Ubuntu
linux-source-2.6.22 package

[CVE-2008-2750] Remote vulnerability in pppol2tp_recvmsg() in Linux

Bug #241419 reported by Till Ulen on 2008-06-19

254

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	Undecided	Unassigned
linux-source-2.6.15 (Ubuntu)	Fix Released	Undecided	Unassigned
linux-source-2.6.20 (Ubuntu)	Fix Released	Undecided	Unassigned
linux-source-2.6.22 (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

CVE-2008-2750 description:

"The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable."

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2750

CVE References

2008-2750

Revision history for this message

Till Ulen (tillulen) wrote on 2008-06-19:

CVE-2008-2750

Revision history for this message

Leann Ogasawara (leannogasawara) wrote on 2008-07-23:

Hi Alexander,

It looks like this has been resolved: http://www.ubuntu.com/usn/usn-625-1

I'll go ahead and mark this bug report as "Fix Released". Thanks.

Changed in linux-source-2.6.22:
status:	New → Fix Released
Changed in linux:
status:	New → Fix Released
Changed in linux-source-2.6.15:
status:	New → Fix Released
Changed in linux-source-2.6.20:
status:	New → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux-source-2.6.22 package