59378 – sys-kernel/*: file offset pointer handling vulnerability

Bug 59378 - sys-kernel/*: file offset pointer handling vulnerability

Summary: sys-kernel/*: file offset pointer handling vulnerability

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All All

Importance:	High normal
Assignee:	Gentoo Security

URL:	http://isec.pl/vulnerabilities/isec-0...
Whiteboard:	A4 [kernel]
Keywords:

Depends on:
Blocks:

Reported:	2004-08-04 04:34 UTC by Carsten Lohrke (RETIRED)
Modified:	2011-10-30 22:42 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Flags:	plasmaroo: Assigned_To? (plasmaroo)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Carsten Lohrke (RETIRED) gentoo-dev

2004-08-04 04:34:37 UTC

There  are two different versions of the file handling API inside recent
Linux kernels: the old 32 bit and the new (LFS)  64  bit  API.  We  have
identified  numerous places, where invalid conversions from 64 bit sized
file offsets to 32 bit ones as well  as  insecure  access  to  the  file
offset member variable take place.

We  have  found that most of the /proc entries (like /proc/version) leak
about one page of unitialized kernel memory  and  can  be  exploited  to
obtain sensitive data.

Tested  and known to be vulnerable kernel versions are all <= 2.4.26 and
<= 2.6.7. All users are encouraged to patch all  vulnerable  systems  as
soon  as appropriate vendor patches are released. There is no hotfix for
this vulnerability.

Exploit included. That's fun! :(

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2004-08-04 08:15:08 UTC

CAN-2004-0415

Comment 2 solar (RETIRED) gentoo-dev

2004-08-04 11:43:40 UTC

Patched in grsec-sources-2.4.26.2.0-r7.ebuild with 
http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-2.4.26-CAN-2004-0415.patch

Note to other kernel maintainers. 
This patch is 80k and thus to large for ${FILESDIR} so please use the SRC_URI=

Comment 3 Tim Yamin (RETIRED) gentoo-dev

2004-08-04 12:26:32 UTC

Patches for 2.4.{19, 2[0123456]} as well as 2.6.7 are also there at http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/...

Comment 4 Andrea Luzzardi 2004-08-04 13:01:44 UTC

hardened-sources patched (2.4.26-r4).

Comment 5 Guillaume Destuynder (RETIRED) gentoo-dev

2004-08-04 18:50:55 UTC

rsbac-(dev-)sources patched

Comment 6 Tim Yamin (RETIRED) gentoo-dev

2004-08-05 07:17:08 UTC

All done, everything should now be patched. The following sources remain, and I'm adding their maintainers to the CC list:

gentoo-dev-sources: Adding gregkh...
hardened-dev-sources: hardened@gentoo.org is already on the list...
hppa-(dev-)sources: Adding GMSoft...
mips-sources: Adding `Kumba...
openmosix-sources: Adding cluster herd...
{ppc, pegasos(dev-)}-sources: Adding dholm...
sparc-sources: Adding Joker...
selinux-sources: Ading pebenito...

Comment 7 Konstantin Arkhipov (RETIRED) gentoo-dev

2004-08-05 08:13:41 UTC

openmosix-sources patched

Comment 8 Joshua Kinard gentoo-dev

2004-08-05 22:04:37 UTC

mips-sources fixed.

Comment 9 Greg Kroah-Hartman (RETIRED) gentoo-dev

2004-08-06 17:11:51 UTC

gentoo-dev-sources fixed in release 2.6.7-r12

Comment 10 Brandon Hale (RETIRED) gentoo-dev

2004-08-06 18:45:02 UTC

Fixed in hardened-dev-sources.

Comment 11 David Holm (RETIRED) gentoo-dev

2004-08-08 04:13:03 UTC

ppc-sources, pegasos-sources, and pegasos-dev-sources have been fixed.

Comment 12 solar (RETIRED) gentoo-dev

2004-08-08 08:53:08 UTC

Removing hardened@ but leaving  pebenito@ on the list for selinux-sources

Comment 13 Guy Martin (RETIRED) gentoo-dev

2004-08-09 16:33:22 UTC

Fixed on hppa.

Comment 14 Gustavo Zacarias (RETIRED) gentoo-dev

2004-08-12 05:48:26 UTC

sparc-sources-2.4.27 is out and stable courtesy of Joker, fixed.
Joker: i'm just removing sparc@ from this, feel free to remove yourself.

Comment 15 Christian Birchinger (RETIRED) gentoo-dev

2004-08-12 09:25:01 UTC

sparc-sources-2.4.27 released

Comment 16 Chris PeBenito (RETIRED) gentoo-dev

2004-08-13 20:11:30 UTC

selinux-src fixed

Comment 17 Tim Yamin (RETIRED) gentoo-dev

2004-08-26 04:49:59 UTC

GLSA 200408-24.