Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions.
Vector
LOCAL
Complexity
MEDIUM
Authentication
NONE
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL
Linux Kernel 2.6.36 Release Candidate 4
Linux Kernel 2.6.36 Release Candidate 3
Linux Kernel 2.6.36 Release Candidate 2
Linux Kernel 2.6.36 Release Candidate 1
Linux Kernel 2.6.36
Debian GNU/Linux 5.0
Canonical Ubuntu Linux 10.10
Canonical Ubuntu Linux 10.04 LTS
Canonical Ubuntu Linux 9.10
Canonical Ubuntu Linux 9.04
Canonical Ubuntu linux 8.04 ~~lts~~~ (not an official CPE)
Canonical Ubuntu linux 6.06 ~~lts~~~ (not an official CPE)