Bug 88740 - Kernel: sysfs_write_file() integer overflow (CAN-2005-0867)
Bug#: 88740 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: All Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: koon@gentoo.org
Component: Kernel
URL: 
Summary: Kernel: sysfs_write_file() integer overflow (CAN-2005-0867)
Keywords:  
Status Whiteboard: [linux >=2.6 < 2.6.11]
Opened: 2005-04-11 09:07 0000
Description:   Opened: 2005-04-11 09:07 0000 
From Ubuntu's latest:

Alexander Nyberg discovered an integer overflow in the sysfs_write_file() function. A local attacker could exploit this to crash the kernel or possibly even execute arbitrary code with root privileges by writing to an user-writable file in /sys under certain low-memory conditions. However, there are very few cases where a user-writeable sysfs file actually exists. (CAN-2005-0867)

------- Comment #1 From Tim Yamin (RETIRED) 2005-04-15 15:00:14 0000 ------- 
Created an attachment (id=56386) [details]
Patch

------- Comment #2 From Joshua Kinard 2005-04-23 22:29:40 0000 ------- 
mips-sources fixed.

------- Comment #3 From Daniel Drake 2005-04-27 13:46:49 0000 ------- 
gentoo-sources-2.6 unaffected

------- Comment #4 From Robert Paskowitz (RETIRED) 2005-05-17 16:41:14 0000 ------- 
Should be all fixed. http://kiss.gentoo.org/dev/viewBug.php?BugID=88740

------- Comment #5 From Tim Yamin (RETIRED) 2005-05-27 11:41:21 0000 ------- 
All fixed, closing bug.