198997 – (CVE-2007-5904) Kernel <= 2.6.23 CIFS VFS buffer overflows (CVE-2007-5904)

Bug 198997 (CVE-2007-5904) - Kernel <= 2.6.23 CIFS VFS buffer overflows (CVE-2007-5904)

Summary: Kernel <= 2.6.23 CIFS VFS buffer overflows (CVE-2007-5904)

Status:	RESOLVED FIXED

Alias:	CVE-2007-5904

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://git.kernel.org/?p=linux/kernel...
Whiteboard:	[linux < 2.6.24][genpatches < 2.6.24-1]
Keywords:

Duplicates (2):	199032 199227 (view as bug list)
Depends on:
Blocks:

Reported:	2007-11-12 23:42 UTC by Robert Buchholz (RETIRED)
Modified:	2013-09-05 03:12 UTC (History)
CC List:	5 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2007-11-12 23:42:26 UTC

CVE-2007-5904 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5904):
  Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier
  allows remote attackers to cause a denial of service (crash) and possibly
  execute arbitrary code via long SMB responses that trigger the overflows in
  the SendReceive function.

Comment 1 Jakub Moc (RETIRED) gentoo-dev

2007-11-13 12:20:37 UTC

*** Bug 199032 has been marked as a duplicate of this bug. ***

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2007-11-15 11:48:34 UTC

*** Bug 199227 has been marked as a duplicate of this bug. ***