blob: 673012939f8c6b92ed5ffbd150a6d7206a179ac5 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Candidate: CVE-2007-6434
Description:
Linux kernel 2.6.23 allows local users to create low pages in virtual userspace
memory and bypass mmap_min_addr protection via a crafted executable file that calls
the do_brk function.
References:
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.24-rc5
Ubuntu-Description:
Notes:
kees> ecaf18c15aac8bb9bed7b7aa0e382fe252e275d5 (however, I think this only applied to 2.6.23 or newer -- security_file_mmap didn't take addresses until then)
Bugs:
upstream: released (2.6.24-rc5)
linux-2.6: released (2.6.23-2)
2.6.18-etch-security: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.6.15-dapper-security: N/A
2.6.17-edgy-security: N/A
2.6.20-feisty-security: N/A
2.6.22-gutsy-security: N/A
|