blob: 7eca1285991582e77f19ad2e2ce541234d69622b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
Candidate: CVE-2007-5908
Description:
*REJECTED*
Buffer overflow in the (1) sysfs_show_available_clocksources and (2)
sysfs_show_current_clocksources functions in Linux kernel 2.6.23 and earlier
might allow local users to cause a denial of service or execute arbitrary
code via crafted clock source names.
References:
http://marc.info/?l=linux-kernel&m=119451922608530&w=2
Ubuntu-Description:
Notes:
kees> this is not actually an exploitable security issue. there is no way to add clock sources that could trigger the overflow.
Bugs:
upstream: N/A
linux-2.6: N/A
2.6.18-etch-security: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.6.15-dapper-security: N/A
2.6.17-edgy-security: N/A
2.6.20-feisty-security: N/A
2.6.22-gutsy-security: N/A
|