Bug 56479 - sys-kernel/*: fchown may allow unrestricted file groupIDs modifications
|
Bug#:
56479
|
Product: Gentoo Linux
|
Version: unspecified
|
Platform: All
|
|
OS/Version: All
|
Status: RESOLVED
|
Severity: normal
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: koon@gentoo.org
|
|
Component: Security
|
|
|
URL:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0497
|
|
Summary: sys-kernel/*: fchown may allow unrestricted file groupIDs modifications
|
|
Keywords:
|
|
Status Whiteboard: A3 [kernel+]
|
|
Opened: 2004-07-08 12:56 0000
|
From http://xforce.iss.net/xforce/xfdb/16599 :
Linux kernel versions 2.4 and 2.6 could allow a local attacker to mount a remote file system from a vulnerable system and modify files' group IDs, caused by a missing check in the fchown function.
Note: Linux kernel version 2.4 kernel is affected by this vulnerability if the file system is shared via an NFS server.
CAN-2004-0497
Got the patches from upstream.. posting them now.
btw, the issue was in attr code, not really in fchown code.
Both of these fixes have been in {gentoo,hardened}-dev-sources for a bit now.
I dont recall if there was an earlier Gentoo bug, but the SuSE/RH advisories have been around for a bit.
Con added the fixes to -ck5 upstream, so a version bump will close the vuln
there as well. (Bump requested in #56337)
Maybe this is already fixed in most of our sources, I opened this one to check
that all sources are OK with this problem, as it was not listed in the recent
kernel GLSA.
(From update of attachment 35039 [details])
Marking patch as obsolete since the 2.6 one does not have parenthesis issues
and applies fine on 2.4.
(From update of attachment 35040 [details])
Marking patch as obsolete since the 2.6 one does not have parenthesis issues
and applies fine on 2.4.
OK, everything should now be patched. The following sources remain, and I'm
adding their maintainers to the CC list:
grsec-sources: Adding solar.
hardened-sources: Adding hardened herd and scox.
hppa-(dev-)sources: Adding GMSoft.
mips-sources: Adding `Kumba.
openmosix-sources: Adding the cluster herd.
pegasos-(dev-)sources: Adding dholm.
rsbac-(dev-)sources: Adding kang.
selinux-sources: Adding pebenito.
all done for openMosix-sources.
Seems to be done for grsec-sources as well...
yeah twice.
updated revision to grsec-sources-2.4.26.2.0-r6 and added the openmosix-sources.CAN-2004-0497.patch
Still waiting for the following sources to be patched for CAN-2004-0497:
- hardened-sources
- mips-sources [reAdding `Kumba]
- pegasos-(dev-)sources
- rsbac-(dev-)sources
rsbac-(dev-)sources: patched
This was one of those patches I saw in an updated SuSE kernel, but I couldn't
find a description or patch for -0497. Is there a description and/or patch for
-0496 as well (also fixed in the updated SuSE kernel)?
The only reference I can find on -0496 is the SuSE advisory. No description, no
patch. According to CVE description, it is a superset of the Sparse-found
vulnerabilities we already fixed (-0495).
Still waiting for :
- hardened-sources
- mips-sources
- pegasos-(dev-)sources
pegasos(-dev)-sources fixed
Heya, as I said in my ~/.away (http://dev.gentoo.org/devaway/), I don't have
any connection at home at the moment (so no access to CVS).
I could however bring my ssh keys at work tomorrow, if noone else from the
hardened herd can add the patch for me.
GLSA should be updated to reflect the mips-sources fix.
Additionally, development-sources-2.6.8_rc1 should be marked stable on x86, ppc, arm as it is the fixed version...
Readding `Kumba - the 2.6 kernels also need the /proc patch attached to this
bug; and 2.4 needs patching for CAN-2004-0497, but not the /proc issue.
hardened-sources fixed yesterday, before the GLSA went out.
Mips fixed (I hope I'm not missing anything else)
