From f3581ec9b2d48c6103c22fecb46f713217d834e8 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Thu, 17 Aug 2006 00:24:25 +0000 Subject: move retired to the top level hierarchy so people can easily checkout just the active issues git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@548 e094ebfe-e918-0410-adfb-c712417f3574 --- retired/CVE-2005-2709 | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 retired/CVE-2005-2709 (limited to 'retired/CVE-2005-2709') diff --git a/retired/CVE-2005-2709 b/retired/CVE-2005-2709 new file mode 100644 index 00000000..12eb1c7e --- /dev/null +++ b/retired/CVE-2005-2709 @@ -0,0 +1,30 @@ +Candidate: CVE-2005-2709 +References: + CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob_plain;h=5dbbdc13a7bdbc132de44bc00e13079afaf033d0;f=2.6.14.1/cve-2005-2709-sysctl-unregistration-oops.patch +Description: + From: Al Viro + . + You could open the /proc/sys/net/ipv4/conf// file, then + wait for interface to go away, try to grab as much memory as possible in + hope to hit the (kfreed) ctl_table. Then fill it with pointers to your + function. Then do read from file you've opened and if you are lucky, + you'll get it called as ->proc_handler() in kernel mode. +Notes: + CVE is reserved, so we can't take the description from there yet + . + dannf> arch/s390/appldata/appldata_base.c doesn't exist in 2.4, so I dropped + dannf> that hunk in my backport + . + **THIS IS AN ABI CHANGE** +Bug: +upstream: released (2.6.14.1), released (2.4.33-pre1) +linux-2.6: released (2.6.14-3) +2.6.8-sarge-security: released (2.6.8-16sarge2) [sysctl-unregistration-oops.dpatch] +2.4.27-sarge-security: released (2.4.27-10sarge2) [196_sysctl-unregistration-oops.patch] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: -- cgit v1.2.3