First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 139321
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 139321 depends on: Show dependency tree
Show dependency graph
Bug 139321 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-07-05 08:17 0000 
reading through drivers/cdrom/cdrom.c:dvd_read_bca() shows a potential 
bufferoverflow. 

buf[4+188] is allocated on the stack, however cgc.cmd[9] and cgc.buflen are 
set to 255. 

This can be exploited by a custom made USB Storage device and used 
for local privilege escalation. (aka plug-in this usb device to get root). 
Steps to reproduce: 
review the function for buffer overflow again.

------- Comment #1 From Tim Yamin (RETIRED) 2006-07-15 06:45:19 0000 ------- 
Patch:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=454d6fbc48374be8f53b9bafaa86530cf8eb3bc1;hp=5d8b2ebfa298ec4e6d9fa43e60fb013e8cd963aa

------- Comment #2 From Tim Yamin (RETIRED) 2006-08-08 14:53:10 0000 ------- 
Adding non-genpatches maintainers:

sh-sources-2.6: sh
xbox-sources-2.6: chrb
xen-sources-2.6: chrb, agriffis

------- Comment #3 From Tuan Van (RETIRED) 2006-08-09 11:43:31 0000 ------- 
does anyone know if upstream going to release another 2.6.16.x? I think
xen-sources still based on 2.6.16 series.

------- Comment #4 From Andrew Ross (RETIRED) 2006-08-25 23:26:26 0000 ------- 
xen-sources bumped to 2.6.16.26-r1 with patch from comment #2

------- Comment #5 From Tim Yamin (RETIRED) 2006-09-02 16:59:53 0000 ------- 
rsbac-sources-2.6: Please bump to 2.6.17 or add patch
usermode-sources-2.6: Please bump to 2.6.17 or add patch

------- Comment #6 From Harlan Lieberman-Berg (RETIRED) 2006-09-02 19:45:48 0000 ------- 
Naughty naughty, someone forgot to set status to ASSIGNED.

------- Comment #7 From Daniel Gryniewicz 2006-09-06 16:49:44 0000 ------- 
usermode-sources-2.6.16-r5 added.

------- Comment #8 From Harlan Lieberman-Berg (RETIRED) 2006-11-01 19:03:33 0000 ------- 
RSBAC, SH, you are still vulnerable. Please patch or bump past 2.6.17

------- Comment #9 From Guillaume Destuynder (RETIRED) 2006-11-09 06:39:52 0000 ------- 
rsbac-sources bumped to 2.6.18 in ~

------- Comment #10 From Harlan Lieberman-Berg (RETIRED) 2006-11-09 18:28:18 0000 ------- 
SH Sources no longer covered by Gentoo Security. Closing bug.
First Last Prev Next    No search results available      Search page      Enter new bug