Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 74212 - memory leak exists in gds-2.6.8-r10 and gds-2.6.9-r9 (CAN-2004-0427)
Summary: memory leak exists in gds-2.6.8-r10 and gds-2.6.9-r9 (CAN-2004-0427)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All All
: High major
Assignee: Gentoo Security
URL: http://www.gentoo.org/security/en/gls...
Whiteboard: [linux >=2.6 <2.6.6]
Keywords:
Depends on:
Blocks:
 
Reported: 2004-12-12 10:08 UTC by Mike Doty (RETIRED)
Modified: 2009-07-10 22:30 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
script that interfaces between cron and our scripts (gtcronner,907 bytes, text/plain)
2004-12-12 10:23 UTC, Mike Doty (RETIRED) 		no flags Details
script that interfaces between the POS system and sendfax (gtfaxer,4.00 KB, text/plain)
2004-12-12 10:23 UTC, Mike Doty (RETIRED) 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Doty (RETIRED) gentoo-dev 2004-12-12 10:08:23 UTC 
The GLSA incorrectly states that >=gds-2.6.7 is unaffected by this bug, However I'm able to to create said memory leak with both 2.6.8-r10 and 2.6.9-r9.  I have scripts that exploit this bug, which I'll be attaching shortly.
Comment 1 Mike Doty (RETIRED) gentoo-dev 2004-12-12 10:23:00 UTC 
Created attachment 45831 [details]
script that interfaces between cron and our scripts

Usage:
add a cron line:
* * * * *     /path/to/gtcronner
Comment 2 Mike Doty (RETIRED) gentoo-dev 2004-12-12 10:23:54 UTC 
Created attachment 45832 [details]
script that interfaces between the POS system and sendfax
Comment 3 Mike Doty (RETIRED) gentoo-dev 2004-12-12 11:24:51 UTC 
This specificly relates to CAN-2004-0427.  I've also tested 2 other kernels, both from redhat 9.0  2.4.20 is affected, where 2.4.18 is not.
Comment 4 Daniel Drake (RETIRED) gentoo-dev 2004-12-12 14:30:20 UTC 
As discussed on IRC, this doesn't appear to be the same issue as described in that security post. I'd suggest that you try 2.6.10-rc3 and check that it is definately fixed there.
Comment 5 Mike Doty (RETIRED) gentoo-dev 2004-12-12 15:59:28 UTC 
This also occurs with gds-2.6.10_rc3
Comment 6 Mike Doty (RETIRED) gentoo-dev 2004-12-12 16:24:00 UTC 
Woah, mistake made, this does not occur with gds-2.6.10_rc3.  thanks for the tip dsd
Comment 7 Tim Yamin (RETIRED) gentoo-dev 2005-01-15 14:44:12 UTC 
Closing as FIXED, comment #6.