65371 – (CVE-2005-0177) VUL-0: CVE-2005-0177: kernel: buffer overflow in nls_ascii

Bug 65371 (CVE-2005-0177) - VUL-0: CVE-2005-0177: kernel: buffer overflow in nls_ascii

Summary: VUL-0: CVE-2005-0177: kernel: buffer overflow in nls_ascii

Status:	RESOLVED FIXED

Alias:	CVE-2005-0177

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	All Linux

Priority:	P3 - Medium Severity: Minor
Target Milestone:	---
Assignee:	Marcus Meissner
QA Contact:	Security Team bot

URL:
Whiteboard:	CVE-2005-0177: CVSS v2 Base Score: 7....
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-02-01 17:22 UTC by Marcus Meissner
Modified:	2021-11-10 14:46 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
ascii-nlstable-overflow (2.11 KB, patch) 2005-02-01 17:26 UTC, Marcus Meissner	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2005-02-01 17:22:18 UTC

20050110 nls_ascii incorrect table size                                          
        OGAWA Hirofumi noticed that the table sizes in nls_ascii.c were                 
incorrectly set to 128 instead of 256 and that it could lead to a        
        denial of service (oops).                                                
                                                                                 
        Patch is available from upstream:                                        
                                                                                 
+http://linux.bkbits.net:8080/linux-2.6/cset@41e2bfbeOiXFga62XrBhzm7Kv9QDmQ             
also included in patch from Alan, 2.6.10-ac9

Comment 1 Marcus Meissner 2005-02-01 17:22:18 UTC

<!-- SBZ_reproduce  -->
n/a

Comment 2 Marcus Meissner 2005-02-01 17:22:41 UTC

minor issue. 
 
CAN-2005-0177

Comment 3 Marcus Meissner 2005-02-01 17:26:00 UTC

Created attachment 28089 [details]
ascii-nlstable-overflow

Comment 4 Hubert Mantel 2005-03-11 10:13:15 UTC

9.2 is the only distribution affected by this problem. Older kernels (such as
2.6.5 as used in SLES9) did not have this feature. Fix applied to 9.2 kernel tree.

Comment 5 Marcus Meissner 2005-03-14 16:51:35 UTC

thanks!

Comment 6 Marcus Meissner 2005-03-24 17:22:46 UTC

updates released

Comment 7 Thomas Biege 2009-10-13 21:02:21 UTC

CVE-2005-0177: CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)