In Ubuntu's USN-219-1: Pavel Roskin discovered an information leak in the Orinoco wireless card driver. When increasing the buffer length for storing data, the buffer was not padded with zeros, which exposed a random part of the system memory to the user. (CVE-2005-3180)
I've added the patch to net-wireless/orinoco-0.15_rc3-r1, which is still ~x86. If nobody tells me otherwise, I will mark it stable on x86 tomorrow and remove the vulnerable version net-wireless/orinoco-0.15_rc2-r2. Will this require a GLSA? PS: Why wasn't I added to CC: on this bug when it was opened?
Uh, I thought it was a kernel-only thing. Is the orinoco driver only standalone ? If it's a package thing, it will require a GLSA vote to decide.
It is both. The orinoco driver is available in multiple places in portage: sys-kernel/*-sources net-wireless/orinoco sys-apps/pcmcia-cs-modules I'll look into backporting the fix to pcmcia-cs-modules later today.
Created attachment 75008 [details, diff] pcmcia-cs-3.2.8-orinoco-memleak.patch I'm sorry that I haven't updated this bug sooner - I've been busy with exams and haven't been able to find the time for testing sys-apps/pcmcia-cs-modules with linux-2.4.x yet. Attaching the backported patch here in the hope someone else will beat me to it...
Adding maintainers: rsbac-sources: kang
All kernel dojo now fixed (thanks kang), do we need a GLSA for the pcmcia-cs-modules/orinoco packages?
We should probably vote on it. I've no clue how exploitable it is -- could this really be used for drive-by memory dumps ? Or is it more a theorical thing which requires active participation of the victim, like pairing to a malicious node ?
I don't think a GLSA is needed, since this exploit is rather theoretical. On a side note, I've just marked orinoco-0.15_rc4 (which fixes this issue) stable on x86.
I vote for no GLSA. Still need testing on the attached patch before we have a fixed version of sys-apps/pcmcia-cs-modules.
Brix any news on this one?
Voting no GLSA too.
No GLSA vote reached; kernel dojo finished, bug closing...
