Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 202290

Summary: sys-kernel/*-sources <=2.6.23.X possible memory overrun issue in the isdn ioctl code. (CVE-2007-6151)
Product: Gentoo Security Reporter: Lars Hartmann <lars>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: kernel, svrmarty
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6151
Whiteboard: [linux < 2.6.16.60][gp < 2.6.16-15][linux >= 2.6.17 < 2.6.23.10][gp >= 2.6.17-1 < 2.6.23-5]
Package list:
Runtime testing required: ---

Description Lars Hartmann 2007-12-14 18:05:09 UTC 
the sprintf() function can be overflown by other local users using the ioctl. Howewer, there is no return pointer so this can only be used for DoS.

Solution:
Apply this patch: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=eafe1aa37e6ec2d56f14732b5240c4dd09f0613a


Reproducible: Always
Comment 1 Krzysztof Pawlik (RETIRED) gentoo-dev 2007-12-14 19:13:50 UTC 
Fixed in 2.6.23.10: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.10:

commit 27b396672af95abad9591d9123e62d6ab4b655da
Author: Karsten Keil <kkeil@suse.de>
Date:   Sat Dec 1 12:16:15 2007 -0800

    I4L: fix isdn_ioctl memory overrun vulnerability
    
    patch eafe1aa37e6ec2d56f14732b5240c4dd09f0613a in mainline.
    
    Fix possible memory overrun issue in the isdn ioctl code.  Found by ADLAB
    <adlab@venustech.com.cn>
    
    Signed-off-by: Karsten Keil <kkeil@suse.de>
    Cc: ADLAB <adlab@venustech.com.cn>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Comment 2 svrmarty 2009-08-05 15:58:07 UTC 
latest update from 2007

please close