CVE 2008-1673
The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding.
Related bugs and status
CVE-2008-1673 (Candidate) is related to these bugs:
Bug #94186: 3c59x - 10/100 NIC fails to link to gigabit switch
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 94186 | 3c59x - 10/100 NIC fails to link to gigabit switch | linux-source-2.6.20 (Ubuntu) | Undecided | Won't Fix | ||
| 94186 | 3c59x - 10/100 NIC fails to link to gigabit switch | linux-source-2.6.22 (Ubuntu) | Low | Fix Released | ||
| 94186 | 3c59x - 10/100 NIC fails to link to gigabit switch | linux (Ubuntu) | Undecided | Fix Released | ||
Bug #125250: Don't recognise USB Pendrive -> sr0: disc change detected.
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 125250 | Don't recognise USB Pendrive -> sr0: disc change detected. | linux-source-2.6.20 (Ubuntu) | Undecided | Won't Fix | ||
| 125250 | Don't recognise USB Pendrive -> sr0: disc change detected. | linux (Ubuntu) | Medium | Fix Released | ||
| 125250 | Don't recognise USB Pendrive -> sr0: disc change detected. | linux (Ubuntu Hardy) | Medium | Fix Released | ||
| 125250 | Don't recognise USB Pendrive -> sr0: disc change detected. | linux-source-2.6.20 (Ubuntu Hardy) | Undecided | Won't Fix | ||
| 125250 | Don't recognise USB Pendrive -> sr0: disc change detected. | linux (Ubuntu Intrepid) | Medium | Fix Released | ||
| 125250 | Don't recognise USB Pendrive -> sr0: disc change detected. | linux-source-2.6.20 (Ubuntu Intrepid) | Undecided | Invalid | ||
| 125250 | Don't recognise USB Pendrive -> sr0: disc change detected. | linux (Ubuntu Jaunty) | Medium | Fix Released | ||
| 125250 | Don't recognise USB Pendrive -> sr0: disc change detected. | linux-source-2.6.20 (Ubuntu Jaunty) | Undecided | Invalid | ||
Bug #182716: bcm4306, bcm4309, bcm4311, bcm4312 with b43 : Authentication with AP doesn't work.
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 182716 | bcm4306, bcm4309, bcm4311, bcm4312 with b43 : Authentication with AP doesn't work. | linux (Ubuntu) | Medium | Fix Released | ||
| 182716 | bcm4306, bcm4309, bcm4311, bcm4312 with b43 : Authentication with AP doesn't work. | Ubuntu | Undecided | Invalid | ||
| 182716 | bcm4306, bcm4309, bcm4311, bcm4312 with b43 : Authentication with AP doesn't work. | Linux | Undecided | Invalid | ||
| 182716 | bcm4306, bcm4309, bcm4311, bcm4312 with b43 : Authentication with AP doesn't work. | linux (Mandriva) | Undecided | New | ||
| 182716 | bcm4306, bcm4309, bcm4311, bcm4312 with b43 : Authentication with AP doesn't work. | linux-source-2.6.22 (Ubuntu) | Undecided | Won't Fix | ||
| 182716 | bcm4306, bcm4309, bcm4311, bcm4312 with b43 : Authentication with AP doesn't work. | linux (Baltix) | Undecided | New | ||
Bug #185025: Coolermaster Xcraft 360 USB drive fails
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 185025 | Coolermaster Xcraft 360 USB drive fails | linux-source-2.6.15 (Ubuntu) | Low | Fix Released | ||
| 185025 | Coolermaster Xcraft 360 USB drive fails | Linux | Medium | Invalid | ||
Bug #238524: [CVE-2008-1673, CVE-2008-2358] Linux heap overflows potentially leading to remote arbitrary code execution
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 238524 | [CVE-2008-1673, CVE-2008-2358] Linux heap overflows potentially leading to remote arbitrary code execution | linux (Ubuntu) | Undecided | Fix Released | ||
| 238524 | [CVE-2008-1673, CVE-2008-2358] Linux heap overflows potentially leading to remote arbitrary code execution | linux-source-2.6.15 (Ubuntu) | Undecided | Fix Released | ||
| 238524 | [CVE-2008-1673, CVE-2008-2358] Linux heap overflows potentially leading to remote arbitrary code execution | linux-source-2.6.20 (Ubuntu) | Undecided | Fix Released | ||
| 238524 | [CVE-2008-1673, CVE-2008-2358] Linux heap overflows potentially leading to remote arbitrary code execution | linux-source-2.6.22 (Ubuntu) | Undecided | Fix Released | ||
Bug #249340: Gutsy->Hardy upgrade hangs in localedef
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 249340 | Gutsy->Hardy upgrade hangs in localedef | linux-source-2.6.22 (Ubuntu) | High | Fix Released | ||
| 249340 | Gutsy->Hardy upgrade hangs in localedef | linux (Ubuntu) | Undecided | Invalid | ||
| 249340 | Gutsy->Hardy upgrade hangs in localedef | langpack-locales (Ubuntu) | Undecided | Invalid | ||
| 249340 | Gutsy->Hardy upgrade hangs in localedef | linux-source-2.6.15 (Ubuntu) | High | Fix Released | ||
| 249340 | Gutsy->Hardy upgrade hangs in localedef | langpack-locales (Ubuntu Dapper) | Undecided | Invalid | ||
| 249340 | Gutsy->Hardy upgrade hangs in localedef | linux (Ubuntu Dapper) | Undecided | Invalid | ||
| 249340 | Gutsy->Hardy upgrade hangs in localedef | linux-source-2.6.15 (Ubuntu Dapper) | High | Fix Released | ||
| 249340 | Gutsy->Hardy upgrade hangs in localedef | linux-source-2.6.22 (Ubuntu Dapper) | Undecided | Invalid | ||
| 249340 | Gutsy->Hardy upgrade hangs in localedef | langpack-locales (Ubuntu Gutsy) | Undecided | Invalid | ||
| 249340 | Gutsy->Hardy upgrade hangs in localedef | linux (Ubuntu Gutsy) | Undecided | Invalid | ||
| 249340 | Gutsy->Hardy upgrade hangs in localedef | linux-source-2.6.15 (Ubuntu Gutsy) | Undecided | Invalid | ||
| 249340 | Gutsy->Hardy upgrade hangs in localedef | linux-source-2.6.22 (Ubuntu Gutsy) | High | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
