First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 59378
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Carsten Lohrke <carlo@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
plasmaroo: ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 59378 depends on: Show dependency tree
Bug 59378 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-08-04 04:34 0000 
There  are two different versions of the file handling API inside recent
Linux kernels: the old 32 bit and the new (LFS)  64  bit  API.  We  have
identified  numerous places, where invalid conversions from 64 bit sized
file offsets to 32 bit ones as well  as  insecure  access  to  the  file
offset member variable take place.

We  have  found that most of the /proc entries (like /proc/version) leak
about one page of unitialized kernel memory  and  can  be  exploited  to
obtain sensitive data.

Tested  and known to be vulnerable kernel versions are all <= 2.4.26 and
<= 2.6.7. All users are encouraged to patch all  vulnerable  systems  as
soon  as appropriate vendor patches are released. There is no hotfix for
this vulnerability.

Exploit included. That's fun! :(

------- Comment #1 From Thierry Carrez (RETIRED) 2004-08-04 08:15:08 0000 ------- 
CAN-2004-0415

------- Comment #2 From solar 2004-08-04 11:43:40 0000 ------- 
Patched in grsec-sources-2.4.26.2.0-r7.ebuild with 
http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-2.4.26-CAN-2004-0415.patch

Note to other kernel maintainers. 
This patch is 80k and thus to large for ${FILESDIR} so please use the SRC_URI=

------- Comment #3 From Tim Yamin (RETIRED) 2004-08-04 12:26:32 0000 ------- 
Patches for 2.4.{19, 2[0123456]} as well as 2.6.7 are also there at
http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/...

------- Comment #4 From Andrea Luzzardi 2004-08-04 13:01:44 0000 ------- 
hardened-sources patched (2.4.26-r4).

------- Comment #5 From Guillaume Destuynder (RETIRED) 2004-08-04 18:50:55 0000 ------- 
rsbac-(dev-)sources patched

------- Comment #6 From Tim Yamin (RETIRED) 2004-08-05 07:17:08 0000 ------- 
All done, everything should now be patched. The following sources remain, and
I'm adding their maintainers to the CC list:

gentoo-dev-sources: Adding gregkh...
hardened-dev-sources: hardened@gentoo.org is already on the list...
hppa-(dev-)sources: Adding GMSoft...
mips-sources: Adding `Kumba...
openmosix-sources: Adding cluster herd...
{ppc, pegasos(dev-)}-sources: Adding dholm...
sparc-sources: Adding Joker...
selinux-sources: Ading pebenito...

------- Comment #7 From Konstantin Arkhipov 2004-08-05 08:13:41 0000 ------- 
openmosix-sources patched

------- Comment #8 From Joshua Kinard 2004-08-05 22:04:37 0000 ------- 
mips-sources fixed.

------- Comment #9 From Greg Kroah-Hartman 2004-08-06 17:11:51 0000 ------- 
gentoo-dev-sources fixed in release 2.6.7-r12

------- Comment #10 From Brandon Hale (RETIRED) 2004-08-06 18:45:02 0000 ------- 
Fixed in hardened-dev-sources.

------- Comment #11 From David Holm (RETIRED) 2004-08-08 04:13:03 0000 ------- 
ppc-sources, pegasos-sources, and pegasos-dev-sources have been fixed.

------- Comment #12 From solar 2004-08-08 08:53:08 0000 ------- 
Removing hardened@ but leaving  pebenito@ on the list for selinux-sources

------- Comment #13 From Guy Martin 2004-08-09 16:33:22 0000 ------- 
Fixed on hppa.

------- Comment #14 From Gustavo Zacarias (RETIRED) 2004-08-12 05:48:26 0000 ------- 
sparc-sources-2.4.27 is out and stable courtesy of Joker, fixed.
Joker: i'm just removing sparc@ from this, feel free to remove yourself.

------- Comment #15 From Christian Birchinger 2004-08-12 09:25:01 0000 ------- 
sparc-sources-2.4.27 released

------- Comment #16 From Chris PeBenito 2004-08-13 20:11:30 0000 ------- 
selinux-src fixed

------- Comment #17 From Tim Yamin (RETIRED) 2004-08-26 04:49:59 0000 ------- 
GLSA 200408-24.
First Last Prev Next    No search results available      Search page      Enter new bug