blob: 3a997ebd7ec2bcf37e0939f50f590f1aba38a096 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
Candidate: CVE-2006-2935
References:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=454d6fbc48374be8f53b9bafaa86530cf8eb3bc1
Description:
The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c
in Linux kernel 2.2.16, and later versions, assigns the wrong value to a
length variable, which allows local users to execute arbitrary code via a
crafted USB Storage device that triggers a buffer overflow.
Ubuntu-Description:
A buffer overflow has been discovered in the dvd_read_bca() function.
By inserting a specially crafted DVD, USB stick, or similar
automatically mounted removable device, a local user could crash the
machine or potentially even execute arbitrary code with full root
privileges.
Notes:
dannf> Submitted to Adrian Bunk for inclusion in 2.6.16.y
Bugs:
upstream: released (2.6.17.7)
linux-2.6: released (2.6.17-5)
2.6.8-sarge-security: released (2.6.8-16sarge5) [cdrom-bad-cgc.buflen-assign.dpatch]
2.4.27-sarge-security: released (2.4.27-10sarge4) [224_cdrom-bad-cgc.buflen-assign.diff]
2.6.10-hoary-security: released (2.6.10-34.23)
2.6.12-breezy-security: released (2.6.12-10.37)
2.6.15-dapper-security: released (2.6.15-26.46)
2.6.17-edgy: released (2.6.17-10.30)
|