Bug 425111 (CVE-2007-6151) - CVE-2007-6151 I4L: fix isdn_ioctl memory issue
Summary: CVE-2007-6151 I4L: fix isdn_ioctl memory issue
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2007-6151
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://git.kernel.org/?p=linux/kernel...
Whiteboard:
Depends On: 425121 425131 425141 425151 425161 425171 425181
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-12-14 16:30 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:22 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-08-22 06:33:50 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0055 0 normal SHIPPED_LIVE Important: kernel security and bug fix update 2008-01-31 18:35:49 UTC
Red Hat Product Errata RHSA-2008:0211 0 normal SHIPPED_LIVE Important: kernel security and bug fix update 2008-05-07 07:03:52 UTC
Red Hat Product Errata RHSA-2008:0787 0 normal SHIPPED_LIVE Important: kernel security update 2009-01-05 07:08:54 UTC
Red Hat Product Errata RHSA-2009:0001 0 normal SHIPPED_LIVE Important: kernel security update 2009-01-08 15:47:52 UTC

Description Jan Lieskovsky 2007-12-14 16:30:35 UTC
Description of problem:

Fix possible memory overrun issue in the isdn ioctl code.

The 1 snprintf() can be overflown by people who also use
the ioctl. It however can only overwrite other parts of
the iocpar union, no return pointers.

This issue public via:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=eafe1aa37e6ec2d56f14732b5240c4dd09f0613a

The above link also includes the proposed patch.

Note:

This issue is different than that one described in:

https://bugzilla.redhat.com/show_bug.cgi?id=392101

which is also I4L kernel ISDN code related.


Note You need to log in before you can comment on or make changes to this bug.