Candidate: CVE-2007-1217 References: Description: Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet. Ubuntu-Description: Notes: jmm> Analysis by Karsten Keil (the Linux ISDN maintainer) pointed out, that this jmm> is not exploitable over the ISDN network, as the generated CAPI messages jmm> cannot reach a size allowing an overflow. jmm> This could only be theoretically exploited if there's a pure CAPI server jmm> and even then it's only DoS. jmm> jmm> We'll ignore this, as it's not exploitable over ISDN jmm> jmm> http://bugzilla.kernel.org/show_bug.cgi?id=8028 Bugs: upstream: released (2.6.21) linux-2.6: released (2.6.21-1) 2.6.18-etch-security: ignored 2.6.8-sarge-security: ignored 2.4.27-sarge-security: ignored 2.6.15-dapper-security: ignored 2.6.17-edgy-security: ignored 2.6.20-feisty-security: ignored