From f0b3303c9a82b65f78e929e08389b1ec88034e2b Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Fri, 22 Feb 2008 22:05:22 +0000 Subject: retire more issues git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1142 e094ebfe-e918-0410-adfb-c712417f3574 --- retired/CVE-2007-2525 | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 retired/CVE-2007-2525 (limited to 'retired/CVE-2007-2525') diff --git a/retired/CVE-2007-2525 b/retired/CVE-2007-2525 new file mode 100644 index 000000000..76ed9b86d --- /dev/null +++ b/retired/CVE-2007-2525 @@ -0,0 +1,22 @@ +Candidate: CVE-2007-2525 +References: +Description: + Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the + Linux kernel before 2.6.21-git8 allows local users to cause a denial of + service (memory consumption) by creating a socket using connect, and + releasing it before the PPPIOCGCHAN ioctl is initialized. +Ubuntu-Description: + A flaw was discovered in the PPP over Ethernet implementation. Local + attackers could manipulate ioctls and cause kernel memory consumption + leading to a denial of service. +Notes: + jmm> 202a03acf9994076055df40ae093a5c5474ad0bd +Bugs: +upstream: released (2.6.21) +linux-2.6: released (2.6.21-1) +2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/pppoe-socket-release-mem-leak.patch] +2.6.8-sarge-security: released (2.6.8-17sarge1) [pppoe-socket-release-mem-leak.dpatch] +2.4.27-sarge-security: released (2.4.27-10sarge6) [255_pppoe-socket-release-mem-leak.diff] +2.6.15-dapper-security: released (2.6.15-28.57) +2.6.17-edgy-security: released (2.6.17.1-11.39) [123623f9ad4d9bbe55c03b33ce79123e948b107f] +2.6.20-feisty-security: released (2.6.20-16.31) [168038c2da7f984a07fd169270b2cac561e1c90c] -- cgit v1.2.3