blob: 9e95216cea95eb2c924de2da7a7ed2b446d1f47c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
Candidate: CVE-2007-1217
References:
Description:
Buffer overflow in the bufprint function in capiutil.c in libcapi, as used
in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to
cause a denial of service (crash) and possibly gain privileges via a
crafted CAPI packet.
Ubuntu-Description:
Notes:
jmm> Analysis by Karsten Keil (the Linux ISDN maintainer) pointed out, that this
jmm> is not exploitable over the ISDN network, as the generated CAPI messages
jmm> cannot reach a size allowing an overflow.
jmm> This could only be theoretically exploited if there's a pure CAPI server
jmm> and even then it's only DoS.
jmm>
jmm> We'll ignore this, as it's not exploitable over ISDN
jmm>
jmm> http://bugzilla.kernel.org/show_bug.cgi?id=8028
Bugs:
upstream: released (2.6.21)
linux-2.6: released (2.6.21-1)
2.6.18-etch-security: ignored
2.6.8-sarge-security: ignored
2.4.27-sarge-security: ignored
2.6.15-dapper-security: ignored
2.6.17-edgy-security: ignored
2.6.20-feisty-security: ignored
|