blob: a3355ba430c5817e0c0557822b1224ec28742b8d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Candidate: CVE-2006-3745
References:
http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=96ec9da385cf72c5f775e5f163420ea92e66ded2
http://www.kernel.org/git/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=e12289f0bc673dabb22be32d2df54b0ebfc7cf2b
Description: sctp potential local privilege escalation
Ubuntu-Description:
Wei Wang of McAfee Avert Labs discovered a buffer overflow in the
sctp_make_abort_user() function of iptables' SCTP module. On
computers which use this module, a local attacker could expoit this
to execute arbitrary code with root privileges.
Notes:
Bugs:
upstream: released (2.6.18-rc5)
linux-2.6: released (2.6.17-7)
2.6.8-sarge-security: released (2.6.8-16sarge5) [sctp-priv-elevation.dpatch]
2.4.27-sarge-security: released (2.4.27-10sarge4) [228_sctp-priv-elevation.diff]
2.6.10-hoary-security: released (2.6.10-34.23)
2.6.12-breezy-security: released (2.6.12-10.37)
2.6.15-dapper-security: released (2.6.15-26.47)
2.6.17-edgy: released (2.6.17-10.31)
|
