blob: 6174e4950e45cbba68f63324f861dfe114c4c50f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
Candidate: CVE-2005-2800
References:
URL:http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2005-2800
Description:
Memory leak in the seq_file implemenetation in the SCSI procfs interface
(sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a
denial of service (memory consumption) via certain repeated reads from the
/proc/scsi/sg/devices file, which is not properly handled when the next()
iterator returns NULL or an error.
Notes:
dannf> seq_file is a 2.6ism, so marking 2.4 as N/A
dannf> There's a trivial test case - can it be reproduce this on 2.4?
Bugs:
upstream: released (2.6.12.6)
linux-2.6: released (2.6.12-6)
2.6.8-sarge-security: released (2.6.8-16sarge2)
2.4.27-sarge-security: N/A
2.4.19-woody-security: N/A
2.4.18-woody-security: N/A
2.4.17-woody-security: N/A
2.4.16-woody-security: N/A
2.4.17-woody-security-hppa: N/A
2.4.17-woody-security-ia64: N/A
2.4.18-woody-security-hppa: N/A
|