blob: 123eb695fc6ca8785c78a34a92ff8d32bc8cc01a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
Candidate: CVE-2007-1730
References:
http://www.securityfocus.com/archive/1/archive/1/463934/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/464144/100/0/threaded
http://marc.info/?l=dccp&m=117509584316267&w=2
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.20.y.git;a=commit;h=4eb3dd593742225da375596564aca6aca2470999
Description:
Integer signedness error in the DCCP support in the do_dccp_getsockopt function
in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read
kernel memory or cause a denial of service (oops) via a negative optlen value.
Ubuntu-Description:
The do_dccp_getsockopt() function did not sufficiently verify the
optlen argument. A local attacker could exploit this to read kernel
memory (which might expose sensitive data) or cause a kernel crash.
This only affects Ubuntu 7.04.
Notes:
Earlier kernels than 2.6.20 do not have these options.
Bugs:
upstream: released (2.6.20.7)
linux-2.6: released (2.6.21-1)
2.6.18-etch-security: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.6.15-dapper-security: N/A
2.6.17-edgy-security: N/A
2.6.20-feisty-security: released (2.6.20-16.28)
|
