[CVE-2008-3276] Linux kernel dccp_setsockopt_change() integer overflow

Bug #258180 reported by Till Ulen on 2008-08-15
254
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Low
Tim Gardner
Feisty
Undecided
Unassigned
Gutsy
Undecided
Unassigned
Hardy
Undecided
Unassigned
linux-source-2.6.20 (Ubuntu)
Low
Tim Gardner
Feisty
Undecided
Unassigned
Gutsy
Undecided
Unassigned
Hardy
Undecided
Unassigned
linux-source-2.6.22 (Ubuntu)
Low
Tim Gardner
Feisty
Undecided
Unassigned
Gutsy
Undecided
Unassigned
Hardy
Undecided
Unassigned

Bug Description

Eugene Teo of Red Hat Security Response Team wrote:

"An integer overflow flaw was found in the Linux kernel
dccp_setsockopt_change() function. The vulnerability exists due to a
lack of sanitisation performed on a user-controlled integer value before
the value is employed as the size argument of a memory allocation
operation. An attacker may leverage this vulnerability to trigger a
kernel panic on a victim's machine remotely.

This affects kernel versions since 2.6.17-rc1. The proposed upstream
commit is: 3e8a0a559c66ee9e7468195691a56fefc3589740

I have allocated this CVE-2008-3276."

http://www.openwall.com/lists/oss-security/2008/08/15/3

CVE References

Tim Gardner (timg-tpi) wrote :
Changed in linux-source-2.6.20:
assignee: nobody → timg-tpi
importance: Undecided → Low
status: New → Fix Committed
Tim Gardner (timg-tpi) wrote :
Changed in linux-source-2.6.22:
assignee: nobody → timg-tpi
status: New → Fix Committed
Tim Gardner (timg-tpi) wrote :
Changed in linux:
assignee: nobody → timg-tpi
importance: Undecided → Low
status: New → Fix Committed
milestone: none → ubuntu-8.04.2
Kees Cook (kees) on 2008-10-27
Changed in linux:
status: Fix Committed → Fix Released
status: New → Fix Released
status: New → Invalid
status: New → Invalid
Changed in linux-source-2.6.20:
status: Fix Committed → Invalid
Kees Cook (kees) wrote :
Changed in linux-source-2.6.20:
status: New → Won't Fix
status: New → Invalid
status: New → Invalid
Changed in linux-source-2.6.22:
status: New → Invalid
status: New → Invalid
status: New → Fix Released
status: Fix Committed → Invalid
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers