First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 85385
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Jean-François Brunette (RETIRED) <formula7@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 85385 depends on: Show dependency tree
Show dependency graph
Bug 85385 blocks:

Additional Comments: (this is where you put emerge --info)







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-03-15 11:49 0000 
CVE reference:	CAN-2005-0736

Description:
Georgi Guninski has reported a potential vulnerability in the Linux kernel, which may be exploited by malicious people to gain escalated privileges.

The vulnerability is caused due to an integer overflow in the "sys_epoll_wait()" function and can be exploited to cause a buffer overflow overwriting low kernel memory.

Successful exploitation may potentially allow execution of arbitrary code with escalated privileges. However, few applications reportedly use the affected part of the kernel memory space.

The vulnerability has been reported in versions 2.6 through 2.6.11.

Solution:
Update to version 2.6.11.2 or later.
http://kernel.org/

Original Advisory:
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.2

------- Comment #1 From solar 2005-03-15 12:32:49 0000 ------- 
hardened-dev-sources-2.6.11-r1 is marked stable with .11.2 (base)

------- Comment #2 From Thierry Carrez (RETIRED) 2005-03-16 02:26:15 0000 ------- 
From Ubuntu's latest:

Georgi Guninski discovered an integer overflow in the sys_epoll_wait()
function which allowed local users to overwrite the first few kB of
physical memory. However, very few applications actually use this
space (dosemu is a notable exception), but potentially this could lead
to privilege escalation. (CAN-2005-0736)

------- Comment #3 From Thierry Carrez (RETIRED) 2005-03-16 03:16:37 0000 ------- 
Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all
of these...

------- Comment #4 From Daniel Drake 2005-03-19 06:18:48 0000 ------- 
Fixed in gentoo-dev-sources-2.6.11-r4

------- Comment #5 From Joshua Kinard 2005-04-23 22:26:05 0000 ------- 
mips-sources fixed.

------- Comment #6 From Daniel Drake 2005-04-29 17:40:12 0000 ------- 
Fixed in usermode-sources-2.6.11

------- Comment #7 From Daniel Drake 2005-05-10 15:32:12 0000 ------- 
Fixed in ck-sources-2.6.11-r7

------- Comment #8 From Tim Yamin (RETIRED) 2005-07-26 13:33:34 0000 ------- 
All fixed, closing bug.
First Last Prev Next    No search results available      Search page      Enter new bug