Contents of /retired/CVE-2008-2358

Candidate: CVE-2008-2358
Description: 
 The Datagram Congestion Control Protocol (DCCP) subsystem in the Linux
 kernel 2.6.18, and probably other versions, does not properly check
 feature lengths, which might allow remote attackers to execute arbitrary
 code, related to an unspecified "overflow."
References: 
Ubuntu-Description: 
Notes: 
 kees> linux-2.6: 19443178fbfbf40db15c86012fc37df1a44ab857
 dannf> Only effects 2.6.17-2.6.19, between
 dannf> afe00251dd9b53d51de91ff0099961f42bbf3754 and
 dannf> c02fdc0e81e9c735d8d895af1e201b235df326d8
Bugs: 
upstream: released (2.6.26) 
linux-2.6: released (2.6.26-1)
2.6.18-etch-security: released (2.6.18.dfsg.1-18etch6) [bugfix/dccp-feature-length-check.patch]
2.6.24-etch-security: N/A
2.6.26-lenny-security: N/A
2.6.15-dapper-security: N/A
2.6.20-feisty-security: released (2.6.20-17.37)
2.6.22-gutsy-security: released (2.6.22-15.56)
2.6.24-hardy-security: released (2.6.24-19.36)
1	Candidate: CVE-2008-2358
2	Description:
3	The Datagram Congestion Control Protocol (DCCP) subsystem in the Linux
4	kernel 2.6.18, and probably other versions, does not properly check
5	feature lengths, which might allow remote attackers to execute arbitrary
6	code, related to an unspecified "overflow."
7	References:
8	Ubuntu-Description:
9	Notes:
10	kees> linux-2.6: 19443178fbfbf40db15c86012fc37df1a44ab857
11	dannf> Only effects 2.6.17-2.6.19, between
12	dannf> afe00251dd9b53d51de91ff0099961f42bbf3754 and
13	dannf> c02fdc0e81e9c735d8d895af1e201b235df326d8
14	Bugs:
15	upstream: released (2.6.26)
16	linux-2.6: released (2.6.26-1)
17	2.6.18-etch-security: released (2.6.18.dfsg.1-18etch6) [bugfix/dccp-feature-length-check.patch]
18	2.6.24-etch-security: N/A
19	2.6.26-lenny-security: N/A
20	2.6.15-dapper-security: N/A
21	2.6.20-feisty-security: released (2.6.20-17.37)
22	2.6.22-gutsy-security: released (2.6.22-15.56)
23	2.6.24-hardy-security: released (2.6.24-19.36)