blob: a8e167afead7242cd6fea7789d9db2621c0dc59b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
Candidate: CVE-2006-5751
References:
MISC:http://projects.info-pull.com/mokb/MOKB-29-11-2006.html
MISC:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=4c61a7e0a86e1ae9e16867f9f8e4b0412b8edbaf;hp=4e4119a1213925568b8a1acdef9bf52b98b19da3;hb=ba8379b220509e9448c00a77cf6c15ac2a559cc7;f=net/bridge/br_ioctl.c
CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ba8379b220509e9448c00a77cf6c15ac2a559cc7
CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.18.4
BID:21353
URL:http://www.securityfocus.com/bid/21353
FRSIRT:ADV-2006-4781
URL:http://www.frsirt.com/english/advisories/2006/4781
SECUNIA:23073
XF:linux-getfdbentries-integer-overflow(30588)
URL:http://xforce.iss.net/xforce/xfdb/30588
Description:
Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c in
the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code
via a large maxnum value in an ioctl request.
Ubuntu-Description:
An integer overflow was found in the get_fdb_entries() function of
the network bridging code. By executing a specially crafted ioctl, a
local attacker could exploit this to execute arbitrary code with root
privileges.
Notes:
dannf> Marking 2.4 as N/A - the code is much different now, and nothing
dannf> seemed to be checking PAGE_SIZE at all in 2.4
Bugs:
upstream: released (2.6.18.4, 2.6.19)
linux-2.6: released (2.6.18-8) [bugfix/2.6.18.4]
2.6.18-etch-security: released (2.6.18-8) [bugfix/2.6.18.4]
2.6.8-sarge-security: released (2.6.8-16sarge6) [bridge-get_fdb_entries-overflow.dpatch]
2.4.27-sarge-security: N/A
2.6.12-breezy-security: released (2.6.12-10.41)
2.6.15-dapper-security: released (2.6.15-27.49)
2.6.17-edgy-security: released (2.6.17.1-10.34)
|
