Bug 82141 - Kernel signed types issues (CAN-2005-{0529,0530,0531,0532})
|
Bug#:
82141
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: All
|
Status: RESOLVED
|
Severity: major
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: jaervosz@gentoo.org
|
|
Component: Kernel
|
|
|
URL:
http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
|
|
Summary: Kernel signed types issues (CAN-2005-{0529,0530,0531,0532})
|
|
Keywords:
|
|
Status Whiteboard: [linux >=2.6 < 2.6.11]
|
|
Opened: 2005-02-15 11:30 0000
|
For full description see the link.
*** Bug 82221 has been marked as a duplicate of this bug. ***
Hmm - some more vulnerabilities... :-(
http://secunia.com/advisories/14295/
- nls_ascii.c buffer overflow (potential crash kernel exploit)
- error in netfilter (potential crash kernel exploit or bypass of firewall rules)
CANs assigned:
CAN-2005-0529
CAN-2005-0530
CAN-2005-0531
CAN-2005-0532
From Ubuntu's latest:
Georgi Guninski discovered a buffer overflow in the ATM driver. The
atm_get_addr() function does not validate its arguments sufficiently,
which could allow a local attacker to overwrite large portions of
kernel memory by supplying a negative length argument. This could
eventually lead to arbitrary code execution. (CAN-2005-0531)
Georgi Guninski also discovered three other integer comparison
problems in the TTY layer, in the /proc interface and the ReiserFS
driver. However, the previous Ubuntu security update (kernel version
2.6.8.1-16.11) already contained a patch which checks the arguments to
these functions at a higher level and thus prevents these flaws from
being exploited. (CAN-2005-0529, CAN-2005-0530, CAN-2005-0532)
*** Bug 80107 has been marked as a duplicate of this bug. ***
gentoo-dev-sources unaffected
Everything seems to have been patched or upgraded to 2.6.11; mips-sources
branches remain that still need patching so CCing Kumba.
