Bug 86638 - af_bluetooth local root exploit (CAN-2005-0750)
|
Bug#:
86638
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: All
|
Status: RESOLVED
|
Severity: major
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: jaervosz@gentoo.org
|
|
Component: Kernel
|
|
|
URL:
|
|
Summary: af_bluetooth local root exploit (CAN-2005-0750)
|
|
Keywords:
|
|
Status Whiteboard: [linux < 2.4.30][ linux >= 2.6 < 2.6.11.6]
|
|
Opened: 2005-03-25 04:25 0000
|
there is a local root exploit by integer underflow in the bluetooth handling,
triggerable by any user if you have bluetooth modules installed.
(I think using socket(AF_BLUETOOTH, -index, x); )
Marcel has posted below patch, I am not sure which bk tree that is it is
however.
CAN-2005-0750 as by Mark J Cox.
An actual exploit supposedly exist already.
Patch posted in BK tree. New kernel release should follow.
Fixed in gentoo-sources-2.6.11-r6
*** Bug 87901 has been marked as a duplicate of this bug. ***
This also affects the 2.4 series.
From solar :
grsec-sources-2.4.30 is in the tree as ~arch.
Note for other bumpers of 2.4.x series.
CAN-2004-1056.patch and linux-2.4.28-random-poolsize.patch have never
been applied to mainline.
