From 5662f0b2a69d60db40460e71293e7d6a5f1851b1 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Tue, 20 Oct 2009 21:46:22 +0000 Subject: retire more issues git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1530 e094ebfe-e918-0410-adfb-c712417f3574 --- retired/CVE-2008-5029 | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 retired/CVE-2008-5029 (limited to 'retired/CVE-2008-5029') diff --git a/retired/CVE-2008-5029 b/retired/CVE-2008-5029 new file mode 100644 index 00000000..043cf3ab --- /dev/null +++ b/retired/CVE-2008-5029 @@ -0,0 +1,24 @@ +Candidate: CVE-2008-5029 +Description: + The __scm_destroy function in net/core/scm.c in the Linux kernel + 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself + through calls to the fput function, which allows local users to cause + a denial of service (panic) via vectors related to sending an + SCM_RIGHTS message through a UNIX domain socket and closing file + descriptors. +References: + http://marc.info/?l=linux-netdev&m=122593044330973&w=2 + http://www.openwall.com/lists/oss-security/2008/11/06/1 + https://bugzilla.redhat.com/show_bug.cgi?id=470201 +Ubuntu-Description: +Notes: +Bugs: +upstream: released (2.6.26.8) +linux-2.6: released (2.6.26-11) [bugfix/all/stable/2.6.26.8.patch] +2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/af_unix-fix-garbage-collector-races.patch, bugfix/af_unix-convert-socks-to-unix_socks.patch, bugfix/net-unix-fix-inflight-counting-bug-in-garbage-collector.patch, bugfix/net-fix-recursive-descent-in-__scm_destroy.patch] +2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/unix-domain-counting-gc.patch, bugfix/unix-domain-recursive-descent.patch, bugfix/unix-domain-recursive-descent-abi-ignore.patch] +2.6.26-lenny-security: released (2.6.26-11) [bugfix/all/stable/2.6.26.8.patch] +2.6.15-dapper-security: needed +2.6.22-gutsy-security: needed +2.6.24-hardy-security: needed +2.6.27-intrepid-security: needed -- cgit v1.2.3