Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 116486
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Thierry Carrez (RETIRED) <koon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 116486 depends on: Show dependency tree
Bug 116486 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-12-23 05:42 0000 
From Ubuntu's USN-231-1

An integer overflow was discovered in the
invalidate_inode_pages2_range() function. By issuing 64-bit mmap calls
on a 32 bit system, a local user could exploit this to crash the
machine, thereby causing Denial of Service. This flaw does not affect
the amd64 platform, and does only affect Ubuntu 5.10. (CVE-2005-3808)

Ollie Wild discovered a memory leak in the icmp_push_reply() function.
By sending a large amount of specially crafted packets, a remote
attacker could exploit this to drain all memory, which eventually
leads to a Denial of Service. (CVE-2005-3848)

Chris Wrigth found a Denial of Service vulnerability in the
time_out_leases() function. By allocating a large number of VFS file
lock leases and having them timeout at the same time, a large number
of 'printk' debugging statements was generated at the same time, which
could exhaust kernel memory. (CVE-2005-3857)

Patrick McHardy discovered a memory leak in the ip6_input_finish()
function. A remote attacker could exploit this by sending specially
crafted IPv6 packets, which would eventually drain all available
kernel memory, thus causing a Denial of Service. (CVE-2005-3858)

------- Comment #1 From Tim Yamin (RETIRED) 2005-12-23 17:24:44 0000 ------- 
Patches:

invalidate_inode_pages2_range issue:
http://www.kernel.org/hg/linux-2.6/?cs=6d5ffbb49406

icmp_push_reply issue:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=cb94c62c252796f42bb83fe40960d12f3ea5a82a;hp=22783649568a28839c5a362f47da7819ecfcbb9f

time_out_leases:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ed0175a462c4c30f6df6fac1cccac058f997739

CVE-2005-3858 affects < 2.6.13; patch:
http://marc.theaimsgroup.com/?l=linux-kernel&m=112508479120081&w=2

------- Comment #2 From Tim Yamin (RETIRED) 2006-01-02 16:11:42 0000 ------- 
invalidate_inode_pages2_range issue: 2.6.14.4
icmp_push_reply issue: 2.6.14
time_out_leases: 2.6.14.3

------- Comment #3 From Tim Yamin (RETIRED) 2006-01-02 16:23:08 0000 ------- 
Adding maintainers:

ck-sources: marineam
hppa-sources: GMSoft
mips-sources-2.6.13: Kumba
rsbac-sources: kang
sh-sources: sh herd
xbox-sources: gimli

------- Comment #4 From SpanKY 2006-01-02 16:25:12 0000 ------- 
feel free to update sh-sources as you wish ... just grab me if the mega sh
patch stops applying after you do

------- Comment #5 From Micheal Marineau 2006-01-05 12:09:19 0000 ------- 
ck-sources already includes 2.6.14.5

------- Comment #6 From Guy Martin 2006-01-07 03:11:02 0000 ------- 
Fixed on hppa in hppa-sources-2.6.15_p1.

------- Comment #7 From Tim Yamin (RETIRED) 2006-01-15 06:40:44 0000 ------- 
*** Bug 114230 has been marked as a duplicate of this bug. ***

------- Comment #8 From Tim Yamin (RETIRED) 2006-04-15 12:02:58 0000 ------- 
All fixed now, resolving bug.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug