blob: f3fe237ae550df9bba97dab70abd7cf9447b8574 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
Candidate: CVE-2007-5087
References:
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.35.y.git;a=commitdiff;h=b7ae15e7707050baafe5a35e3d4f2d175197d222
Description:
The ATM module in the Linux kernel before 2.4.35.3, when CLIP support is
enabled, allows local users to cause a denial of service (kernel panic) by
reading /proc/net/atm/arp before the CLIP module has been loaded.
Ubuntu-Description:
Notes:
Bugs:
dannf> Vulnerable code was added to 2.4 in:
http://linux.bkbits.net:8080/linux-2.4/?PAGE=gnupatch&REV=1.1448.44.17
which was after 2.4.27
dannf> The commit notes that 2.6 isn't vulnerable because the arp entry is
handled in clip.c. I've verified this is true for both 2.6.8 and 2.6.18.
upstream: released (2.4.36-pre2)
linux-2.6: N/A
2.6.18-etch-security: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.6.15-dapper-security: N/A
2.6.17-edgy-security: ignored (EOL)
2.6.20-feisty-security: N/A
2.6.22-gutsy-security: N/A
|