blob: 043cf3ab8cfeb56603efa20930dd79b6a98afa0f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
Candidate: CVE-2008-5029
Description:
The __scm_destroy function in net/core/scm.c in the Linux kernel
2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself
through calls to the fput function, which allows local users to cause
a denial of service (panic) via vectors related to sending an
SCM_RIGHTS message through a UNIX domain socket and closing file
descriptors.
References:
http://marc.info/?l=linux-netdev&m=122593044330973&w=2
http://www.openwall.com/lists/oss-security/2008/11/06/1
https://bugzilla.redhat.com/show_bug.cgi?id=470201
Ubuntu-Description:
Notes:
Bugs:
upstream: released (2.6.26.8)
linux-2.6: released (2.6.26-11) [bugfix/all/stable/2.6.26.8.patch]
2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/af_unix-fix-garbage-collector-races.patch, bugfix/af_unix-convert-socks-to-unix_socks.patch, bugfix/net-unix-fix-inflight-counting-bug-in-garbage-collector.patch, bugfix/net-fix-recursive-descent-in-__scm_destroy.patch]
2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/unix-domain-counting-gc.patch, bugfix/unix-domain-recursive-descent.patch, bugfix/unix-domain-recursive-descent-abi-ignore.patch]
2.6.26-lenny-security: released (2.6.26-11) [bugfix/all/stable/2.6.26.8.patch]
2.6.15-dapper-security: needed
2.6.22-gutsy-security: needed
2.6.24-hardy-security: needed
2.6.27-intrepid-security: needed
|