Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 194075

Summary: sys-kernel/2.6.x CVE-2007{3731,3739,3740,4849}
Product: Gentoo Security Reporter: Bernd Marienfeldt <bernd>
Component: KernelAssignee: Gentoo Security <security>
Severity: normal CC: chainsaw, kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Package list:
Runtime testing required: ---

Description Bernd Marienfeldt 2007-09-28 11:43:24 UTC
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. 

Reproducible: Always
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-09-28 13:16:50 UTC
  The IA32 system call emulation functionality in Linux kernel 2.4.x and
  2.6.x before, when running on the x86_64 architecture, does not
  zero extend the eax register after the 32bit entry path to ptrace is
  used, which might allow local users to gain privileges by triggering
  an out-of-bounds access to the system call table using the %RAX register.

This is handled in bug 193386.

The others I don't know of:

  The Linux kernel 2.6.20 and 2.6.21 does not properly handle an
  invalid LDT segment selector in %cs (the xcs field) during ptrace
  single-step operations, which allows local users to cause a denial
  of service (NULL dereference and OOPS) via certain code that makes
  ptrace PTRACE_SETREGS and PTRACE_SINGLESTEP requests, related to
  the TRACE_IRQS_ON function, and possibly related to the arch_ptrace

  mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does
  not prevent stack expansion from entering into reserved kernel page
  memory, which allows local users to cause a denial of service (OOPS)
  via unspecified vectors.

  The CIFS filesystem, when Unix extension support is enabled, does not
  honor the umask of a process, which allows local users to gain privileges.

  JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly
  other Linux systems, when POSIX ACL support is enabled, does not
  properly store permissions during (1) inode creation or (2) ACL
  setting, which might allow local users to access restricted files
  or directories after a remount of a filesystem, related to "legacy
  modes" and an inconsistency between dentry permissions and inode

Comment 2 Mike Pagano gentoo-dev 2008-03-20 12:18:51 UTC
Not sure how we want to whiteboard this since we have some many vulnerabilities in one bug:

[linux <][genpatches < 2.6.23-1]

[linux <][linux <][linux < 2.6.20][genpatches < 2.6.20-1]

[linux < 2.6.22][genpatches < 2.6.22-1]

[linux < 2.6.23][linux <][linux <=][linux <][linux <][genpatches < 2.6.23-1]
Comment 3 unnamedrambler 2008-03-21 19:32:13 UTC
Considering the affected intervals vary from CVE to CVE I think we should split this into individual bugs
Comment 4 unnamedrambler 2008-03-21 23:35:18 UTC
split into:
bug 214184 
bug 214186
bug 214188 
bug 214189

Not sure how this bug should be changed..  resolve as invalid or something?
Comment 5 unnamedrambler 2008-03-21 23:59:20 UTC

*** This bug has been marked as a duplicate of bug 214184 ***