Bug 65371 (CVE-2005-0177)

Summary: VUL-0: CVE-2005-0177: kernel: buffer overflow in nls_ascii
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Marcus Meissner <meissner>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2005-0177: CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: ascii-nlstable-overflow

Description Marcus Meissner 2005-02-01 17:22:18 UTC 
20050110 nls_ascii incorrect table size                                          
        OGAWA Hirofumi noticed that the table sizes in nls_ascii.c were                 
incorrectly set to 128 instead of 256 and that it could lead to a        
        denial of service (oops).                                                
                                                                                 
        Patch is available from upstream:                                        
                                                                                 
+http://linux.bkbits.net:8080/linux-2.6/cset@41e2bfbeOiXFga62XrBhzm7Kv9QDmQ             
also included in patch from Alan, 2.6.10-ac9
Comment 1 Marcus Meissner 2005-02-01 17:22:18 UTC 
<!-- SBZ_reproduce  -->
n/a
Comment 2 Marcus Meissner 2005-02-01 17:22:41 UTC 
minor issue. 
 
CAN-2005-0177
Comment 3 Marcus Meissner 2005-02-01 17:26:00 UTC 
Created attachment 28089 [details]
ascii-nlstable-overflow
Comment 4 Hubert Mantel 2005-03-11 10:13:15 UTC 
9.2 is the only distribution affected by this problem. Older kernels (such as
2.6.5 as used in SLES9) did not have this feature. Fix applied to 9.2 kernel tree.
Comment 5 Marcus Meissner 2005-03-14 16:51:35 UTC 
thanks!
Comment 6 Marcus Meissner 2005-03-24 17:22:46 UTC 
updates released
Comment 7 Thomas Biege 2009-10-13 21:02:21 UTC 
CVE-2005-0177: CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)