Ubuntu
linux package

[CVE-2008-3276] Linux kernel dccp_setsockopt_change() integer overflow

Bug #258180 reported by Till Ulen on 2008-08-15

254

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Fix Released	Low	Tim Gardner	Ubuntu ubuntu-8.04.2
	Feisty	Invalid	Undecided	Unassigned
	Gutsy	Invalid	Undecided	Unassigned
	Hardy	Fix Released	Undecided	Unassigned
	linux-source-2.6.20 (Ubuntu)	Invalid	Low	Tim Gardner
	Feisty	Won't Fix	Undecided	Unassigned
	Gutsy	Invalid	Undecided	Unassigned
	Hardy	Invalid	Undecided	Unassigned
	linux-source-2.6.22 (Ubuntu)	Invalid	Low	Tim Gardner
	Feisty	Invalid	Undecided	Unassigned
	Gutsy	Fix Released	Undecided	Unassigned
	Hardy	Invalid	Undecided	Unassigned

Bug Description

Eugene Teo of Red Hat Security Response Team wrote:

"An integer overflow flaw was found in the Linux kernel
dccp_setsockopt_change() function. The vulnerability exists due to a
lack of sanitisation performed on a user-controlled integer value before
the value is employed as the size argument of a memory allocation
operation. An attacker may leverage this vulnerability to trigger a
kernel panic on a victim's machine remotely.

This affects kernel versions since 2.6.17-rc1. The proposed upstream
commit is: 3e8a0a559c66ee9e7468195691a56fefc3589740

I have allocated this CVE-2008-3276."

http://www.openwall.com/lists/oss-security/2008/08/15/3

CVE References

2008-3276

Revision history for this message

Tim Gardner (timg-tpi) wrote on 2008-08-19:

#1

http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-feisty.git;a=commit;h=51e49a29c6935f8a8fa7d67e5c059520dd5c28d3

Changed in linux-source-2.6.20:
assignee:	nobody → timg-tpi
importance:	Undecided → Low
status:	New → Fix Committed

Revision history for this message

Tim Gardner (timg-tpi) wrote on 2008-08-19:

#2

http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-gutsy.git;a=commit;h=c0bbce32dbc1e0282e5e14ef3924d57bd76b0680

Changed in linux-source-2.6.22:
assignee:	nobody → timg-tpi
status:	New → Fix Committed

Revision history for this message

Tim Gardner (timg-tpi) wrote on 2008-08-19:

#3

http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-hardy.git;a=commit;h=b132b00f4bfda95d7cb9a4c426b9245d2526a2c4

Changed in linux:
assignee:	nobody → timg-tpi
importance:	Undecided → Low
status:	New → Fix Committed
milestone:	none → ubuntu-8.04.2

Revision history for this message

Tim Gardner (timg-tpi) wrote on 2008-08-19:

#4

http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-intrepid.git;a=commit;h=0b9f4d78554bab2013f2fb8e9c81d7884b02504e

Changed in linux-source-2.6.22:
importance:	Undecided → Low

Kees Cook (kees) on 2008-10-27

Changed in linux:
status:	Fix Committed → Fix Released
status:	New → Fix Released
status:	New → Invalid
status:	New → Invalid
Changed in linux-source-2.6.20:
status:	Fix Committed → Invalid

Revision history for this message

Kees Cook (kees) wrote on 2008-10-27:

#5

Published: http://www.ubuntu.com/usn/usn-659-1

Changed in linux-source-2.6.20:
status:	New → Won't Fix
status:	New → Invalid
status:	New → Invalid
Changed in linux-source-2.6.22:
status:	New → Invalid
status:	New → Invalid
status:	New → Fix Released
status:	Fix Committed → Invalid

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.