The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel prior to 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote malicious users to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
novell suse linux enterprise server 10.0 |
||
linux linux kernel 2.6.38 |
||
linux linux kernel 2.6.38.3 |
||
linux linux kernel |
||
linux linux kernel 2.6.38.6 |
||
linux linux kernel 2.6.38.1 |
||
linux linux kernel 2.6.38.5 |
||
linux linux kernel 2.6.38.2 |
||
linux linux kernel 2.6.38.4 |
||
linux linux kernel 2.6.38.7 |