Linux Kernel Radionet Open Source Environment (ROSE) ndigis Input Validation Flaw Has Unspecified Impact
|
|
SecurityTracker Alert ID: 1014115
|
|
SecurityTracker URL: http://securitytracker.com/id?1014115
|
|
CVE Reference: CAN-2005-0124
(Links to External Site)
|
Date: Jun 7 2005
|
Impact: Not specified
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 2.4.x, 2.6 prior to 2.6.11.11
|
Description: A vulnerability was reported in the Linux kernel in the Radionet Open Source Environment (ROSE) implementation. The impact was not specified.
The rose_rt_ioctl() function does not properly validate a new route's ndigis argument.
The vendor described the impact as "minor".
The
flaw resides in 'net/rose/rose_route.c'.
[Editor's note: This vulnerability was reported by Bryan Fulton of Coverity on December
16, 2004, in a message to the Linux-Kernel mailing list. The message covered several other related flaws in the kernel that are
reported in separate alerts.]
|
Impact: The impact was not specified.
|
Solution: A fix is available in kernel version 2.6.11.11.
A patchset for the 2.4 kernel is available at:
http://linux.bkbits.net:8080/linux-2.4/cset@41e2cf515TpixcVQ8q8HvQvCv9E6zA
|
Vendor URL: www.kernel.org/ (Links to External Site)
|
Cause: Boundary error, Input validation error
|
Underlying OS: Linux (Caldera/SCO), Linux (Conectiva), Linux (Debian), Linux (EnGarde), Linux (Gentoo), Linux (HP Secure OS), Linux (Immunix), Linux (Mandrake), Linux (Progeny Debian), Linux (Red Hat Enterprise), Linux (Red Hat Fedora), Linux (Red Hat Linux), Linux (SGI), Linux (Slackware), Linux (Sun), Linux (SuSE), Linux (Trustix), Linux (Turbo Linux), Linux (Ubuntu), Linux (Xandros)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 1 Jun 2005 01:49:30 -0400
Subject: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.11
|
> [PATCH] Fix minor security hole
>
> ROSE wasn't verifying the ndigis argument of a new route resulting in a
> minor security hole.
|
|
