Red Hat Bugzilla – Bug 155363
CVE-2005-3273 ROSE ndigis verification
Last modified: 2007-11-30 17:06:54 EST
An error exists in ROSE due to missing verification of the ndigis argument of
new routes. This was found by Coverity 20041216, rose_rt_ioctl.
fix looks to be in and building:
include/linux/ax25.h:#define AX25_MAX_DIGIS 8
net/rose/rose_route.c: if(rose_route.ndigis > AX25_MAX_DIGIS)/*
No more than 8 digipeats */
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.