Reported to Bugtraq on Jun23.
An integer overflow in the ubsec_keysetup function for Linux Broadcom
5820 cryptonet driver allows local users to cause a denial of service
(crash) and possibly execute arbitrary code via a negative
add_dsa_buf_bytes variable, which leads to a buffer overflow.
See also http://secunia.com/advisories/11936/
See also Bug 127258
Created attachment 108636 [details]
Patch applies same security fixes and cleanup that was applied to RHEL3 in bug
bcm5820 driver is not functional on rhel2.1-ia64 therefore has no
security impact. closing.