CVE reference: CAN-2005-0736 Description: Georgi Guninski has reported a potential vulnerability in the Linux kernel, which may be exploited by malicious people to gain escalated privileges. The vulnerability is caused due to an integer overflow in the "sys_epoll_wait()" function and can be exploited to cause a buffer overflow overwriting low kernel memory. Successful exploitation may potentially allow execution of arbitrary code with escalated privileges. However, few applications reportedly use the affected part of the kernel memory space. The vulnerability has been reported in versions 2.6 through 2.6.11. Solution: Update to version 2.6.11.2 or later. http://kernel.org/ Original Advisory: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.2
hardened-dev-sources-2.6.11-r1 is marked stable with .11.2 (base)
From Ubuntu's latest: Georgi Guninski discovered an integer overflow in the sys_epoll_wait() function which allowed local users to overwrite the first few kB of physical memory. However, very few applications actually use this space (dosemu is a notable exception), but potentially this could lead to privilege escalation. (CAN-2005-0736)
Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all of these...
Fixed in gentoo-dev-sources-2.6.11-r4
mips-sources fixed.
Fixed in usermode-sources-2.6.11
Fixed in ck-sources-2.6.11-r7
All fixed, closing bug.