CVE-2008-1673
Published: 10 June 2008
The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding.
From the Ubuntu Security Team
Wei Wang discovered that the ASN.1 decoding routines in CIFS and SNMP NAT did not correctly handle certain length values. Remote attackers could exploit this to execute arbitrary code or crash the system.
Priority
Status
Package | Release | Status |
---|---|---|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Released
(2.6.15-52.69)
|
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
linux-source-2.6.20 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Does not exist
|
|
feisty |
Released
(2.6.20-17.37)
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
linux-source-2.6.22 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Released
(2.6.22-15.56)
|
|
hardy |
Does not exist
|
|
linux Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.26)
|
dapper |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Released
(2.6.24-19.36)
|
|
Patches: other: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=33afb8403f361919aa5c8fe1d0a4f5ddbfbbea3c other: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ddb2c43594f22843e9f3153da151deaba1a834c5 |