86783 2005-03-26 09:22 0000 Kernel: Potential DOS in load_elf_library (CAN-2005-0749) 2009-05-03 15:05:38 0000 1 1 1 Unclassified Gentoo Security Kernel unspecified All All RESOLVED FIXED [linux < 2.4.30] [linux >= 2.6 < 2.6.11.6] P2 minor --- 1 koon@gentoo.org security@gentoo.org kern-sec@gentoo.org koon@gentoo.org 2005-03-26 09:22:57 0000 Fixed in vanilla 2.6.11.6 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6 Potential DOS in load_elf_library Yichen Xie <yxie@cs.stanford.edu> points out that load_elf_library can modify `elf_phdata' before freeing it. CAN-2005-0749 is assigned to this issue. kumba@gentoo.org 2005-04-23 22:28:16 0000 mips-sources fixed. dsd@gentoo.org 2005-04-27 13:43:41 0000 Fixed in gentoo-sources-2.6.11-r6 dsd@gentoo.org 2005-04-29 17:39:21 0000 Fixed in usermode-sources-2.6.11 lorenzo@gnu.org 2005-05-04 13:29:06 0000 Created an attachment (id=58065) Clean (fix) patch. I'll add it to the gentoo-sources patchset and post a new ebuild and patchball to: http://pearls.tuxedo-es.org/gentoo/hardened/kernel/ lorenzo@gnu.org 2005-05-05 06:03:48 0000 Updated hardened-sources patchset to fix CAN-2005-0749: http://pearls.tuxedo-es.org/gentoo/hardened/kernel/ Cheers, Lorenzo. dsd@gentoo.org 2005-05-10 15:32:56 0000 Fixed in ck-sources-2.6.11-r7 koon@gentoo.org 2005-05-23 04:58:32 0000 This also affects the 2.4 series. From solar : grsec-sources-2.4.30 is in the tree as ~arch. Note for other bumpers of 2.4.x series. CAN-2004-1056.patch and linux-2.4.28-random-poolsize.patch have never been applied to mainline. plasmaroo@gentoo.org 2005-08-20 11:45:57 0000 All fixed, closing bug. 58065 2005-05-04 13:29 0000 Clean (fix) patch. CAN-2005-0749.patch text/plain LS0tIDI1L2ZzL2JpbmZtdF9lbGYuY35sb2FkX2VsZl9iaW5hcnkta2ZyZWUtZml4CTIwMDUtMDMt MTggMDE6MDA6NDkuMDAwMDAwMDAwIC0wODAwCisrKyAyNS1ha3BtL2ZzL2JpbmZtdF9lbGYuYwky MDA1LTAzLTE4IDAxOjAzOjE0LjAwMDAwMDAwMCAtMDgwMApAQCAtMTAyOCw2ICsxMDI4LDcgQEAg b3V0X2ZyZWVfcGg6CiBzdGF0aWMgaW50IGxvYWRfZWxmX2xpYnJhcnkoc3RydWN0IGZpbGUgKmZp bGUpCiB7CiAJc3RydWN0IGVsZl9waGRyICplbGZfcGhkYXRhOworCXN0cnVjdCBlbGZfcGhkciAq ZXBwbnQ7CiAJdW5zaWduZWQgbG9uZyBlbGZfYnNzLCBic3MsIGxlbjsKIAlpbnQgcmV0dmFsLCBl cnJvciwgaSwgajsKIAlzdHJ1Y3QgZWxmaGRyIGVsZl9leDsKQEAgLTEwNTEsNDQgKzEwNTIsNDcg QEAgc3RhdGljIGludCBsb2FkX2VsZl9saWJyYXJ5KHN0cnVjdCBmaWxlIAogCS8qIGogPCBFTEZf TUlOX0FMSUdOIGJlY2F1c2UgZWxmX2V4LmVfcGhudW0gPD0gMiAqLwogCiAJZXJyb3IgPSAtRU5P TUVNOwotCWVsZl9waGRhdGEgPSAoc3RydWN0IGVsZl9waGRyICopIGttYWxsb2MoaiwgR0ZQX0tF Uk5FTCk7CisJZWxmX3BoZGF0YSA9IGttYWxsb2MoaiwgR0ZQX0tFUk5FTCk7CiAJaWYgKCFlbGZf cGhkYXRhKQogCQlnb3RvIG91dDsKIAorCWVwcG50ID0gZWxmX3BoZGF0YTsKIAllcnJvciA9IC1F Tk9FWEVDOwotCXJldHZhbCA9IGtlcm5lbF9yZWFkKGZpbGUsIGVsZl9leC5lX3Bob2ZmLCAoY2hh ciAqKSBlbGZfcGhkYXRhLCBqKTsKKwlyZXR2YWwgPSBrZXJuZWxfcmVhZChmaWxlLCBlbGZfZXgu ZV9waG9mZiwgKGNoYXIgKillcHBudCwgaik7CiAJaWYgKHJldHZhbCAhPSBqKQogCQlnb3RvIG91 dF9mcmVlX3BoOwogCiAJZm9yIChqID0gMCwgaSA9IDA7IGk8ZWxmX2V4LmVfcGhudW07IGkrKykK LQkJaWYgKChlbGZfcGhkYXRhICsgaSktPnBfdHlwZSA9PSBQVF9MT0FEKSBqKys7CisJCWlmICgo ZXBwbnQgKyBpKS0+cF90eXBlID09IFBUX0xPQUQpCisJCQlqKys7CiAJaWYgKGogIT0gMSkKIAkJ Z290byBvdXRfZnJlZV9waDsKIAotCXdoaWxlIChlbGZfcGhkYXRhLT5wX3R5cGUgIT0gUFRfTE9B RCkgZWxmX3BoZGF0YSsrOworCXdoaWxlIChlcHBudC0+cF90eXBlICE9IFBUX0xPQUQpCisJCWVw cG50Kys7CiAKIAkvKiBOb3cgdXNlIG1tYXAgdG8gbWFwIHRoZSBsaWJyYXJ5IGludG8gbWVtb3J5 LiAqLwogCWRvd25fd3JpdGUoJmN1cnJlbnQtPm1tLT5tbWFwX3NlbSk7CiAJZXJyb3IgPSBkb19t bWFwKGZpbGUsCi0JCQlFTEZfUEFHRVNUQVJUKGVsZl9waGRhdGEtPnBfdmFkZHIpLAotCQkJKGVs Zl9waGRhdGEtPnBfZmlsZXN6ICsKLQkJCSBFTEZfUEFHRU9GRlNFVChlbGZfcGhkYXRhLT5wX3Zh ZGRyKSksCisJCQlFTEZfUEFHRVNUQVJUKGVwcG50LT5wX3ZhZGRyKSwKKwkJCShlcHBudC0+cF9m aWxlc3ogKworCQkJIEVMRl9QQUdFT0ZGU0VUKGVwcG50LT5wX3ZhZGRyKSksCiAJCQlQUk9UX1JF QUQgfCBQUk9UX1dSSVRFIHwgUFJPVF9FWEVDLAogCQkJTUFQX0ZJWEVEIHwgTUFQX1BSSVZBVEUg fCBNQVBfREVOWVdSSVRFLAotCQkJKGVsZl9waGRhdGEtPnBfb2Zmc2V0IC0KLQkJCSBFTEZfUEFH RU9GRlNFVChlbGZfcGhkYXRhLT5wX3ZhZGRyKSkpOworCQkJKGVwcG50LT5wX29mZnNldCAtCisJ CQkgRUxGX1BBR0VPRkZTRVQoZXBwbnQtPnBfdmFkZHIpKSk7CiAJdXBfd3JpdGUoJmN1cnJlbnQt Pm1tLT5tbWFwX3NlbSk7Ci0JaWYgKGVycm9yICE9IEVMRl9QQUdFU1RBUlQoZWxmX3BoZGF0YS0+ cF92YWRkcikpCisJaWYgKGVycm9yICE9IEVMRl9QQUdFU1RBUlQoZXBwbnQtPnBfdmFkZHIpKQog CQlnb3RvIG91dF9mcmVlX3BoOwogCi0JZWxmX2JzcyA9IGVsZl9waGRhdGEtPnBfdmFkZHIgKyBl bGZfcGhkYXRhLT5wX2ZpbGVzejsKKwllbGZfYnNzID0gZXBwbnQtPnBfdmFkZHIgKyBlcHBudC0+ cF9maWxlc3o7CiAJaWYgKHBhZHplcm8oZWxmX2JzcykpIHsKIAkJZXJyb3IgPSAtRUZBVUxUOwog CQlnb3RvIG91dF9mcmVlX3BoOwogCX0KIAotCWxlbiA9IEVMRl9QQUdFU1RBUlQoZWxmX3BoZGF0 YS0+cF9maWxlc3ogKyBlbGZfcGhkYXRhLT5wX3ZhZGRyICsgRUxGX01JTl9BTElHTiAtIDEpOwot CWJzcyA9IGVsZl9waGRhdGEtPnBfbWVtc3ogKyBlbGZfcGhkYXRhLT5wX3ZhZGRyOworCWxlbiA9 IEVMRl9QQUdFU1RBUlQoZXBwbnQtPnBfZmlsZXN6ICsgZXBwbnQtPnBfdmFkZHIgKyBFTEZfTUlO X0FMSUdOIC0gMSk7CisJYnNzID0gZXBwbnQtPnBfbWVtc3ogKyBlcHBudC0+cF92YWRkcjsKIAlp ZiAoYnNzID4gbGVuKSB7CiAJCWRvd25fd3JpdGUoJmN1cnJlbnQtPm1tLT5tbWFwX3NlbSk7CiAJ CWRvX2JyayhsZW4sIGJzcyAtIGxlbik7Cg==