Red Hat Bugzilla – Bug 127257
CAN-2004-0619 Broadcom 5820 integer overflow (ipf)
Last modified: 2007-11-30 17:06:54 EST
Reported to Bugtraq on Jun23.
An integer overflow in the ubsec_keysetup function for Linux Broadcom
5820 cryptonet driver allows local users to cause a denial of service
(crash) and possibly execute arbitrary code via a negative
add_dsa_buf_bytes variable, which leads to a buffer overflow.
See also http://secunia.com/advisories/11936/
See also Bug 127258
Created attachment 108636 [details]
Patch applies same security fixes and cleanup that was applied to RHEL3 in bug
bcm5820 driver is not functional on rhel2.1-ia64 therefore has no
security impact. closing.