oss-sec mailing list archives
Re: query on a pppol2tp_recvmsg() fix - security relevant?
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 23 Jun 2008 15:22:38 -0400 (EDT)
====================================================== Name: CVE-2008-2750 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2750 Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6b6707a50c7598a83820077393f8823ab791abf8 Reference: CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.26-rc6 Reference: BID:29747 Reference: URL:http://www.securityfocus.com/bid/29747 Reference: FRSIRT:ADV-2008-1854 Reference: URL:http://www.frsirt.com/english/advisories/2008/1854 Reference: SECTRACK:1020297 Reference: URL:http://securitytracker.com/id?1020297 Reference: SECUNIA:30719 Reference: URL:http://secunia.com/advisories/30719 Reference: XF:linux-kernel-pppol2tprecvmsg-dos(43111) Reference: URL:http://xforce.iss.net/xforce/xfdb/43111 The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable.
Current thread:
- query on a pppol2tp_recvmsg() fix - security relevant? Marcus Meissner (Jun 18)
- Re: query on a pppol2tp_recvmsg() fix - security relevant? Eren Türkay (Jun 18)
- Re: query on a pppol2tp_recvmsg() fix - security relevant? Jan Lieskovsky (Jun 19)
- Re: query on a pppol2tp_recvmsg() fix - security relevant? Steven M. Christey (Jun 23)
- Re: query on a pppol2tp_recvmsg() fix - security relevant? Jan Lieskovsky (Jun 19)
- Re: query on a pppol2tp_recvmsg() fix - security relevant? Eren Türkay (Jun 18)