summaryrefslogtreecommitdiffstats
path: root/retired/CVE-2007-3105
blob: b04aab7eb04463895ee404bc61638a0b5f859851 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Candidate: CVE-2007-3105
References: 
Description: 
 Stack-based buffer overflow in the random number generator (RNG)
 implementation in the Linux kernel before 2.6.22 might allow local root
 users to cause a denial of service or gain privileges by setting the
 default wakeup threshold to a value greater than the output pool size,
 which triggers writing random numbers to the stack by the pool transfer
 function involving "bound check ordering". NOTE: this issue might only
 cross privilege boundaries in environments that have granular assignment
 of privileges for root.
Ubuntu-Description: 
 A buffer overflow was discovered in the random number generator.  In
 environments with granular assignment of root privileges, a local attacker
 could gain additional privileges.
Notes: 
 jmm> Vulnerable code not present in 2.4.27
 jmm> 2.6.8 is affected, but since we don't have full SE Linux support in
 jmm> Sarge, I don't believe this is an issue, which needs to be fixed
Bugs: 
upstream: released (2.6.21, 2.6.22.3)
linux-2.6: released (2.6.21-1)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch2) [bugfix/random-bound-check-ordering.patch]
2.6.8-sarge-security: released (2.6.8-17sarge2) [random-bound-check-ordering.dpatch]
2.4.27-sarge-security: N/A
2.6.15-dapper-security: released (2.6.15-29.58) 
2.6.17-edgy-security: released (2.6.17.1-12.40) [f22710043b7d89b496f7910e9c87ed62519dff14]
2.6.20-feisty-security: released (2.6.20-16.31) [542a98d0809f0eccc5cf23ed402285e995e0b31e]

© 2014-2024 Faster IT GmbH | imprint | privacy policy