From d039df62c5cb4db0180509865c33d688aa093e63 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Mon, 18 Jun 2007 21:03:46 +0000 Subject: retire some issues now resolved with the latest 2.6.8 DSA git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@860 e094ebfe-e918-0410-adfb-c712417f3574 --- retired/CVE-2006-5757 | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 retired/CVE-2006-5757 (limited to 'retired/CVE-2006-5757') diff --git a/retired/CVE-2006-5757 b/retired/CVE-2006-5757 new file mode 100644 index 00000000..9de8f3bd --- /dev/null +++ b/retired/CVE-2006-5757 @@ -0,0 +1,28 @@ +Candidate: CVE-2006-5757 +References: + http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e5657933863f43cc6bb76a54d659303dafaa9e58 +Description: + Race condition in the __find_get_block_slow function in the ISO9660 + filesystem in Linux 2.6.18 and possibly other versions allows local + users to cause a denial of service (infinite loop) by mounting a + crafted ISO9660 filesystem containing malformed data structures. +Ubuntu-Description: + A race condition was found in the grow_buffers() function. By mounting a + specially crafted ISO9660 or NTFS file system, a local attacker could + exploit this to trigger an infinite loop in the kernel, rendering the + machine unusable. +Notes: + http://projects.info-pull.com/mokb/MOKB-05-11-2006.html + http://projects.info-pull.com/mokb/MOKB-19-11-2006.html + dannf> Tried the MOKB-05-11-2006 reproducer on 2.4.27/ia64 & no + dannf> infinite loop was triggered + jmm> 2.4.27 has range checks, marking N/A +Bugs: +upstream: released (2.6.19-rc2) +linux-2.6: released (2.6.18.dfsg.1-10) [2.6.16.38] +2.6.18-etch-security: released (2.6.18.dfsg.1-10) [2.6.16.38] +2.6.8-sarge-security: released (2.6.8-16sarge7) [__find_get_block_slow-race.dpatch] +2.4.27-sarge-security: N/A +2.6.12-breezy-security: released (2.6.12-10.43) +2.6.15-dapper-security: released (2.6.15-28.51) +2.6.17-edgy-security: released (2.6.17.1-11.35) -- cgit v1.2.3