Yi Yang discovered an off-by-one buffer overflow in the sysctl() system call. By calling sysctl with a specially crafted long string, a local attacker could exploit this to crash the kernel or possibly even execute arbitrary code with full kernel privileges. (CVE-2005-4618)
Patch: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=8febdd85adaa41fa1fc1cb31286210fc2cd3ed0c;hp=8b90db0df7187a01fb7177f1f812123138f562cf
CCing maintainers: hardened-sources: hardened herd, kerframil, johnm mips-sources: Kumba rsbac-sources: kang xbox-sources: gimli
Toggle status.
The above patch was superceded by a superior solution which was included in the 2.6.14.6 release. Please use this patch instead: http://dev.gentoo.org/~dsd/genpatches/trunk/2.6.14/1079_6_sysctl-string-termination.patch As a result, this fix was also added in: * genpatches-2.6.14-9 * hardened-sources-2.6.14-r4 So, I'm updating the status whiteboard and removing hardened from the CC list.
All fixed, resolving bug.