Bug 72317 - Kernel: AF_UNIX Arbitrary Kernel Memory Modification (CAN-2004-{1068,1069})
Bug#: 72317 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: All Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: jaervosz@gentoo.org
Component: Kernel
URL:  http://www.securityfocus.com/bid/11715/
Summary: Kernel: AF_UNIX Arbitrary Kernel Memory Modification (CAN-2004-{1068,1069})
Keywords:  
Status Whiteboard: [linux <2.4.28] [linux >=2.6 <2.6.10]
Opened: 2004-11-23 23:51 0000
Description:   Opened: 2004-11-23 23:51 0000 
Only affects <2.4.28.

------- Comment #1 From Tim Yamin (RETIRED) 2004-11-24 08:25:55 0000 ------- 
Created an attachment (id=44640) [details]
Patch

------- Comment #2 From Guy Martin 2004-11-24 09:39:48 0000 ------- 
hppa-sources done.

------- Comment #3 From solar 2004-11-24 10:24:37 0000 ------- 
scox if you can't bump hardened-sources to 2.4.28 then please add this patch.

------- Comment #4 From Tim Yamin (RETIRED) 2004-11-28 03:45:36 0000 ------- 
Created an attachment (id=44854) [details]
2.6 Patch

------- Comment #5 From Adam Mondl (RETIRED) 2004-11-28 11:52:08 0000 ------- 
hardened-sources-2.4.28 ~arch in tree

------- Comment #6 From Tim Yamin (RETIRED) 2004-12-01 11:55:58 0000 ------- 
Ok, all done. Following externally maintained sources need patching:

gentoo-dev-sources - Adding dsd...
hardened-dev-sources - Adding hardened herd...
hppa-dev-sources - Adding GMSoft...
mips-sources - Adding Kumba...
openmosix-sources - Adding cluster herd...
pegasos-dev-sources - Adding dholm...
rsbac-dev-sources - Adding kang...

------- Comment #7 From Adam Mondl (RETIRED) 2004-12-01 13:54:44 0000 ------- 
Fixed in stable hardened-dev-sources-r16

------- Comment #8 From Joshua Kinard 2004-12-01 20:52:22 0000 ------- 
mips-sources fixed.

------- Comment #9 From Daniel Drake 2004-12-02 07:43:11 0000 ------- 
gentoo-dev-sources done

------- Comment #10 From Guillaume Destuynder (RETIRED) 2004-12-02 10:56:55 0000 ------- 
rsbac-dev-sources: fixed.

------- Comment #11 From Konstantin Arkhipov 2004-12-02 11:55:42 0000 ------- 
done for oM-sources.

------- Comment #12 From David Holm (RETIRED) 2004-12-04 05:49:12 0000 ------- 
pegasos-dev-sources fixed

------- Comment #13 From Guy Martin 2004-12-08 09:11:23 0000 ------- 
hppa-dev-sources done.

------- Comment #14 From Thierry Carrez (RETIRED) 2004-12-15 02:54:09 0000 ------- 
---------------snip-----------------
CAN-2004-1068:

A race condition was discovered in the handling of AF_UNIX network packets.
This reportedly allowed local users to modify arbitrary kernel memory,
facilitating privilege escalation, or possibly allowing code execution in the
context of the kernel.

CAN-2004-1069:

Ross Kendall Axe discovered a possible kernel panic (causing a Denial of
Service) while sending AF_UNIX network packages if the kernel options
CONFIG_SECURITY_NETWORK and CONFIG_SECURITY_SELINUX are enabled.
---------------snip--------------

Does our patches also cover the SELinux-specific problem (-1069) ?

------- Comment #15 From Daniel Drake 2004-12-15 08:27:10 0000 ------- 
Doubtful.. Perhaps this patch is it?
http://linux.bkbits.net:8080/linux-2.6/cset@1.2055.4.76
http://linux.bkbits.net:8080/linux-2.6/cset@1.2055.40.68

------- Comment #16 From Tim Yamin (RETIRED) 2004-12-19 10:38:40 0000 ------- 
Created an attachment (id=46357) [details]
Extra 2.6 Patch for CAN-2004-1069

------- Comment #17 From Tim Yamin (RETIRED) 2004-12-19 10:41:58 0000 ------- 
*** IMPORTANT *** The following maintainers need to add also the CAN-2004-1069
patch on this bug. Please note that CAN-2004-1069 only applies to 2.6...

gentoo-dev-sources - dsd, please patch...
hardened-dev-sources - hardened herd, please patch...
hppa-dev-sources - Adding GMSoft...
mips-sources - Adding Kumba...
pegasos-dev-sources - Adding dholm...
rsbac-dev-sources - kang, please patch...

------- Comment #18 From Guillaume Destuynder (RETIRED) 2004-12-19 15:52:36 0000 ------- 
rsbac-dev-sources: fixed for CAN-2004-1069.

------- Comment #19 From Adam Mondl (RETIRED) 2004-12-24 16:59:46 0000 ------- 
hardened-dev-sources-r18 has CAN-2004-1069 patch added

------- Comment #20 From Daniel Drake 2004-12-24 19:25:12 0000 ------- 
gentoo-dev-sources done

------- Comment #21 From David Holm (RETIRED) 2004-12-25 05:30:40 0000 ------- 
pegasos-dev-sources fixed

------- Comment #22 From Joshua Kinard 2005-01-05 21:21:15 0000 ------- 
mips-sources fixed.

------- Comment #23 From Guy Martin 2005-01-08 17:43:52 0000 ------- 
hppa-sources-2.6.10 isn't affected by this one. (patch say it's already
applied)

------- Comment #24 From Tim Yamin (RETIRED) 2005-01-15 14:41:37 0000 ------- 
All kernels fixed, closing bug; notifications are being migrated away from
GLSAs for kernels, more news coming soon so stay tuned :-]

------- Comment #25 From Robert Buchholz 2009-05-03 13:31:02 0000 ------- 
CAN-2004-1068:
http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=bfa523d1df4634ac74e412d0dc3afb9620071d00

CAN-2004-1069:
http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=2c6e4a98d34cce702ea5ffcf66fd8c414ee24cf8