Gentoo Bug 86638 - af_bluetooth local root exploit (CAN-2005-0750)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	86638
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
CAN-2005-0750.patch	CAN-2005-0750.patch	patch	Sune Kloppenborg Jeppesen	2005-03-25 04:25 0000	719 bytes	Details \| Diff
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 86638 depends on:			Show dependency tree Show dependency graph
Bug 86638 blocks:			Show dependency tree Show dependency graph

Additional Comments: (this is where you put emerge --info)

Add to CC list

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2005-03-25 04:25 0000

there is a local root exploit by integer underflow in the bluetooth handling,
triggerable by any user if you have bluetooth modules installed.

(I think using socket(AF_BLUETOOTH, -index, x); )

Marcel has posted below patch, I am not sure which bk tree that is it is
however.

CAN-2005-0750 as by Mark J Cox.

An actual exploit supposedly exist already.

------- Comment #1 From Sune Kloppenborg Jeppesen 2005-03-25 04:25:50 0000 -------

Created an attachment (id=54428) [edit]
CAN-2005-0750.patch

------- Comment #2 From Thierry Carrez (RETIRED) 2005-03-26 09:07:03 0000 -------

Patch posted in BK tree. New kernel release should follow.

------- Comment #3 From Thierry Carrez (RETIRED) 2005-03-26 09:18:04 0000 -------

Fixed in vanilla 2.6.11.6
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6

------- Comment #4 From Joshua Kinard 2005-04-23 22:28:18 0000 -------

mips-sources fixed.

------- Comment #5 From Daniel Drake 2005-04-27 13:43:23 0000 -------

Fixed in gentoo-sources-2.6.11-r6

------- Comment #6 From Robert Paskowitz (RETIRED) 2005-05-17 16:34:00 0000 -------

Another that can probably be closed now.
http://kiss.gentoo.org/dev/viewBug.php?BugID=86638

------- Comment #7 From Thierry Carrez (RETIRED) 2005-05-23 04:56:47 0000 -------

*** Bug 87901 has been marked as a duplicate of this bug. ***

------- Comment #8 From Thierry Carrez (RETIRED) 2005-05-23 04:59:04 0000 -------

This also affects the 2.4 series.

From solar :
grsec-sources-2.4.30 is in the tree as ~arch.

Note for other bumpers of 2.4.x series.
CAN-2004-1056.patch and linux-2.4.28-random-poolsize.patch have never 
been applied to mainline.

------- Comment #9 From Tim Yamin (RETIRED) 2005-08-20 11:22:34 0000 -------

rsbac-sources affected.

------- Comment #10 From Tim Yamin (RETIRED) 2005-11-26 02:34:57 0000 -------

All fixed, closing.

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 86638

af_bluetooth local root exploit (CAN-2005-0750)

Last modified: 2005-11-26 02:34:57 0000