blob: b04aab7eb04463895ee404bc61638a0b5f859851 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
Candidate: CVE-2007-3105
References:
Description:
Stack-based buffer overflow in the random number generator (RNG)
implementation in the Linux kernel before 2.6.22 might allow local root
users to cause a denial of service or gain privileges by setting the
default wakeup threshold to a value greater than the output pool size,
which triggers writing random numbers to the stack by the pool transfer
function involving "bound check ordering". NOTE: this issue might only
cross privilege boundaries in environments that have granular assignment
of privileges for root.
Ubuntu-Description:
A buffer overflow was discovered in the random number generator. In
environments with granular assignment of root privileges, a local attacker
could gain additional privileges.
Notes:
jmm> Vulnerable code not present in 2.4.27
jmm> 2.6.8 is affected, but since we don't have full SE Linux support in
jmm> Sarge, I don't believe this is an issue, which needs to be fixed
Bugs:
upstream: released (2.6.21, 2.6.22.3)
linux-2.6: released (2.6.21-1)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch2) [bugfix/random-bound-check-ordering.patch]
2.6.8-sarge-security: released (2.6.8-17sarge2) [random-bound-check-ordering.dpatch]
2.4.27-sarge-security: N/A
2.6.15-dapper-security: released (2.6.15-29.58)
2.6.17-edgy-security: released (2.6.17.1-12.40) [f22710043b7d89b496f7910e9c87ed62519dff14]
2.6.20-feisty-security: released (2.6.20-16.31) [542a98d0809f0eccc5cf23ed402285e995e0b31e]
|