Bug#402094: kernel-source-2.6.8: Intel drivers (net/e100.c, net/e1000/e1000_main.c)
Package: kernel-source-2.6.8
Version: 2.6.8-16sarge5
Severity: critical
Justification: root security hole
Noticed:
Intel LAN Driver Buffer Overflow Local Privilege Escalation
http://support.intel.com/support/network/sb/CS-023726.htm
The Intel blurb says Linux, and specifically Debian, is affected also:
Product Family OS Affected Driver Versions Corrected Driver Versions
Intel PRO 10/100 Adapters Linux* 3.5.14 or previous 3.5.17 or later
Intel PRO/1000 Adapters Linux 7.2.7 or previous 7.3.15 or later
and it seems that:
kernel-source-2.6.8/drivers/net/e100.c
#define DRV_NAME "e100"
#define DRV_VERSION "3.0.18"
#define DRV_DESCRIPTION "Intel(R) PRO/100 Network Driver"
#define DRV_COPYRIGHT "Copyright(c) 1999-2004 Intel Corporation"
kernel-source-2.6.8/drivers/net/e1000/e1000_main.c
char e1000_driver_name[] = "e1000";
char e1000_driver_string[] = "Intel(R) PRO/1000 Network Driver";
char e1000_driver_version[] = "5.2.52-k4";
char e1000_copyright[] = "Copyright (c) 1999-2004 Intel Corporation.";
are quite old (so seem to be affected).
Cheers,
Paul Szabo psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-spm1.6
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages kernel-source-2.6.8 depends on:
ii binutils 2.15-6 The GNU assembler, linker and bina
ii bzip2 1.0.2-7 high-quality block-sorting file co
ii coreutils [fileutils] 5.2.1-2 The GNU core utilities
ii fileutils 5.2.1-2 The GNU file management utilities
Reply to: