Red Hat Bugzilla – Bug 127258
CAN-2004-0619 Broadcom 5820 integer overflow
Last modified: 2007-11-30 17:07:02 EST
Reported to Bugtraq on Jun23.
An integer overflow in the ubsec_keysetup function for Linux Broadcom
5820 cryptonet driver allows local users to cause a denial of service
(crash) and possibly execute arbitrary code via a negative
add_dsa_buf_bytes variable, which leads to a buffer overflow.
See also http://secunia.com/advisories/11936/
(Only -unsupported in hugemem)
Changing platform to "All" as I don't see anything CPU-specific about
Created attachment 101977 [details]
I think this patch is "obviously correct" for fixing this problem...needs
testing, of course...
No luck so far at tracking-down a card for testing...would be eager to
hear of any test results, from anyone so equipped...
Created attachment 102247 [details]
This patch includes previous security patch plus some other "cleanup" fixes...
Created attachment 102263 [details]
Slightly enhance version of previous patch...
A fix for this problem has just been committed to the RHEL3 U4
patch pool this evening (in kernel version 2.4.21-20.3.EL).
The fix for this problem has also been committed to the RHEL3 E4
patch pool this evening (in kernel version 2.4.21-20.0.1.EL).