Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 198997 (CVE-2007-5904)

Summary: Kernel <= 2.6.23 CIFS VFS buffer overflows (CVE-2007-5904)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: bernd, chainsaw, itparanoia, jergendutch, kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=133672efbc1085f9af990bdc145e1822ea93bcf3
Whiteboard: [linux < 2.6.24][genpatches < 2.6.24-1]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2007-11-12 23:42:26 UTC 
CVE-2007-5904 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5904):
  Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier
  allows remote attackers to cause a denial of service (crash) and possibly
  execute arbitrary code via long SMB responses that trigger the overflows in
  the SendReceive function.
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2007-11-13 12:20:37 UTC 
*** Bug 199032 has been marked as a duplicate of this bug. ***
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2007-11-15 11:48:34 UTC 
*** Bug 199227 has been marked as a duplicate of this bug. ***