Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 280425 (CVE-2009-2847) - Kernel: do_sigaltstack: 'stack_t' Information Disclosure (CVE-2009-2847)
Summary: Kernel: do_sigaltstack: 'stack_t' Information Disclosure (CVE-2009-2847)
Status: RESOLVED FIXED
Alias: CVE-2009-2847
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Highest normal (vote)
Assignee: Gentoo Security
URL: http://git.kernel.org/?p=linux/kernel...
Whiteboard: [linux <2.6.31]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-08-05 07:24 UTC by cilly
Modified: 2013-09-15 18:38 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description cilly 2009-08-05 07:24:52 UTC
Description:
A security issue has been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information.

The security issue is caused due to an error in the implementation of the "sigaltstack()" function and can be exploited to disclose a limited amount of kernel stack memory.

Successful exploitation may require that the kernel is running on a 64-bit platform.

Solution:
Fixed in the GIT repository.

Original Advisory:
http://git.kernel.org/linus/0083fc2c50e6c5127c2802ad323adf8143ab7856
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-19 09:39:46 UTC
CVE-2009-2847 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2847):
  The do_sigaltstack function in kernel/signal.c in Linux kernel 2.6
  before 2.6.31-rc5, when running on 64-bit systems, does not clear
  certain padding bytes from a structure, which allows local users to
  obtain sensitive information from the kernel stack via the
  sigaltstack function.