Gentoo Bug 158792 - Kernel: settimeofday() let certain local users set the time backwards (CVE-2005-4352)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	158792
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Daniel Drake <dsd@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 158792 depends on:			Show dependency tree
Bug 158792 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2006-12-21 19:06 0000

A local user with securelevel permissions greater than "1" can invoke
settimeofday() to cause the clock time to wrap to "Fri Dec 13 20:45:52 UTC
1901" which then allows the user to set any time value. As a result, the local
user can move the time backwards.

------- Comment #1 From Daniel Drake 2006-12-23 08:03:28 0000 -------

Fixed in:
 Linux 2.6.18.3
 genpatches-2.6.18-4
 gentoo-sources-2.6.18-r3

------- Comment #2 From Harlan Lieberman-Berg (RETIRED) 2006-12-26 20:01:23 0000 -------

rsbac-sources: Kang, please bump to 2.6.18.3.
systrace-sources: Lcars, please bump to 2.6.18.3
usermode-sources: Dang, please bump to 2.6.18.3
xen-sources: Someone ( ;) ), please bump to 2.6.18.3

------- Comment #3 From Daniel Gryniewicz 2007-01-02 19:59:59 0000 -------

usermode-sources-2.6.18-r1 added.

------- Comment #4 From Guillaume Destuynder (RETIRED) 2007-01-12 13:43:42 0000 -------

rsbac-sources-2.6.19 is in cvs (~arch)

------- Comment #5 From Andrew Ross (RETIRED) 2007-01-27 06:02:22 0000 -------

Thanks, this is fixed in xen-sources-2.6.16.28-r2, which will hit the tree in a
few hours (just waiting for the mirrors to update before I commit the ebuild).

------- Comment #6 From Harlan Lieberman-Berg (RETIRED) 2007-01-30 01:28:41 0000 -------

All fixed.

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 158792

Kernel: settimeofday() let certain local users set the time backwards (CVE-2005-4352)

Last modified: 2009-07-11 10:10:28 0000