blob: 77047ee207fa584daaf5d8408832bc113399d871 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
Candidate: CVE-2004-0136
References:
REDHAT:RHSA-2004:549
URL:http://www.redhat.com/support/errata/RHSA-2004-549.html
SGI:20040601-01-P
URL:ftp://patches.sgi.com/support/free/security/advisories/20040601-01-P.asc
XF:irix-mapelf32exec-dos(16416)
URL:http://xforce.iss.net/xforce/xfdb/16416
BID:10547
URL:http://www.securityfocus.com/bid/10547
Description:
The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local
users to cause a denial of service (system crash) via a "corrupted binary."
Notes:
Strange description, but I think this is actually a Linux issue; note the
RedHat URLs above.
dannf> I think I've traced this issue back to a flawed bug report, and that
dannf> this is really CAN-2004-0138.
+ mitre references a RedHat advisory for this, RHSA-2004:504-13
+ RHSA-2004:504-13 does in fact reference CVE-2004-0136
+ RedHat notes that their fixed src.rpm is kernel-2.4.18-e.52.src.rpm
+ The changelog in the spec file in the above .src.rpm contains the following
entry:
* Tue Nov 16 2004 Jim Paradis <jparadis@redhat.com>
- Fixes for security holes in binfmt_elf loader (Dave Anderson,
Jim Paradis), bugs 127916, 134876
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127916 references
CVE-2004-0136, but the patches it links to are the fixes for
CVE-2004-0138
jmm> Red Hat accidentally used CVE-2004-0138 for this in an advisory, pulling
jmm> over the entries from it
jmm> I've verified that the fix from
jmm> http://linux.bkbits.net:8080/linux-2.4/gnupatch@4021346f79nBb-4X_usRikR3Iyb4Vg
jmm> is included in 2.6.8, thus marking 2.6.8 and linux-2.6 N/A
Bugs:
upstream: released (2.4.25-rc1)
linux-2.6: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.4.19-woody-security: released (2.4.19-4.woody3)
2.4.18-woody-security: released (2.4.18-14.4)
2.4.17-woody-security: released (2.4.17-1woody4)
2.4.16-woody-security: released (2.4.16-1woody3)
2.4.17-woody-security-hppa: released (32.5)
2.4.17-woody-security-ia64: released (011226.18)
2.4.18-woody-security-hppa: released (62.4)
|