88740 – Kernel: sysfs_write_file() integer overflow (CAN-2005-0867)

Bug 88740 - Kernel: sysfs_write_file() integer overflow (CAN-2005-0867)

Summary: Kernel: sysfs_write_file() integer overflow (CAN-2005-0867)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	[linux >=2.6 < 2.6.11]
Keywords:

Depends on:
Blocks:

Reported:	2005-04-11 09:07 UTC by Thierry Carrez (RETIRED)
Modified:	2009-05-03 14:31 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Patch (88740.patch,742 bytes, patch) 2005-04-15 15:00 UTC, Tim Yamin (RETIRED)	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thierry Carrez (RETIRED) gentoo-dev

2005-04-11 09:07:02 UTC

From Ubuntu's latest:

Alexander Nyberg discovered an integer overflow in the sysfs_write_file() function. A local attacker could exploit this to crash the kernel or possibly even execute arbitrary code with root privileges by writing to an user-writable file in /sys under certain low-memory conditions. However, there are very few cases where a user-writeable sysfs file actually exists. (CAN-2005-0867)

Comment 1 Tim Yamin (RETIRED) gentoo-dev

2005-04-15 15:00:14 UTC

Created attachment 56386 [details, diff]
Patch

Comment 2 Joshua Kinard gentoo-dev

2005-04-23 22:29:40 UTC

mips-sources fixed.

Comment 3 Daniel Drake (RETIRED) gentoo-dev

2005-04-27 13:46:49 UTC

gentoo-sources-2.6 unaffected

Comment 4 Robert Paskowitz (RETIRED) gentoo-dev

2005-05-17 16:41:14 UTC

Should be all fixed. http://kiss.gentoo.org/dev/viewBug.php?BugID=88740

Comment 5 Tim Yamin (RETIRED) gentoo-dev

2005-05-27 11:41:21 UTC

All fixed, closing bug.