Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 78362

Summary: Local DoS through vc_resize (CAN-2004-1333)
Product: Gentoo Security Reporter: Thierry Carrez (RETIRED) <koon>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: hp-cluster, security-kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html
Whiteboard: [linux< 2.4.29] [linux >=2.6 < 2.6.10]
Package list:
Runtime testing required: ---
Attachments:
Description Flags
2.4 patch
none
2.6.9 patch none

Description Thierry Carrez (RETIRED) gentoo-dev 2005-01-17 07:00:50 UTC 
CAN-2004-1333
Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-01-17 07:04:24 UTC 
See URL for common patches with bug 78363 and bug 74392.
Comment 2 Adam Mondl (RETIRED) gentoo-dev 2005-01-21 19:11:14 UTC 
Fixed in ~x86 hardened-sources-2.4.28-r4
Comment 3 Tim Yamin (RETIRED) gentoo-dev 2005-02-15 13:55:52 UTC 
Created attachment 51304 [details, diff]
2.4 patch
Comment 4 Tim Yamin (RETIRED) gentoo-dev 2005-02-15 13:56:23 UTC 
Created attachment 51305 [details, diff]
2.6.9 patch
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2005-03-16 03:16:49 UTC 
Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all
of these...
Comment 6 Daniel Drake (RETIRED) gentoo-dev 2005-03-16 05:57:13 UTC 
gentoo-dev-sources unaffected
Comment 7 Tim Yamin (RETIRED) gentoo-dev 2005-03-29 05:52:06 UTC 
All fixed, closing bug.
Comment 8 Tim Yamin (RETIRED) gentoo-dev 2005-03-29 05:53:53 UTC 
Hrm, a few of the branched sources still need fixing; reopening.
Comment 9 Tim Yamin (RETIRED) gentoo-dev 2005-03-29 06:03:16 UTC 
`Kumba: It seems mips-sources-2.4.27, 2.4.28, 2.6.8.1 and 2.6.9 still need this fix; anything >= 2.6.10 already includes it.
Comment 10 Tim Yamin (RETIRED) gentoo-dev 2005-04-06 15:13:56 UTC 
openmosix-sources also needs patching; CCing cluster.
Comment 11 Joshua Kinard gentoo-dev 2005-04-23 22:30:24 UTC 
mips-sources fixed.
Comment 12 Tim Yamin (RETIRED) gentoo-dev 2005-08-15 15:36:11 UTC 
All fixed, closing bug.