Reported to Bugtraq on Jun23. An integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a negative add_dsa_buf_bytes variable, which leads to a buffer overflow. See also http://secunia.com/advisories/11936/
See also Bug 127258
Created attachment 108636 [details] /bcm5820-cleanup-rhel21-ia64.patch Patch applies same security fixes and cleanup that was applied to RHEL3 in bug 127258.
bcm5820 driver is not functional on rhel2.1-ia64 therefore has no security impact. closing.