summaryrefslogtreecommitdiffstats
path: root/retired/CVE-2005-4798
blob: 8959e945343e498f1e7fde3e3703ee75357f2162 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Candidate: CVE-2005-4798
References: 
 http://www.ussg.iu.edu/hypermail/linux/kernel/0509.1/1333.html
 http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=87e03738fc15dc3ea4acde3a5dcb5f84b6b6152b
 http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commitdiff;h=87e03738fc15dc3ea4acde3a5dcb5f84b6b6152b
Description: 
 Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to 2.4.31
 allows remote NFS servers to cause a denial of service (crash) via a long
 symlink, which is not properly handled in (1) nfs2xdr.c or (2) nfs3xdr.c and
 causes a crash in the NFS client.
Notes: 
 dannf> >= 2.6.13 not affected according to:
 dannf> http://www.ussg.iu.edu/hypermail/linux/kernel/0509.1/1333.html
 dannf> 2.6.8 looks affected to me - including my shot at a fix...
Bugs: 
upstream: 
linux-2.6: N/A
2.6.8-sarge-security: released (2.6.8-16sarge5) [nfs-handle-long-symlinks.dpatch]
2.4.27-sarge-security: released (2.4.27-10sarge4) [223_nfs-handle-long-symlinks.diff]

© 2014-2024 Faster IT GmbH | imprint | privacy policy