summaryrefslogtreecommitdiffstats
path: root/retired/CVE-2007-0958
blob: 6dedad67f482435853e79d8b725a3e54930cd3ca (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Candidate: CVE-2007-0958
References: 
 MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
 CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20 
Description: 
 Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable
 binaries by using the interpreter (PT_INTERP) functionality and triggering
 a core dump, a variant of CVE-2004-1073.
Ubuntu-Description: 
Notes: 
 dannf> Red Hat's 2.4 isn't vulnerable; Willy Tarreau asked the reporter
        for a reproducer in 2007.02. I sent Willy an e-mail on 2008.02.06
        to see if he ever heard back. Until then, I'll assume 2.4 is ok.
Bugs: 
upstream: released (2.6.20)
linux-2.6: released (2.6.20-1)
2.6.18-etch-security: released (2.6.18.dfsg.1-12etch1) [bugfix/core-dump-unreadable-PT_INTERP.patch]
2.6.8-sarge-security: released (2.6.8-16sarge7) [core-dump-unreadable-PT_INTERP.dpatch]
2.4.27-sarge-security: ignored (2.4.27-10sarge6) "poked upstream on 2008.02.06"
2.6.15-dapper-security: released (2.6.15-28.53)
2.6.17-edgy-security: released (2.6.17.1-11.37)

© 2014-2024 Faster IT GmbH | imprint | privacy policy