Bug#296899: CAN-2005-0531: Buffer overflow in atm_get_addr

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#296899: CAN-2005-0531: Buffer overflow in atm_get_addr
From: Stefan Fritsch <sf@sfritsch.de>
Date: Fri, 25 Feb 2005 15:16:58 +0100
Message-id: <[🔎] E1D4gH4-0005ay-8m@k.local>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 296899@bugs.debian.org

Package: kernel-source-2.6.8
Version: 2.6.8-13
Severity: critical
Tags: security
Justification: root security hole

Cite:
"The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4
may allow local users to trigger a buffer overflow via negative arguments."

The offending code is also in 2.6.8 and 2.4.27.

Fix:
http://linux.bkbits.net:8080/linux-2.6/gnupatch@4208e1fcfccuD-eH2OGM5mBhihmQ3A

Advisory:
http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2

Please fix also 2.6.9 and 2.6.10

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Reply to:

Prev by Date: Bug#296897: CAN-2005-0532: Buffer overflow in reiserfs_copy_from_user... on 64bit arches
Next by Date: Bug#296900: CAN-2005-0529: Buffer overflow in proc_file_read
Previous by thread: Bug#296897: CAN-2005-0532: Buffer overflow in reiserfs_copy_from_user... on 64bit arches
Next by thread: Bug#296900: CAN-2005-0529: Buffer overflow in proc_file_read
Index(es):
- Date
- Thread