Re: [PATCH] Backport of CVE-2005-2709 fix

To: dann frazier <dannf@dannf.org>
Cc: debian-kernel@lists.debian.org
Subject: Re: [PATCH] Backport of CVE-2005-2709 fix
From: Marcelo Tosatti <marcelo.tosatti@cyclades.com>
Date: Mon, 28 Nov 2005 10:00:23 -0200
Message-id: <20051128120023.GA24445@logos.cnet>
In-reply-to: <1132353739.14911.22.camel@krebs.dannf>
References: <1132353739.14911.22.camel@krebs.dannf>

On Fri, Nov 18, 2005 at 03:42:19PM -0700, dann frazier wrote:
>  I've backported the fix for CVE-2005-2709 to 2.4 for Debian's 2.4
> sarge kernel. Below is a patch against 2.4.32, in case one hasn't been
> submitted to you yet. Please apply.
> 
> CVE-2005-2709
> 
> sysctl.c in Linux kernel before 2.6.14.1 allows local users to cause a
> denial of service (kernel oops) and possibly execute code by opening an
> interface file in /proc/sys/net/ipv4/conf/, waiting until the interface
> is unregistered, then obtaining and modifying function pointers in
> memory that was used for the ctl_table.

Applied, thanks Dann.

Reply to:

References:
- 2.4 port of CVE-2005-2709 fix
  - From: dann frazier <dannf@dannf.org>

Prev by Date: Processed: reassign to elilo
Next by Date: Bug#341152: initrd-tools: unable to boot after replacing devfs with udev: kernel panic, unable to create null, no console
Previous by thread: 2.4 port of CVE-2005-2709 fix
Next by thread: Bug#332942: ug#332942: kernel-image-2.6.8-2-386: fails to insert floppy.ko claiming "io-port 0x03f2 in use"
Index(es):
- Date
- Thread