[kernel-sec-discuss] r1378 - active retired

Moritz Muehlenhoff jmm at alioth.debian.org
Tue May 19 08:48:41 UTC 2009 

Author: jmm
Date: 2009-05-19 08:48:41 +0000 (Tue, 19 May 2009)
New Revision: 1378

Added:
   retired/CVE-2008-1673
Removed:
   active/CVE-2008-1673
Log:
retire issue


Deleted: active/CVE-2008-1673
===================================================================
--- active/CVE-2008-1673	2009-05-19 08:48:24 UTC (rev 1377)
+++ active/CVE-2008-1673	2009-05-19 08:48:41 UTC (rev 1378)
@@ -1,24 +0,0 @@
-Candidate: CVE-2008-1673
-Description: 
- The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6
- before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b)
- the gxsnmp package; does not properly validate length values during
- decoding of ASN.1 BER data, which allows remote attackers to cause a denial
- of service (crash) or execute arbitrary code via (1) a length greater than
- the working buffer, which can lead to an unspecified overflow; (2) an oid
- length of zero, which can lead to an off-by-one error; or (3) an indefinite
- length for a primitive encoding.
-References: 
-Ubuntu-Description: 
-Notes: 
- kees> linux-2.6: ddb2c43594f22843e9f3153da151deaba1a834c5
-Bugs: 
-upstream: released (2.6.26)
-linux-2.6: released (2.6.26-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-22etch2) [bugfix/asn1-ber-decoding-checks.patch, bugfix/cifs-fix-compiler-warning.patch, bugfix/netfilter-nf_nat_snmp_basic-fix-range-check.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.5) [bugfix/asn1-ber-decoding-checks.patch, bugfix/cifs-fix-compiler-warning.patch, bugfix/netfilter-nf_nat_snmp_basic-fix-range-check.patch]
-2.6.26-lenny-security: N/A
-2.6.15-dapper-security: released (2.6.15-52.69)
-2.6.20-feisty-security: released (2.6.20-17.37)
-2.6.22-gutsy-security: released (2.6.22-15.56)
-2.6.24-hardy-security: released (2.6.24-19.36)

Copied: retired/CVE-2008-1673 (from rev 1377, active/CVE-2008-1673)
===================================================================
--- retired/CVE-2008-1673	                        (rev 0)
+++ retired/CVE-2008-1673	2009-05-19 08:48:41 UTC (rev 1378)
@@ -0,0 +1,24 @@
+Candidate: CVE-2008-1673
+Description: 
+ The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6
+ before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b)
+ the gxsnmp package; does not properly validate length values during
+ decoding of ASN.1 BER data, which allows remote attackers to cause a denial
+ of service (crash) or execute arbitrary code via (1) a length greater than
+ the working buffer, which can lead to an unspecified overflow; (2) an oid
+ length of zero, which can lead to an off-by-one error; or (3) an indefinite
+ length for a primitive encoding.
+References: 
+Ubuntu-Description: 
+Notes: 
+ kees> linux-2.6: ddb2c43594f22843e9f3153da151deaba1a834c5
+Bugs: 
+upstream: released (2.6.26)
+linux-2.6: released (2.6.26-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-22etch2) [bugfix/asn1-ber-decoding-checks.patch, bugfix/cifs-fix-compiler-warning.patch, bugfix/netfilter-nf_nat_snmp_basic-fix-range-check.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.5) [bugfix/asn1-ber-decoding-checks.patch, bugfix/cifs-fix-compiler-warning.patch, bugfix/netfilter-nf_nat_snmp_basic-fix-range-check.patch]
+2.6.26-lenny-security: N/A
+2.6.15-dapper-security: released (2.6.15-52.69)
+2.6.20-feisty-security: released (2.6.20-17.37)
+2.6.22-gutsy-security: released (2.6.22-15.56)
+2.6.24-hardy-security: released (2.6.24-19.36)

More information about the kernel-sec-discuss mailing list