Your submission was sent successfully! Close

CVE-2008-3911

Published: 4 September 2008

The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from userspace, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the /proc/sys/sunrpc/transports file.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Does not exist

gutsy Does not exist

hardy Not vulnerable
(code not present)
intrepid Not vulnerable

upstream Needs triage

Patches:
other: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=27df6f25ff218072e0e879a96beeb398a79cdbc8
linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper Not vulnerable
(code not present)
feisty Does not exist

gutsy Does not exist

hardy Does not exist

intrepid Does not exist

upstream Needs triage

linux-source-2.6.20
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Not vulnerable
(code not present)
gutsy Does not exist

hardy Does not exist

intrepid Does not exist

upstream Needs triage

linux-source-2.6.22
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Does not exist

gutsy Not vulnerable
(code not present)
hardy Does not exist

intrepid Does not exist

upstream Needs triage