1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
PublicDate: 2007-11-09
Candidate: CVE-2007-5908
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5908
Description:
** REJECT ** Buffer overflow in the (1) sysfs_show_available_clocksources
and (2) sysfs_show_current_clocksources functions in Linux kernel 2.6.23
and earlier might allow local users to cause a denial of service or execute
arbitrary code via crafted clock source names. NOTE: follow-on analysis by
Linux developers states that "There is no way for unprivileged users (or
really even the root user) to add new clocksources."
Ubuntu-Description:
Notes:
kees> http://marc.info/?l=linux-kernel&m=119451922608530&w=2
kees> This isn't actually exploitable since clocksources aren't user-settable
Bugs:
Priority: negligible
Assigned-to:
upstream_linux-source: ignored
dapper_linux-source-2.6.15: ignored
edgy_linux-source-2.6.15: DNE
feisty_linux-source-2.6.15: DNE
gutsy_linux-source-2.6.15: DNE
dapper_linux-source-2.6.17: DNE
edgy_linux-source-2.6.17: ignored
feisty_linux-source-2.6.17: DNE
gutsy_linux-source-2.6.17: DNE
dapper_linux-source-2.6.20: DNE
edgy_linux-source-2.6.20: DNE
feisty_linux-source-2.6.20: ignored
gutsy_linux-source-2.6.20: DNE
dapper_linux-source-2.6.22: DNE
edgy_linux-source-2.6.22: DNE
feisty_linux-source-2.6.22: DNE
gutsy_linux-source-2.6.22: ignored
devel_linux: ignored
upstream_linux-source-2.6.15:
upstream_linux-source-2.6.17:
upstream_linux-source-2.6.20:
upstream_linux-source-2.6.22:
upstream_linux:
|