-2271 @@ -0,0 +1,27 @@ +Candidate: CVE-2006-2271 +References: + FULLDISC:20060508 [MU-200605-01] Multiple vulnerabilities in Linux SCTP 2.6.16 + URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0227.html + MISC:http://labs.musecurity.com/advisories/MU-200605-01.txt + CONFIRM:http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e + FRSIRT:ADV-2006-1734 + URL:http://www.frsirt.com/english/advisories/2006/1734 + SECUNIA:19990 + URL:http://secunia.com/advisories/19990 +Description: + The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows remote + attackers to cause a denial of service (kernel panic) via an unexpected chunk + when the session is in CLOSED state. +Notes: + dannf> Forwarded to Marcelo for 2.4 inclusion +Bugs: +upstream: released (2.6.16.15) +linux-2.6: released (2.6.16-13) +2.6.8-sarge-security: released (2.6.8-16sarge3) +2.4.27-sarge-security: released (2.4.27-10sarge3) +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-2272 b/retired/CVE-2006-2272 new file mode 100644 index 000000000..b579d769e --- /dev/null +++ b/retired/CVE-2006-2272 @@ -0,0 +1,22 @@ +Candidate: CVE-2006-2272 +References: + CONFIRM:http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813 + URL:http://www.securityfocus.com/bid/17910 + URL:http://xforce.iss.net/xforce/xfdb/26431 +Description: + Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial + of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2) + HEARTBEAT SCTP control chunks. +Notes: + dannf> Submitted to Marcelo for inclusion in 2.4 +Bugs: +upstream: released (2.6.16.15) +linux-2.6: released (2.6.16-13) +2.6.8-sarge-security: released (2.6.8-16sarge3) +2.4.27-sarge-security: released (2.4.27-10sarge3) +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-2274 b/retired/CVE-2006-2274 new file mode 100644 index 000000000..a3dacf6c7 --- /dev/null +++ b/retired/CVE-2006-2274 @@ -0,0 +1,25 @@ +Candidate: CVE-2006-2274 +References: + CONFIRM:http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6 + URL:http://www.securityfocus.com/bid/17955 + URL:http://secunia.com/advisories/20237 + URL:http://xforce.iss.net/xforce/xfdb/26432 +Description: + Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial + of service (infinite recursion and crash) via a packet that contains two or + more DATA fragments, which causes an skb pointer to refer back to itself when + the full message is reassembled, leading to infinite recursion in the + sctp_skb_pull function. +Notes: + dannf> Submitted to Marcelo for 2.4 +Bugs: +upstream: released (2.6.16.15) +linux-2.6: released (2.6.16-13) +2.6.8-sarge-security: released (2.6.8-16sarge3) +2.4.27-sarge-security: released (2.4.27-10sarge3) +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A diff --git a/retired/CVE-2006-2451 b/retired/CVE-2006-2451 new file mode 100644 index 000000000..369c23e64 --- /dev/null +++ b/retired/CVE-2006-2451 @@ -0,0 +1,15 @@ +Candidate: CVE-2006-2451 +References: +Description: + The suid_dumpable support in Linux kernel 2.6.13 up to versions before + 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial + of service (disk consumption) and possibly gain privileges via the + PR_SET_DUMPABLE argument of the prctl function and a program that causes a + core dump file to be created in a directory for which the user does not have + permissions. +Notes: +Bugs: +upstream: released (2.6.16.14), released (2.6.17.4) +linux-2.6: released (2.6.16-17) +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A diff --git a/retired/CVE-2006-3626 b/retired/CVE-2006-3626 new file mode 100644 index 000000000..0307c5b2b --- /dev/null +++ b/retired/CVE-2006-3626 @@ -0,0 +1,14 @@ +Candidate: CVE-2006-3626 +References: + FULLDISC:20060714, http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047907.html + http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=18b0bbd8ca6d3cb90425aa0d77b99a762c6d6de3 +Description: Linux kernel 0day - dynamite inside, don't burn your fingers + Race condition in Linux kernel 2.6.17.4 and earlier allows local users + to gain root privileges by using prctl with PR_SET_DUMPABLE in a way + that causes /proc/self/environ to become setuid root. +Notes: +Bugs: +upstream: released (2.6.16.25, 2.6.17.5) +linux-2.6: released (2.6.16-17, 2.6.17-4) +2.6.8-sarge-security: released (2.6.8-16sarge4) +2.4.27-sarge-security: N/A -- cgit v1.2.3