Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 139321 - Kernel: possible buffer overflow in DVD handling (CVE-2006-2935)
Summary: Kernel: possible buffer overflow in DVD handling (CVE-2006-2935)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://git.kernel.org/?p=linux/kernel...
Whiteboard: [linux <2.6.16.28] [linux >=2.6.17 <2...
Keywords:
Depends on:
Blocks:
 
Reported: 2006-07-05 08:17 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2009-07-11 11:49 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-07-05 08:17:59 UTC 
reading through drivers/cdrom/cdrom.c:dvd_read_bca() shows a potential 
bufferoverflow. 
 
buf[4+188] is allocated on the stack, however cgc.cmd[9] and cgc.buflen are 
set to 255. 
 
This can be exploited by a custom made USB Storage device and used 
for local privilege escalation. (aka plug-in this usb device to get root). 
Steps to reproduce: 
review the function for buffer overflow again.
Comment 2 Tim Yamin (RETIRED) gentoo-dev 2006-08-08 14:53:10 UTC 
Adding non-genpatches maintainers:

sh-sources-2.6: sh
xbox-sources-2.6: chrb
xen-sources-2.6: chrb, agriffis
Comment 3 Tuan Van (RETIRED) gentoo-dev 2006-08-09 11:43:31 UTC 
does anyone know if upstream going to release another 2.6.16.x? I think xen-sources still based on 2.6.16 series.
Comment 4 Andrew Ross (RETIRED) gentoo-dev 2006-08-25 23:26:26 UTC 
xen-sources bumped to 2.6.16.26-r1 with patch from comment #2
Comment 5 Tim Yamin (RETIRED) gentoo-dev 2006-09-02 16:59:53 UTC 
rsbac-sources-2.6: Please bump to 2.6.17 or add patch
usermode-sources-2.6: Please bump to 2.6.17 or add patch
Comment 6 Harlan Lieberman-Berg (RETIRED) gentoo-dev 2006-09-02 19:45:48 UTC 
Naughty naughty, someone forgot to set status to ASSIGNED.
Comment 7 Daniel Gryniewicz (RETIRED) gentoo-dev 2006-09-06 16:49:44 UTC 
usermode-sources-2.6.16-r5 added.
Comment 8 Harlan Lieberman-Berg (RETIRED) gentoo-dev 2006-11-01 19:03:33 UTC 
RSBAC, SH, you are still vulnerable. Please patch or bump past 2.6.17
Comment 9 Guillaume Destuynder (RETIRED) gentoo-dev 2006-11-09 06:39:52 UTC 
rsbac-sources bumped to 2.6.18 in ~
Comment 10 Harlan Lieberman-Berg (RETIRED) gentoo-dev 2006-11-09 18:28:18 UTC 
SH Sources no longer covered by Gentoo Security. Closing bug.