Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 72317 - Kernel: AF_UNIX Arbitrary Kernel Memory Modification (CAN-2004-{1068,1069})
Summary: Kernel: AF_UNIX Arbitrary Kernel Memory Modification (CAN-2004-{1068,1069})
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.securityfocus.com/bid/11715/
Whiteboard: [linux <2.4.28] [linux >=2.6 <2.6.10]
Keywords:
Depends on:
Blocks:
 
Reported: 2004-11-23 23:51 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2009-07-13 19:28 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---
plasmaroo: Assigned_To? (plasmaroo)

Attachments
2.4 Patch (linux-2.4.27-AF_UNIX.patch,515 bytes, patch)
2004-11-24 08:25 UTC, Tim Yamin (RETIRED) 		no flags Details | Diff
2.6 Patch (linux-2.6.9-AF_UNIX.patch,469 bytes, patch)
2004-11-28 03:45 UTC, Tim Yamin (RETIRED) 		no flags Details | Diff
Extra 2.6 Patch for CAN-2004-1069 (linux-2.6-AF_UNIX.SELinux.patch,1.72 KB, patch)
2004-12-19 10:38 UTC, Tim Yamin (RETIRED) 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-11-23 23:51:59 UTC 
Only affects <2.4.28.
Comment 1 Tim Yamin (RETIRED) gentoo-dev 2004-11-24 08:25:55 UTC 
Created attachment 44640 [details, diff]
2.4 Patch
Comment 2 Guy Martin (RETIRED) gentoo-dev 2004-11-24 09:39:48 UTC 
hppa-sources done.
Comment 3 solar (RETIRED) gentoo-dev 2004-11-24 10:24:37 UTC 
scox if you can't bump hardened-sources to 2.4.28 then please add this patch.
Comment 4 Tim Yamin (RETIRED) gentoo-dev 2004-11-28 03:45:36 UTC 
Created attachment 44854 [details, diff]
2.6 Patch
Comment 5 Adam Mondl (RETIRED) gentoo-dev 2004-11-28 11:52:08 UTC 
hardened-sources-2.4.28 ~arch in tree
Comment 6 Tim Yamin (RETIRED) gentoo-dev 2004-12-01 11:55:58 UTC 
Ok, all done. Following externally maintained sources need patching:

gentoo-dev-sources - Adding dsd...
hardened-dev-sources - Adding hardened herd...
hppa-dev-sources - Adding GMSoft...
mips-sources - Adding Kumba...
openmosix-sources - Adding cluster herd...
pegasos-dev-sources - Adding dholm...
rsbac-dev-sources - Adding kang...
Comment 7 Adam Mondl (RETIRED) gentoo-dev 2004-12-01 13:54:44 UTC 
Fixed in stable hardened-dev-sources-r16
Comment 8 Joshua Kinard gentoo-dev 2004-12-01 20:52:22 UTC 
mips-sources fixed.
Comment 9 Daniel Drake (RETIRED) gentoo-dev 2004-12-02 07:43:11 UTC 
gentoo-dev-sources done
Comment 10 Guillaume Destuynder (RETIRED) gentoo-dev 2004-12-02 10:56:55 UTC 
rsbac-dev-sources: fixed.
Comment 11 Konstantin Arkhipov (RETIRED) gentoo-dev 2004-12-02 11:55:42 UTC 
done for oM-sources.
Comment 12 David Holm (RETIRED) gentoo-dev 2004-12-04 05:49:12 UTC 
pegasos-dev-sources fixed
Comment 13 Guy Martin (RETIRED) gentoo-dev 2004-12-08 09:11:23 UTC 
hppa-dev-sources done.
Comment 14 Thierry Carrez (RETIRED) gentoo-dev 2004-12-15 02:54:09 UTC 
---------------snip-----------------
CAN-2004-1068:

A race condition was discovered in the handling of AF_UNIX network packets.
This reportedly allowed local users to modify arbitrary kernel memory,
facilitating privilege escalation, or possibly allowing code execution in the
context of the kernel.

CAN-2004-1069:

Ross Kendall Axe discovered a possible kernel panic (causing a Denial of
Service) while sending AF_UNIX network packages if the kernel options
CONFIG_SECURITY_NETWORK and CONFIG_SECURITY_SELINUX are enabled.
---------------snip--------------

Does our patches also cover the SELinux-specific problem (-1069) ?
Comment 15 Daniel Drake (RETIRED) gentoo-dev 2004-12-15 08:27:10 UTC 
Doubtful.. Perhaps this patch is it?
http://linux.bkbits.net:8080/linux-2.6/cset@1.2055.4.76
http://linux.bkbits.net:8080/linux-2.6/cset@1.2055.40.68
Comment 16 Tim Yamin (RETIRED) gentoo-dev 2004-12-19 10:38:40 UTC 
Created attachment 46357 [details, diff]
Extra 2.6 Patch for CAN-2004-1069
Comment 17 Tim Yamin (RETIRED) gentoo-dev 2004-12-19 10:41:58 UTC 
*** IMPORTANT *** The following maintainers need to add also the CAN-2004-1069 patch on this bug. Please note that CAN-2004-1069 only applies to 2.6...

gentoo-dev-sources - dsd, please patch...
hardened-dev-sources - hardened herd, please patch...
hppa-dev-sources - Adding GMSoft...
mips-sources - Adding Kumba...
pegasos-dev-sources - Adding dholm...
rsbac-dev-sources - kang, please patch...
Comment 18 Guillaume Destuynder (RETIRED) gentoo-dev 2004-12-19 15:52:36 UTC 
rsbac-dev-sources: fixed for CAN-2004-1069.
Comment 19 Adam Mondl (RETIRED) gentoo-dev 2004-12-24 16:59:46 UTC 
hardened-dev-sources-r18 has CAN-2004-1069 patch added
Comment 20 Daniel Drake (RETIRED) gentoo-dev 2004-12-24 19:25:12 UTC 
gentoo-dev-sources done
Comment 21 David Holm (RETIRED) gentoo-dev 2004-12-25 05:30:40 UTC 
pegasos-dev-sources fixed
Comment 22 Joshua Kinard gentoo-dev 2005-01-05 21:21:15 UTC 
mips-sources fixed.
Comment 23 Guy Martin (RETIRED) gentoo-dev 2005-01-08 17:43:52 UTC 
hppa-sources-2.6.10 isn't affected by this one. (patch say it's already applied)
Comment 24 Tim Yamin (RETIRED) gentoo-dev 2005-01-15 14:41:37 UTC 
All kernels fixed, closing bug; notifications are being migrated away from GLSAs for kernels, more news coming soon so stay tuned :-]