Date: Mon, 23 Jun 2008 15:22:38 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: query on a pppol2tp_recvmsg() fix - security relevant? ====================================================== Name: CVE-2008-2750 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2750 Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6b6707a50c7598a83820077393f8823ab791abf8 Reference: CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.26-rc6 Reference: BID:29747 Reference: URL:http://www.securityfocus.com/bid/29747 Reference: FRSIRT:ADV-2008-1854 Reference: URL:http://www.frsirt.com/english/advisories/2008/1854 Reference: SECTRACK:1020297 Reference: URL:http://securitytracker.com/id?1020297 Reference: SECUNIA:30719 Reference: URL:http://secunia.com/advisories/30719 Reference: XF:linux-kernel-pppol2tprecvmsg-dos(43111) Reference: URL:http://xforce.iss.net/xforce/xfdb/43111 The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.