The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4 may allow local users to trigger a buffer overflow via negative arguments.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Linux_kernel | Linux | 2.6.10 (including) | 2.6.10 (including) |
| Linux_kernel | Linux | 2.6.11 (including) | 2.6.11 (including) |
| Linux_kernel | Linux | 2.6.11-rc1 (including) | 2.6.11-rc1 (including) |
| Linux_kernel | Linux | 2.6.11-rc2 (including) | 2.6.11-rc2 (including) |
| Linux_kernel | Linux | 2.6.11-rc3 (including) | 2.6.11-rc3 (including) |
| Red Hat Enterprise Linux 4 | RedHat | kernel-0:2.6.9-5.0.5.EL | * |
| Kernel-source-2.4.27 | Ubuntu | dapper | * |
| Kernel-source-2.4.27 | Ubuntu | edgy | * |
| Linux-source-2.6.15 | Ubuntu | dapper | * |
| Linux-source-2.6.17 | Ubuntu | edgy | * |
References
- http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000930
- http://linux.bkbits.net:8080/linux-2.6/gnupatch%404208e1fcfccuD-eH2OGM5mBhihmQ3A
- http://marc.info/?l=bugtraq\u0026m=111091402626556\u0026w=2
- http://marc.info/?l=full-disclosure\u0026m=110846727602817\u0026w=2
- http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
- http://www.redhat.com/support/errata/RHSA-2005-366.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10095
- http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000930
- http://linux.bkbits.net:8080/linux-2.6/gnupatch%404208e1fcfccuD-eH2OGM5mBhihmQ3A
- http://marc.info/?l=bugtraq\u0026m=111091402626556\u0026w=2
- http://marc.info/?l=full-disclosure\u0026m=110846727602817\u0026w=2
- http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
- http://www.redhat.com/support/errata/RHSA-2005-366.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10095