blob: ffa83aac5af3f756bfdf683facd802e667101f23 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
Candidate: CVE-2005-3044
References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3044
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20050922
Category: SF
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.2
Description:
Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow loal
users to cause a denial of service (kernel OOPS from null dereference)
via (1) fput in a 32-bit ioctl on 64-bit x86 systems or (2) sockfd_put
in the 32-bit routing_ioctl function on 64-bit systems.
Notes:
http://lkml.org/lkml/2005/9/30/218
horms> 2.4.27 code is vulnerable but there is no amd64 for 2.4 in Sarge
dannf> Though, I guess its possible that someone would try to build an amd64
dannf> kernel out of our tree, so I marked 2.4 "needed" below. Lowest of the
dannf> low priorities though...
micah> there are actually two issues that are fixed in this CVE, so we
micah> have two patches... if you look at them they look REALLY similar, but they aren't
micah> dont be fooled
jmm> marking 2.4 as N/A, 2.4 wasn't supported for amd64
upstream: released (2.6.13.2)
linux-2.6: released (2.6.12-7, 2.6.13-1) [lost-fput-in-32bit-ioctl-on-x86-64.patch, linux-2.6.13.2.patch]
2.6.8-sarge-security: released (2.6.8-16sarge2) [lost-fput-in-32bit-ioctl-on-x86-64.dpatch, lost-sockfd_put-in-32bit-compat-routing_ioctl.patch]
2.4.27-sarge-security: N/A
2.6.18-etch-security: N/A
|
