116486 2005-12-23 05:42 0000 Kernel: various Local DoS (CVE-2005-{3808,3848,3857,3858}) 2009-05-03 15:56:44 0000 1 1 1 Unclassified Gentoo Security Kernel unspecified All Linux RESOLVED FIXED [linux < 2.6.14.4] P2 minor --- 1 koon@gentoo.org security@gentoo.org gimli@gentoo.org kang@gentoo.org kerframil@gmail.com kern-sec@gentoo.org kumba@gentoo.org marineam@gentoo.org koon@gentoo.org 2005-12-23 05:42:04 0000 From Ubuntu's USN-231-1 An integer overflow was discovered in the invalidate_inode_pages2_range() function. By issuing 64-bit mmap calls on a 32 bit system, a local user could exploit this to crash the machine, thereby causing Denial of Service. This flaw does not affect the amd64 platform, and does only affect Ubuntu 5.10. (CVE-2005-3808) Ollie Wild discovered a memory leak in the icmp_push_reply() function. By sending a large amount of specially crafted packets, a remote attacker could exploit this to drain all memory, which eventually leads to a Denial of Service. (CVE-2005-3848) Chris Wrigth found a Denial of Service vulnerability in the time_out_leases() function. By allocating a large number of VFS file lock leases and having them timeout at the same time, a large number of 'printk' debugging statements was generated at the same time, which could exhaust kernel memory. (CVE-2005-3857) Patrick McHardy discovered a memory leak in the ip6_input_finish() function. A remote attacker could exploit this by sending specially crafted IPv6 packets, which would eventually drain all available kernel memory, thus causing a Denial of Service. (CVE-2005-3858) plasmaroo@gentoo.org 2005-12-23 17:24:44 0000 Patches: invalidate_inode_pages2_range issue: http://www.kernel.org/hg/linux-2.6/?cs=6d5ffbb49406 icmp_push_reply issue: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=cb94c62c252796f42bb83fe40960d12f3ea5a82a;hp=22783649568a28839c5a362f47da7819ecfcbb9f time_out_leases: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ed0175a462c4c30f6df6fac1cccac058f997739 CVE-2005-3858 affects < 2.6.13; patch: http://marc.theaimsgroup.com/?l=linux-kernel&m=112508479120081&w=2 plasmaroo@gentoo.org 2006-01-02 16:11:42 0000 invalidate_inode_pages2_range issue: 2.6.14.4 icmp_push_reply issue: 2.6.14 time_out_leases: 2.6.14.3 plasmaroo@gentoo.org 2006-01-02 16:23:08 0000 Adding maintainers: ck-sources: marineam hppa-sources: GMSoft mips-sources-2.6.13: Kumba rsbac-sources: kang sh-sources: sh herd xbox-sources: gimli vapier@gentoo.org 2006-01-02 16:25:12 0000 feel free to update sh-sources as you wish ... just grab me if the mega sh patch stops applying after you do marineam@gentoo.org 2006-01-05 12:09:19 0000 ck-sources already includes 2.6.14.5 gmsoft@gentoo.org 2006-01-07 03:11:02 0000 Fixed on hppa in hppa-sources-2.6.15_p1. plasmaroo@gentoo.org 2006-01-15 06:40:44 0000 *** Bug 114230 has been marked as a duplicate of this bug. *** plasmaroo@gentoo.org 2006-04-15 12:02:58 0000 All fixed now, resolving bug.