Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2006-1055

The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 up to versions before 2.6.17-rc1 does not zero terminate a buffer when a length of PAGE_SIZE or more is requested, which might allow local users to cause a denial of service (crash) by causing an out-of-bounds read.

Related bugs and status

CVE-2006-1055 (Candidate) is related to these bugs:

Bug #41284: Don't allow a backslash in a path component (CVE-2006-1863)

Summary				In	Importance	Status
	41284	Don't allow a backslash in a path component (CVE-2006-1863)		linux-source-2.6.15 (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.kernel.org/...
CONFIRM: http://www.kernel.org/...
TRUSTIX: 2006-0020
BID: 17402
SECUNIA: 19495
SECUNIA: 19955
SUSE: SUSE-SA:2006:028
UBUNTU: USN-302-1
SECUNIA: 20716
SECUNIA: 20398
OSVDB: 24443
FEDORA: FEDORA-2006-423
SECUNIA: 19735
VUPEN: ADV-2006-1273
VUPEN: ADV-2006-1475
XF: linux-fillwritebuffer-...
UBUNTU: USN-281-1