| 1 |
Candidate: CVE-2006-1342
|
| 2 |
References:
|
| 3 |
http://marc.theaimsgroup.com/?l=linux-netdev&m=114148078223594&w=2
|
| 4 |
http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b
|
| 5 |
Description:
|
| 6 |
net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero
|
| 7 |
before returning IPv4 socket names from the (1) getsockname, (2) getpeername,
|
| 8 |
and (3) accept functions, which allows local users to obtain portions of
|
| 9 |
potentially sensitive memory.
|
| 10 |
Notes:
|
| 11 |
jmm> getorigdst() requires the fix in 2.6.8, inet_getname() is already fixed
|
| 12 |
dannf> both CVE-2006-1342 & CVE-2006-1343 were fixed by the same patch;
|
| 13 |
however we actually coincidentally already fixed 1343 in the
|
| 14 |
043_ipsec.diff patch
|
| 15 |
Bugs:
|
| 16 |
upstream: released (2.4.33-pre3)
|
| 17 |
linux-2.6: N/A
|
| 18 |
2.6.8-sarge-security: N/A
|
| 19 |
2.4.27-sarge-security: released (2.4.27-1)
|
| 20 |
2.4.19-woody-security:
|
| 21 |
2.4.18-woody-security:
|
| 22 |
2.4.17-woody-security:
|
| 23 |
2.4.16-woody-security:
|
| 24 |
2.4.17-woody-security-hppa:
|
| 25 |
2.4.17-woody-security-ia64:
|
Parent Directory
| 
Revision Log