248325 – (CVE-2007-3105) CVE-2007-3105 Bound check ordering issue in random driver

Bug 248325 (CVE-2007-3105) - CVE-2007-3105 Bound check ordering issue in random driver

Summary: CVE-2007-3105 Bound check ordering issue in random driver

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2007-3105
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	275941 275951 275961 275971
Blocks:
TreeView+	depends on / blocked

Reported:	2007-07-16 05:15 UTC by Marcel Holtmann
Modified:	2021-11-12 19:40 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-11-01 13:33:30 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2007:0939	0	normal	SHIPPED_LIVE	Important: kernel security update	2008-01-07 18:58:13 UTC
Red Hat Product Errata	RHSA-2007:0940	0	normal	SHIPPED_LIVE	Important: kernel security update	2007-10-22 10:52:41 UTC

Description Marcel Holtmann 2007-07-16 05:15:59 UTC

Bug reported by the PaX Team <pageexec>

If root raised the default wakeup threshold over the size of the
output pool, the pool transfer function could overflow the stack with
RNG bytes, causing a DoS or potential privilege escalation.

Note You need to log in before you can comment on or make changes to this bug.