LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2008-3911 CVE-2008-4618
Created:October 27, 2008 Updated:January 22, 2009
Description:

From the SUSE advisory:

CVE-2008-3911: The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from user space, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the /proc/sys/sunrpc/transports file.

CVE-2008-4618: Fixed a kernel panic in SCTP while process protocol violation parameter.

Alerts:
Debian DSA-1681-1 2008-12-04
Ubuntu USN-679-1 2008-11-27
SuSE SUSE-SA:2008:053 2008-10-27
Red Hat RHSA-2009:0009-02 2009-01-22
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds