101437 – 64-bit overflow through 32-bit execve (CAN-2005-1768)

Bug 101437 - 64-bit overflow through 32-bit execve (CAN-2005-1768)

Summary: 64-bit overflow through 32-bit execve (CAN-2005-1768)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://www.kernel.org/git/gitweb.cgi?...
Whiteboard:	[linux <2.4.32]
Keywords:

Depends on:
Blocks:

Reported:	2005-08-05 06:38 UTC by Thierry Carrez (RETIRED)
Modified:	2009-05-03 15:36 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thierry Carrez (RETIRED) gentoo-dev

2005-08-05 06:38:58 UTC

In SuSE latest kernel advisory :

- by causing an overflow in the 32bit execve function users could
  crash the kernel or even execute code (CAN-2005-1768).

Comment 1 Daniel Drake (RETIRED) gentoo-dev

2005-08-05 09:55:20 UTC

2.4 only, patch in URL field.

Comment 2 Tim Yamin (RETIRED) gentoo-dev

2005-08-05 10:51:08 UTC

Only grsec-sources affected as it's marked ~amd64.

Comment 3 solar (RETIRED) gentoo-dev

2005-08-05 15:43:48 UTC

guess this is as good time any to drop grsec-sources-2.4.x

Comment 4 solar (RETIRED) gentoo-dev

2005-08-06 02:39:36 UTC

grsec-sources-2.4.x is no longer in the tree.

Comment 5 Tim Yamin (RETIRED) gentoo-dev

2005-08-08 12:32:03 UTC

Closing bug.