blob: 210f9fb8ea3f20a758f15769653edafbef7faf0e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
Candidate: CVE-2006-4538
References:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3a459756810912d2c2bf188cef566af255936b4d
http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=8833ebaa3f4325820fe3338ccf6fae04f6669254
Description:
Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC
platforms, allows local users to cause a denial of service (crash) via
a malformed ELF file that triggers memory maps that cross region
boundaries.
Ubuntu-Description:
Kirill Korotaev discovered that the ELF loader on the ia64 and sparc
platforms did not sufficiently verify the memory layout. By
attempting to execute a specially crafted executable, a local user
could exploit this to crash the kernel.
Notes:
Bugs:
upstream: released (2.6.18-rc7)
linux-2.6: released (2.6.18-1)
2.6.8-sarge-security: released (2.6.8-16sarge6) [ia64-sparc-cross-region-mappings.dpatch]
2.4.27-sarge-security: released (2.4.27-10sarge5) [233_ia64-sparc-cross-region-mappings.diff]
2.6.10-hoary-security: released (2.6.10-34.24)
2.6.12-breezy-security: released (2.6.12-10.40)
2.6.15-dapper-security: released (2.6.15-27.48)
2.6.17-edgy: released (2.6.17-10.31)
|
