59378 2004-08-04 04:34 0000 sys-kernel/*: file offset pointer handling vulnerability 2004-08-26 04:49:59 0000 1 1 1 Unclassified Gentoo Linux Security unspecified All All RESOLVED FIXED http://isec.pl/vulnerabilities/isec-0016-procleaks.txt A4 [kernel] P2 normal --- 1 carlo@gentoo.org security@gentoo.org gregkh@gentoo.org hanno@gentoo.org hp-cluster@gentoo.org carlo@gentoo.org 2004-08-04 04:34:37 0000 There are two different versions of the file handling API inside recent Linux kernels: the old 32 bit and the new (LFS) 64 bit API. We have identified numerous places, where invalid conversions from 64 bit sized file offsets to 32 bit ones as well as insecure access to the file offset member variable take place. We have found that most of the /proc entries (like /proc/version) leak about one page of unitialized kernel memory and can be exploited to obtain sensitive data. Tested and known to be vulnerable kernel versions are all <= 2.4.26 and <= 2.6.7. All users are encouraged to patch all vulnerable systems as soon as appropriate vendor patches are released. There is no hotfix for this vulnerability. Exploit included. That's fun! :( koon@gentoo.org 2004-08-04 08:15:08 0000 CAN-2004-0415 solar@gentoo.org 2004-08-04 11:43:40 0000 Patched in grsec-sources-2.4.26.2.0-r7.ebuild with http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-2.4.26-CAN-2004-0415.patch Note to other kernel maintainers. This patch is 80k and thus to large for ${FILESDIR} so please use the SRC_URI= plasmaroo@gentoo.org 2004-08-04 12:26:32 0000 Patches for 2.4.{19, 2[0123456]} as well as 2.6.7 are also there at http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/... scox@sig11.org 2004-08-04 13:01:44 0000 hardened-sources patched (2.4.26-r4). kang@gentoo.org 2004-08-04 18:50:55 0000 rsbac-(dev-)sources patched plasmaroo@gentoo.org 2004-08-05 07:17:08 0000 All done, everything should now be patched. The following sources remain, and I'm adding their maintainers to the CC list: gentoo-dev-sources: Adding gregkh... hardened-dev-sources: hardened@gentoo.org is already on the list... hppa-(dev-)sources: Adding GMSoft... mips-sources: Adding `Kumba... openmosix-sources: Adding cluster herd... {ppc, pegasos(dev-)}-sources: Adding dholm... sparc-sources: Adding Joker... selinux-sources: Ading pebenito... voxus@gentoo.org 2004-08-05 08:13:41 0000 openmosix-sources patched kumba@gentoo.org 2004-08-05 22:04:37 0000 mips-sources fixed. gregkh@gentoo.org 2004-08-06 17:11:51 0000 gentoo-dev-sources fixed in release 2.6.7-r12 tseng@gentoo.org 2004-08-06 18:45:02 0000 Fixed in hardened-dev-sources. dholm@gentoo.org 2004-08-08 04:13:03 0000 ppc-sources, pegasos-sources, and pegasos-dev-sources have been fixed. solar@gentoo.org 2004-08-08 08:53:08 0000 Removing hardened@ but leaving pebenito@ on the list for selinux-sources gmsoft@gentoo.org 2004-08-09 16:33:22 0000 Fixed on hppa. gustavoz@gentoo.org 2004-08-12 05:48:26 0000 sparc-sources-2.4.27 is out and stable courtesy of Joker, fixed. Joker: i'm just removing sparc@ from this, feel free to remove yourself. joker@gentoo.org 2004-08-12 09:25:01 0000 sparc-sources-2.4.27 released pebenito@gentoo.org 2004-08-13 20:11:30 0000 selinux-src fixed plasmaroo@gentoo.org 2004-08-26 04:49:59 0000 GLSA 200408-24.