blob: 551302d9c6968500612f9cc35b521acd9ad64b17 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
Candidate: CVE-2006-5823
References:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8bb0269160df2a60764013994d0bc5165406cf4a
MISC:http://projects.info-pull.com/mokb/MOKB-07-11-2006.html
SECUNIA:22767
URL:http://secunia.com/advisories/22767
Description:
The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a
denial of service (crash) via a malformed filesystem that uses zlib
compression that triggers memory corruption, as demonstrated using cramfs.
Ubuntu-Description:
A buffer overread was found in the zlib_inflate() function. By
tricking an user into mounting a specially crafted file system which
uses zlib compression (such as cramfs), this could be exploited to
crash the kernel.
Notes:
dannf> This is reproducible in 2.4.27
Bugs:
upstream: released (2.4.36-pre2, 2.6.20-rc1)
linux-2.6: released (2.6.20-1)
2.6.18-etch-security: released (2.6.18.dfsg.1-10)
2.6.8-sarge-security: released (2.6.8-17sarge1) [cramfs-check-block-length.dpatch]
2.4.27-sarge-security: released (2.4.27-10sarge6) [254_cramfs-check-block-length.diff]
2.6.12-breezy-security: released (2.6.12-10.43)
2.6.15-dapper-security: released (2.6.15-28.51)
2.6.17-edgy-security: released (2.6.17.1-11.35)
|