[Bug 164011] [linux-source] multiple DoS vulnerabilities

hk47 bugtracker at slideomania.com
Tue Nov 20 08:21:01 UTC 2007


Public bug reported:

Binary package hint: linux-source

References:
[1]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6058
[2]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4997

Quoting [1]:
"The minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. NOTE: this issue might be due to an integer overflow or signedness error."

Quoting [2]:
"Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error.""

** Affects: linux-meta (Ubuntu)
     Importance: Undecided
         Status: New

** Visibility changed to: Public

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2006-6058

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-4997

-- 
[linux-source] multiple DoS vulnerabilities
https://bugs.launchpad.net/bugs/164011
You received this bug notification because you are a member of Kernel
Bugs, which is a bug contact for linux-meta in ubuntu.




More information about the kernel-bugs mailing list