CVE-2010-2954

Priority
Medium
Description
The irda_bind function in net/irda/af_irda.c in the Linux kernel before
2.6.36-rc3-next-20100901 does not properly handle failure of the
irda_open_tsap function, which allows local users to cause a denial of
service (NULL pointer dereference and panic) and possibly have unspecified
other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka
PF_IRDA) socket.
Ubuntu-Description
Tavis Ormandy discovered that the IRDA subsystem did not correctly shut
down. A local attacker could exploit this to cause the system to crash or
possibly gain root privileges.
References
Assigned-to
sconklin
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.32-309.18)
Ubuntu 11.04 (Natty Narwhal):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.32-216.33)
Ubuntu 11.04 (Natty Narwhal):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.35-25.44~lucid1)
Ubuntu 11.04 (Natty Narwhal):DNE
Package
Source: linux (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):released (2.6.24-28.80)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.32-25.45)
Ubuntu 11.04 (Natty Narwhal):not-affected
Patches:
Upstream:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=628e300cccaa628d8fb92aa28cb7530a3d5f2257
Hardy:http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2954/patches/hardy/linux/0001-irda-Correctly-clean-up-self-ias_obj-on-irda_bind-fail.txt
Jaunty:http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2954/patches/jaunty/linux/0001-irda-Correctly-clean-up-self-ias_obj-on-irda_bind-fail.txt
Karmic:http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2954/patches/karmic/linux/0001-irda-Correctly-clean-up-self-ias_obj-on-irda_bind-fail.txt
Lucid:http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2954/patches/lucid/linux/0001-irda-Correctly-clean-up-self-ias_obj-on-irda_bind-fail.txt
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.31-608.22)
Ubuntu 11.04 (Natty Narwhal):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):not-affected
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:21:15 UTC (commit 5347)