retired/CVE-2006-4623


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

Candidate: CVE-2006-4623
References: 
 http://lkml.org/lkml/2006/8/20/278
Description: 
 The Unidirectional Lightweight Encapsulation (ULE) decapsulation
 component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel
 2.6.17.8 allows remote attackers to cause a denial of service (crash)
 via an SNDU length of 0 in a ULE packet.
Ubuntu-Description:
 A flaw was discovered in dvb ULE decapsulation.  A remote attacker could
 send a specially crafted message and cause a denial of service.
Notes: 
 mpitt> Questionable -- rather than fixing the kernel to not send out
	invalid ULE packets, it should be fixed to not crash upon
	receiving one.
 dannf> I noticed that a different, and much larger patch went into 2.6.18
        that conflicts with the one provided by the original reporter (which
        went into 2.6.17.y). I asked the original reporter if that patch also
        fixed the issue. Ang Way replied:
          "Yes, it is fixed in 2.6.18 and later even though the patch is
           different. Their fix is more elegant."
        So, marking etch N/A
Bugs: 
upstream: released (2.6.18)
linux-2.6: released (2.6.18-1)
2.6.18-etch-security: N/A
2.6.8-sarge-security: released (2.6.8-16sarge7) [dvb-core-handle-0-length-ule-sndu.dpatch]
2.4.27-sarge-security: N/A
2.6.15-dapper-security: released (2.6.15-28.57)
2.6.17-edgy: released (2.6.17.1-10.34)
2.6.20-feisty-security: N/A