Bug 121378

Summary: Linux kernel setsockopt MCAST_MSFILTER integer overflow
Product: [Fedora] Fedora Reporter: Robert Scheck <redhat-bugzilla>
Component: kernelAssignee: Arjan van de Ven <arjanv>
Status: CLOSED ERRATA QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 1Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://isec.pl/vulnerabilities/isec-0015-msfilter.txt
Whiteboard:
Fixed In Version: 2.4.22-1.2188.nptl Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-04-22 19:31:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Robert Scheck 2004-04-20 21:03:23 UTC 
Reported to bugtraq on April 20th, a security vulnerability has been
found in the Linux kernel in the ip_setsockopt() function code which
can allow privilege escalation. Code affects kernel versions 2.4.22 -
2.4.25, 2.6.1 - 2.6.3. I think, it also affects the kernel shipped 
with Fedora Core 1 which contained a backported version of the
vulnerable code.

Red Hat Enterprise Linux has #121314 for the same issue.
Comment 1 Robert Scheck 2004-04-22 19:31:25 UTC 
Thanks for fixing this issue with the latest update :)