Wind River Support Network

HomeOther DownloadsPatch for Security Issue: Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c - CVE-2006-5751 (for Wind River Linux 1.4)

Recommended Type: Patch

Patch for Security Issue: Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c - CVE-2006-5751 (for Wind River Linux 1.4)

Released: Sep 27, 2007 Updated: Sep 27, 2007

Description

Security Issue: Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c - CVE-2006-5751

Vulnerability Summary CVE-2006-5751
Original release date: 12/1/2006
Last revised: 12/8/2006
Source: US-CERT/NIST

Overview:
--------

Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c in the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl request.

Impact:
------
CVSS Severity (version 2.0):
Base score: 7.2 (High)
Impact Subscore: 10.0
Exploitability Subscore: 3.9

Range: Locally exploitable
Authentication: Not required to exploit
Impact Type: Provides administrator access, Allows complete confidentiality, integrity, and availability violation , Allows unauthorized disclosure of information , Allows disruption of service IDENTIFIER = WIND00101199PNELE1.4

Product Version

Linux Platforms 1.x

Downloads

WIND00097159.zip

Installation Notes

Installation Instructions:
--------------------------

1. Copy the patch zip file to your /updates directory
2. Unzip the patch file
3. Go to your /updates/ directory
4. Run setup_linux and install the patch
5. This is a source patch so you will have to rebuild the kernel to apply the patch.