blob: ca7c063648725956291a98efb969cbe4353f1143 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
Candidate: CVE-2008-1673
Description:
The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6
before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b)
the gxsnmp package; does not properly validate length values during
decoding of ASN.1 BER data, which allows remote attackers to cause a denial
of service (crash) or execute arbitrary code via (1) a length greater than
the working buffer, which can lead to an unspecified overflow; (2) an oid
length of zero, which can lead to an off-by-one error; or (3) an indefinite
length for a primitive encoding.
References:
Ubuntu-Description:
Notes:
kees> linux-2.6: ddb2c43594f22843e9f3153da151deaba1a834c5
Bugs:
upstream: released (2.6.26)
linux-2.6: released (2.6.26-1)
2.6.18-etch-security: released (2.6.18.dfsg.1-22etch2) [bugfix/asn1-ber-decoding-checks.patch, bugfix/cifs-fix-compiler-warning.patch, bugfix/netfilter-nf_nat_snmp_basic-fix-range-check.patch]
2.6.24-etch-security: released (2.6.24-6~etchnhalf.5) [bugfix/asn1-ber-decoding-checks.patch, bugfix/cifs-fix-compiler-warning.patch, bugfix/netfilter-nf_nat_snmp_basic-fix-range-check.patch]
2.6.26-lenny-security: N/A
2.6.15-dapper-security: released (2.6.15-52.69)
2.6.20-feisty-security: released (2.6.20-17.37)
2.6.22-gutsy-security: released (2.6.22-15.56)
2.6.24-hardy-security: released (2.6.24-19.36)
|