[CVE-2008-3276] Linux kernel dccp_setsockopt_change() integer overflow
Bug #258180 reported by
Till Ulen
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Low
|
Tim Gardner | ||
Feisty |
Invalid
|
Undecided
|
Unassigned | ||
Gutsy |
Invalid
|
Undecided
|
Unassigned | ||
Hardy |
Fix Released
|
Undecided
|
Unassigned | ||
linux-source-2.6.20 (Ubuntu) |
Invalid
|
Low
|
Tim Gardner | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
Gutsy |
Invalid
|
Undecided
|
Unassigned | ||
Hardy |
Invalid
|
Undecided
|
Unassigned | ||
linux-source-2.6.22 (Ubuntu) |
Invalid
|
Low
|
Tim Gardner | ||
Feisty |
Invalid
|
Undecided
|
Unassigned | ||
Gutsy |
Fix Released
|
Undecided
|
Unassigned | ||
Hardy |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Eugene Teo of Red Hat Security Response Team wrote:
"An integer overflow flaw was found in the Linux kernel
dccp_setsockopt
lack of sanitisation performed on a user-controlled integer value before
the value is employed as the size argument of a memory allocation
operation. An attacker may leverage this vulnerability to trigger a
kernel panic on a victim's machine remotely.
This affects kernel versions since 2.6.17-rc1. The proposed upstream
commit is: 3e8a0a559c66ee9
I have allocated this CVE-2008-3276."
CVE References
Changed in linux: | |
status: | Fix Committed → Fix Released |
status: | New → Fix Released |
status: | New → Invalid |
status: | New → Invalid |
Changed in linux-source-2.6.20: | |
status: | Fix Committed → Invalid |
To post a comment you must log in.
http:// kernel. ubuntu. com/git? p=ubuntu/ ubuntu- feisty. git;a=commit; h=51e49a29c6935 f8a8fa7d67e5c05 9520dd5c28d3