Linux Kernel Radionet Open Source Environment (ROSE) ndigis Input Validation Flaw Has Unspecified Impact
|
|
SecurityTracker Alert ID: 1014115 |
|
SecurityTracker URL: http://securitytracker.com/id/1014115
|
|
CVE Reference:
CAN-2005-0124
(Links to External Site)
|
Date: Jun 7 2005
|
Impact:
Not specified
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2.4.x, 2.6 prior to 2.6.11.11
|
Description:
A vulnerability was reported in the Linux kernel in the Radionet Open Source Environment (ROSE) implementation. The impact was not specified.
The rose_rt_ioctl() function does not properly validate a new route's ndigis argument.
The vendor described the impact as "minor".
The flaw resides in 'net/rose/rose_route.c'.
[Editor's note: This vulnerability was reported by Bryan Fulton of Coverity on December 16, 2004, in a message to the Linux-Kernel mailing list. The message covered several other related flaws in the kernel that are reported in separate alerts.]
|
Impact:
The impact was not specified.
|
Solution:
A fix is available in kernel version 2.6.11.11.
A patchset for the 2.4 kernel is available at:
http://linux.bkbits.net:8080/linux-2.4/cset@41e2cf515TpixcVQ8q8HvQvCv9E6zA
|
Vendor URL: www.kernel.org/ (Links to External Site)
|
Cause:
Boundary error, Input validation error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 1 Jun 2005 01:49:30 -0400
Subject: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.11
|
> [PATCH] Fix minor security hole
>
> ROSE wasn't verifying the ndigis argument of a new route resulting in a
> minor security hole.
|
|
