Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 82141 - Kernel signed types issues (CAN-2005-{0529,0530,0531,0532})
Summary: Kernel signed types issues (CAN-2005-{0529,0530,0531,0532})
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All All
: High major (vote)
Assignee: Gentoo Security
URL: http://www.guninski.com/where_do_you_...
Whiteboard: [linux >=2.6 < 2.6.11]
Keywords:
: 80107 82221 (view as bug list)
Depends on:
Blocks:
 
Reported: 2005-02-15 11:30 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2009-05-03 14:23 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Patch (2.6-82141.patch,7.50 KB, patch)
2005-04-06 13:56 UTC, Tim Yamin (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-02-15 11:30:04 UTC
For full description see the link.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-02-16 06:16:38 UTC
*** Bug 82221 has been marked as a duplicate of this bug. ***
Comment 2 Jakub Moc (RETIRED) gentoo-dev 2005-02-17 01:01:11 UTC
Hmm - some more vulnerabilities... :-(

http://secunia.com/advisories/14295/

- nls_ascii.c buffer overflow (potential crash kernel exploit)
- error in netfilter (potential crash kernel exploit or bypass of firewall rules)
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-02-28 13:21:57 UTC
CANs assigned:
CAN-2005-0529
CAN-2005-0530
CAN-2005-0531
CAN-2005-0532
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2005-03-16 02:25:32 UTC
From Ubuntu's latest:

Georgi Guninski discovered a buffer overflow in the ATM driver. The
atm_get_addr() function does not validate its arguments sufficiently,
which could allow a local attacker to overwrite large portions of
kernel memory by supplying a negative length argument. This could
eventually lead to arbitrary code execution. (CAN-2005-0531)

Georgi Guninski also discovered three other integer comparison
problems in the TTY layer, in the /proc interface and the ReiserFS
driver. However, the previous Ubuntu security update (kernel version
2.6.8.1-16.11) already contained a patch which checks the arguments to
these functions at a higher level and thus prevents these flaws from
being exploited. (CAN-2005-0529, CAN-2005-0530, CAN-2005-0532)
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2005-03-16 02:28:57 UTC
*** Bug 80107 has been marked as a duplicate of this bug. ***
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2005-03-16 03:16:50 UTC
Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all
of these...
Comment 7 Daniel Drake (RETIRED) gentoo-dev 2005-03-16 05:57:57 UTC
gentoo-dev-sources unaffected
Comment 8 Tim Yamin (RETIRED) gentoo-dev 2005-04-06 13:56:52 UTC
Created attachment 55516 [details, diff]
Patch
Comment 9 Tim Yamin (RETIRED) gentoo-dev 2005-04-06 13:58:03 UTC
Everything seems to have been patched or upgraded to 2.6.11; mips-sources branches remain that still need patching so CCing Kumba.
Comment 10 Joshua Kinard gentoo-dev 2005-04-23 22:25:53 UTC
mips-sources fixed.
Comment 11 Robert Paskowitz (RETIRED) gentoo-dev 2005-05-17 16:29:44 UTC
KISS says all done: http://kiss.gentoo.org/dev/viewBug.php?BugID=82141
Comment 12 Tim Yamin (RETIRED) gentoo-dev 2005-05-27 11:38:44 UTC
All fixed, closing bug.