Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 172748 (CVE-2007-1353)

Summary: Kernel: [Bluetooth] Fix L2CAP and HCI setsockopt() information leaks (CVE-2007-1353)
Product: Gentoo Security Reporter: Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: ciklop1979, gustavo
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: [linux < 2.6.22]
Package list:
Runtime testing required: ---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-03-30 06:26:54 UTC 
The L2CAP and HCI setsockopt() implementations have a small information
leak that makes it possible to leak kernel stack memory to userspace.

If the optlen parameter is 0, no data will be copied by copy_from_user(),
but the uninitialized stack buffer will be read and stored later. A call
to getsockopt() can now retrieve the leaked information.

To fix this problem the stack buffer given to copy_from_user() must be
initialized with the current settings.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Comment 1 Lars Hartmann 2007-04-25 19:09:27 UTC 
http://secunia.com/advisories/24976/
http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.34.3

The weaknesses are reported in versions prior to 2.4.34.3.

Solution:
Update to version 2.4.34.3.
Comment 2 unnamedrambler 2008-03-08 19:12:43 UTC 
According to git commit 0878b6667f28772aa7d6b735abff53efc7bf6d91  2.6.* was also vulnerable. It was patched in 2.6.22.

metadata:
[linux < 2.6.22]
Comment 3 Gustavo F. Padovan 2010-02-02 02:11:54 UTC 
We don't have 2.6.22 kernels anymore on portage. Looks we can close this bug.