Bug 232045
| Summary: | CVE-2007-1865 ipv6_getsockopt_sticky copy_to_user leak | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Marcel Holtmann <holtmann> |
| Component: | kernel | Assignee: | Thomas Graf <tgraf> |
| Status: | CLOSED WONTFIX | QA Contact: | Martin Jenner <mjenner> |
| Severity: | high | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5.1 | CC: | dzickus, rkhan, security-response-team |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | impact=important,source=redhat,reported=20070313,public=20070309 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-06-04 14:24:57 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Marcel Holtmann
2007-03-13 18:24:56 UTC
Created attachment 149966 [details]
Upstream patch from Chris Wright
Hi Marcel - This patch doesn't appear to be needed - len is ignored when copying header info to the user's buffer in ipv6_getsockopt_sticky() -- the length to hand back to userspace is taken direclty from the header. I don't see this patch upstream. Let me know if I've missed the vulnerablity here. This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. This request was evaluated by Red Hat Kernel Team for inclusion in a Red Hat Enterprise Linux maintenance release, and has moved to bugzilla status POST. |