Launchpad.net

CVE 2009-1265

Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow remote attackers to obtain sensitive information via a large length value, which causes "garbage" memory to be sent.

Related bugs and status

CVE-2009-1265 (Candidate) is related to these bugs:

Bug #395973: Please update kernel to version 2.6.24-26.34 to fix several security vulnerabilities

Summary				In	Importance	Status
	395973	Please update kernel to version 2.6.24-26.34 to fix several security vulnerabilities		The Dell Mini Project	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2009040...
MISC: http://bugzilla.kernel...
CONFIRM: http://git.kernel.org/...
OSVDB: 53571
OSVDB: 53630
OSVDB: 53631
BID: 34654
DEBIAN: DSA-1787
SECUNIA: 34981
DEBIAN: DSA-1794
SECUNIA: 35011
DEBIAN: DSA-1800
MANDRIVA: MDVSA-2009:119
SUSE: SUSE-SA:2009:028
SECUNIA: 35121
SECUNIA: 35185
SUSE: SUSE-SA:2009:030
SUSE: SUSE-SA:2009:031
SUSE: SUSE-SA:2009:032
SECUNIA: 35390
SECUNIA: 35394
MANDRIVA: MDVSA-2009:135
SECUNIA: 35387
UBUNTU: USN-793-1
SECUNIA: 35656