Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 119560 - Kernel: off-by-one buffer overflow in sysctl syscall (CVE-2005-4618)
Summary: Kernel: off-by-one buffer overflow in sysctl syscall (CVE-2005-4618)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: [linux < 2.6.14.6]
Keywords:
Depends on:
Blocks:
 
Reported: 2006-01-19 08:41 UTC by Thierry Carrez (RETIRED)
Modified: 2009-05-03 16:01 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thierry Carrez (RETIRED) gentoo-dev 2006-01-19 08:41:43 UTC 
Yi Yang discovered an off-by-one buffer overflow in the sysctl()
system call. By calling sysctl with a specially crafted long string, a
local attacker could exploit this to crash the kernel or possibly even
execute arbitrary code with full kernel privileges. (CVE-2005-4618)
Comment 2 Tim Yamin (RETIRED) gentoo-dev 2006-01-22 16:16:23 UTC 
CCing maintainers:

hardened-sources: hardened herd, kerframil, johnm
mips-sources: Kumba
rsbac-sources: kang
xbox-sources: gimli
Comment 3 Tim Yamin (RETIRED) gentoo-dev 2006-01-22 16:16:44 UTC 
Toggle status.
Comment 4 kfm 2006-01-24 08:59:34 UTC 
The above patch was superceded by a superior solution which was included in the 2.6.14.6 release. Please use this patch instead:

http://dev.gentoo.org/~dsd/genpatches/trunk/2.6.14/1079_6_sysctl-string-termination.patch

As a result, this fix was also added in:

  * genpatches-2.6.14-9
  * hardened-sources-2.6.14-r4

So, I'm updating the status whiteboard and removing hardened from the CC list.
Comment 5 Tim Yamin (RETIRED) gentoo-dev 2006-04-15 12:09:42 UTC 
All fixed, resolving bug.