Author: fw
Date: 2006-12-25 13:11:37 +0100 (Mon, 25 Dec 2006)
New Revision: 5173
Modified:
data/CVE/list
Log:
CVE-2006-5648: some research, maill will follow
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-12-25 11:01:50 UTC (rev 5172)
+++ data/CVE/list 2006-12-25 12:11:37 UTC (rev 5173)
@@ -2345,7 +2345,18 @@
{DSA-1237 DSA-1233}
- linux-2.6 2.6.18-4
CVE-2006-5648 (Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to
cause a ...)
- TODO: check
+ - linux-2.6 <unfixed> (low)
+ NOTE: A few futex-related system calls need arch-specific support
+ NOTE: routines, or they can lead to unkillable userspace processes.
+ NOTE: The following git commits add futex_atomic_cmpxchg_inatomic
+ NOTE: implementations. The initial implementation contained code
+ NOTE: for amd64 and i386. Other implementations were added here:
+ NOTE: c7fed9d75074f7c243ec8ff2c55d04de2839a6f6 (sparc64, before 2.6.19)
+ NOTE: 69588298188b40ed7f75c98a6fd328d82f23ca21 (powerpc, before 2.6.18)
+ NOTE: a192dc16000241dc02990a36b6830839b73c44de (ia64, before 2.6.19)
+ NOTE: 342a0497c23c278633f8674ab62f71e5049b7080 (parisc, before 2.6.19)
+ NOTE: Expoitability depends on whether the syscall is actually wired,
+ NOTE: which seems to be the case for everything but ia64 and maybe arm.
CVE-2006-5647 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus
for ...)
NOT-FOR-US: Sophos
CVE-2006-5646 (Heap-based buffer overflow in Sophos Anti-Virus and Endpoint
Security ...)