72317 2004-11-23 23:51 0000 Kernel: AF_UNIX Arbitrary Kernel Memory Modification (CAN-2004-{1068,1069}) 2009-07-13 19:28:26 0000 1 1 1 Unclassified Gentoo Security Kernel unspecified All All RESOLVED FIXED http://www.securityfocus.com/bid/11715/ [linux <2.4.28] [linux >=2.6 <2.6.10] P2 normal --- 1 jaervosz@gentoo.org security@gentoo.org hardened-kernel@gentoo.org kang@gentoo.org scox@sig11.org jaervosz@gentoo.org 2004-11-23 23:51:59 0000 Only affects <2.4.28. plasmaroo@gentoo.org 2004-11-24 08:25:55 0000 Created an attachment (id=44640) Patch gmsoft@gentoo.org 2004-11-24 09:39:48 0000 hppa-sources done. solar@gentoo.org 2004-11-24 10:24:37 0000 scox if you can't bump hardened-sources to 2.4.28 then please add this patch. plasmaroo@gentoo.org 2004-11-28 03:45:36 0000 Created an attachment (id=44854) 2.6 Patch tocharian@gentoo.org 2004-11-28 11:52:08 0000 hardened-sources-2.4.28 ~arch in tree plasmaroo@gentoo.org 2004-12-01 11:55:58 0000 Ok, all done. Following externally maintained sources need patching: gentoo-dev-sources - Adding dsd... hardened-dev-sources - Adding hardened herd... hppa-dev-sources - Adding GMSoft... mips-sources - Adding Kumba... openmosix-sources - Adding cluster herd... pegasos-dev-sources - Adding dholm... rsbac-dev-sources - Adding kang... tocharian@gentoo.org 2004-12-01 13:54:44 0000 Fixed in stable hardened-dev-sources-r16 kumba@gentoo.org 2004-12-01 20:52:22 0000 mips-sources fixed. dsd@gentoo.org 2004-12-02 07:43:11 0000 gentoo-dev-sources done kang@gentoo.org 2004-12-02 10:56:55 0000 rsbac-dev-sources: fixed. voxus@gentoo.org 2004-12-02 11:55:42 0000 done for oM-sources. dholm@gentoo.org 2004-12-04 05:49:12 0000 pegasos-dev-sources fixed gmsoft@gentoo.org 2004-12-08 09:11:23 0000 hppa-dev-sources done. koon@gentoo.org 2004-12-15 02:54:09 0000 ---------------snip----------------- CAN-2004-1068: A race condition was discovered in the handling of AF_UNIX network packets. This reportedly allowed local users to modify arbitrary kernel memory, facilitating privilege escalation, or possibly allowing code execution in the context of the kernel. CAN-2004-1069: Ross Kendall Axe discovered a possible kernel panic (causing a Denial of Service) while sending AF_UNIX network packages if the kernel options CONFIG_SECURITY_NETWORK and CONFIG_SECURITY_SELINUX are enabled. ---------------snip-------------- Does our patches also cover the SELinux-specific problem (-1069) ? dsd@gentoo.org 2004-12-15 08:27:10 0000 Doubtful.. Perhaps this patch is it? http://linux.bkbits.net:8080/linux-2.6/cset@1.2055.4.76 http://linux.bkbits.net:8080/linux-2.6/cset@1.2055.40.68 plasmaroo@gentoo.org 2004-12-19 10:38:40 0000 Created an attachment (id=46357) Extra 2.6 Patch for CAN-2004-1069 plasmaroo@gentoo.org 2004-12-19 10:41:58 0000 *** IMPORTANT *** The following maintainers need to add also the CAN-2004-1069 patch on this bug. Please note that CAN-2004-1069 only applies to 2.6... gentoo-dev-sources - dsd, please patch... hardened-dev-sources - hardened herd, please patch... hppa-dev-sources - Adding GMSoft... mips-sources - Adding Kumba... pegasos-dev-sources - Adding dholm... rsbac-dev-sources - kang, please patch... kang@gentoo.org 2004-12-19 15:52:36 0000 rsbac-dev-sources: fixed for CAN-2004-1069. tocharian@gentoo.org 2004-12-24 16:59:46 0000 hardened-dev-sources-r18 has CAN-2004-1069 patch added dsd@gentoo.org 2004-12-24 19:25:12 0000 gentoo-dev-sources done dholm@gentoo.org 2004-12-25 05:30:40 0000 pegasos-dev-sources fixed kumba@gentoo.org 2005-01-05 21:21:15 0000 mips-sources fixed. gmsoft@gentoo.org 2005-01-08 17:43:52 0000 hppa-sources-2.6.10 isn't affected by this one. (patch say it's already applied) plasmaroo@gentoo.org 2005-01-15 14:41:37 0000 All kernels fixed, closing bug; notifications are being migrated away from GLSAs for kernels, more news coming soon so stay tuned :-] rbu@gentoo.org 2009-05-03 13:31:02 0000 CAN-2004-1068: http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=bfa523d1df4634ac74e412d0dc3afb9620071d00 CAN-2004-1069: http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=2c6e4a98d34cce702ea5ffcf66fd8c414ee24cf8 44640 2004-11-24 08:25 0000 2.4 Patch linux-2.4.27-AF_UNIX.patch text/plain LS0tIGxpbnV4LTIuNC4yNy9uZXQvdW5peC9hZl91bml4LmMJMjAwNC0xMS0yNCAwODoyMzoyMSAt MDg6MDAKKysrIGxpbnV4LTIuNC4yOC9uZXQvdW5peC9hZl91bml4LmMJMjAwNC0xMS0yNCAwODoy MzoyMSAtMDg6MDAKQEAgLTE0MDMsOSArMTQwMywxMSBAQAogCiAJbXNnLT5tc2dfbmFtZWxlbiA9 IDA7CiAKKwlkb3duKCZzay0+cHJvdGluZm8uYWZfdW5peC5yZWFkc2VtKTsKKwogCXNrYiA9IHNr Yl9yZWN2X2RhdGFncmFtKHNrLCBmbGFncywgbm9ibG9jaywgJmVycik7CiAJaWYgKCFza2IpCi0J CWdvdG8gb3V0OworCQlnb3RvIG91dF91bmxvY2s7CiAKIAl3YWtlX3VwX2ludGVycnVwdGlibGUo JnNrLT5wcm90aW5mby5hZl91bml4LnBlZXJfd2FpdCk7CiAKQEAgLTE0NDksNiArMTQ1MSw4IEBA CiAKIG91dF9mcmVlOgogCXNrYl9mcmVlX2RhdGFncmFtKHNrLHNrYik7CitvdXRfdW5sb2NrOgor CXVwKCZzay0+cHJvdGluZm8uYWZfdW5peC5yZWFkc2VtKTsKIG91dDoKIAlyZXR1cm4gZXJyOwog fQo= 44854 2004-11-28 03:45 0000 2.6 Patch linux-2.6.9-AF_UNIX.patch text/plain LS0tIGxpbnV4LTIuNi45L25ldC91bml4L2FmX3VuaXguYwkyMDA0LTExLTI0IDA4OjIzOjIxIC0w ODowMAorKysgbGludXgtMi42LjkucGxhc21hcm9vL25ldC91bml4L2FmX3VuaXguYwkyMDA0LTEx LTI0IDA4OjIzOjIxIC0wODowMApAQCAtMTUzNSw5ICsxNTM1LDExIEBACiAKIAltc2ctPm1zZ19u YW1lbGVuID0gMDsKIAorCWRvd24oJnUtPnJlYWRzZW0pOworCiAJc2tiID0gc2tiX3JlY3ZfZGF0 YWdyYW0oc2ssIGZsYWdzLCBub2Jsb2NrLCAmZXJyKTsKIAlpZiAoIXNrYikKLQkJZ290byBvdXQ7 CisJCWdvdG8gb3V0X3VubG9jazsKIAogCXdha2VfdXBfaW50ZXJydXB0aWJsZSgmdS0+cGVlcl93 YWl0KTsKIApAQCAtMTU4Nyw2ICsxNTg5LDggQEAKIAogb3V0X2ZyZWU6CiAJc2tiX2ZyZWVfZGF0 YWdyYW0oc2ssc2tiKTsKK291dF91bmxvY2s6CisJdXAoJnUtPnJlYWRzZW0pOwogb3V0OgogCXJl dHVybiBlcnI7CiB9Cg== 46357 2004-12-19 10:38 0000 Extra 2.6 Patch for CAN-2004-1069 linux-2.6-AF_UNIX.SELinux.patch text/plain LS0tIGEvbmV0L3VuaXgvYWZfdW5peC5jCTIwMDQtMTAtMTggMjI6NTQ6MzcuMDAwMDAwMDAwICsw MTAwCisrKyBiL25ldC91bml4L2FmX3VuaXguYwkyMDA0LTEyLTE5IDE4OjMzOjEyLjAwMDAwMDAw MCArMDAwMApAQCAtNDc3LDYgKzQ3Nyw4IEBACiAJCQkgICAgICBzdHJ1Y3QgbXNnaGRyICosIHNp emVfdCwgaW50KTsKIHN0YXRpYyBpbnQgdW5peF9kZ3JhbV9jb25uZWN0KHN0cnVjdCBzb2NrZXQg Kiwgc3RydWN0IHNvY2thZGRyICosCiAJCQkgICAgICBpbnQsIGludCk7CitzdGF0aWMgaW50IHVu aXhfc2VxcGFja2V0X3NlbmRtc2coc3RydWN0IGtpb2NiICosIHN0cnVjdCBzb2NrZXQgKiwKKwkJ CQkgIHN0cnVjdCBtc2doZHIgKiwgc2l6ZV90KTsKIAogc3RhdGljIHN0cnVjdCBwcm90b19vcHMg dW5peF9zdHJlYW1fb3BzID0gewogCS5mYW1pbHkgPQlQRl9VTklYLApAQCAtNTM1LDcgKzUzNyw3 IEBACiAJLnNodXRkb3duID0JdW5peF9zaHV0ZG93biwKIAkuc2V0c29ja29wdCA9CXNvY2tfbm9f c2V0c29ja29wdCwKIAkuZ2V0c29ja29wdCA9CXNvY2tfbm9fZ2V0c29ja29wdCwKLQkuc2VuZG1z ZyA9CXVuaXhfZGdyYW1fc2VuZG1zZywKKwkuc2VuZG1zZyA9CXVuaXhfc2VxcGFja2V0X3NlbmRt c2csCiAJLnJlY3Ztc2cgPQl1bml4X2RncmFtX3JlY3Ztc2csCiAJLm1tYXAgPQkJc29ja19ub19t bWFwLAogCS5zZW5kcGFnZSA9CXNvY2tfbm9fc2VuZHBhZ2UsCkBAIC0xMzY1LDkgKzEzNjcsMTEg QEAKIAlpZiAob3RoZXItPnNrX3NodXRkb3duICYgUkNWX1NIVVRET1dOKQogCQlnb3RvIG91dF91 bmxvY2s7CiAKLQllcnIgPSBzZWN1cml0eV91bml4X21heV9zZW5kKHNrLT5za19zb2NrZXQsIG90 aGVyLT5za19zb2NrZXQpOwotCWlmIChlcnIpCi0JCWdvdG8gb3V0X3VubG9jazsKKwlpZiAoc2st PnNrX3R5cGUgIT0gU09DS19TRVFQQUNLRVQpIHsKKwkJZXJyID0gc2VjdXJpdHlfdW5peF9tYXlf c2VuZChzay0+c2tfc29ja2V0LCBvdGhlci0+c2tfc29ja2V0KTsKKwkJaWYgKGVycikKKwkJCWdv dG8gb3V0X3VubG9jazsKKwl9CiAKIAlpZiAodW5peF9wZWVyKG90aGVyKSAhPSBzayAmJgogCSAg ICAoc2tiX3F1ZXVlX2xlbigmb3RoZXItPnNrX3JlY2VpdmVfcXVldWUpID4KQEAgLTE1MTcsNiAr MTUyMSwyNSBAQAogCXJldHVybiBzZW50ID8gOiBlcnI7CiB9CiAKK3N0YXRpYyBpbnQgdW5peF9z ZXFwYWNrZXRfc2VuZG1zZyhzdHJ1Y3Qga2lvY2IgKmtpb2NiLCBzdHJ1Y3Qgc29ja2V0ICpzb2Nr LAorCQkJCSAgc3RydWN0IG1zZ2hkciAqbXNnLCBzaXplX3QgbGVuKQoreworCWludCBlcnI7CisJ c3RydWN0IHNvY2sgKnNrID0gc29jay0+c2s7CisJCisJZXJyID0gc29ja19lcnJvcihzayk7CisJ aWYgKGVycikKKwkJcmV0dXJuIGVycjsKKworCWlmIChzay0+c2tfc3RhdGUgIT0gVENQX0VTVEFC TElTSEVEKQorCQlyZXR1cm4gLUVOT1RDT05OOworCisJaWYgKG1zZy0+bXNnX25hbWVsZW4pCisJ CW1zZy0+bXNnX25hbWVsZW4gPSAwOworCisJcmV0dXJuIHVuaXhfZGdyYW1fc2VuZG1zZyhraW9j Yiwgc29jaywgbXNnLCBsZW4pOworfQorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAKIHN0YXRpYyB2b2lkIHVuaXhfY29weV9hZGRyKHN0cnVjdCBtc2doZHIgKm1zZywgc3RydWN0 IHNvY2sgKnNrKQogewogCXN0cnVjdCB1bml4X3NvY2sgKnUgPSB1bml4X3NrKHNrKTsK