| Summary: | sys-kernel/* Privilege escalation bugs revealed by Sparse tool | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Thierry Carrez (RETIRED) <koon> |
| Component: | Kernel | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | critical | CC: | hp-cluster |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | All | ||
| URL: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0495 | ||
| Whiteboard: | A1 [kernel] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Thierry Carrez (RETIRED)
2004-06-24 01:23:18 UTC
*** Bug 54977 has been marked as a duplicate of this bug. *** ------- Merging Comment #0 From Bug #54977 2004-06-24 01:26 PST ------- From the Mandrake advisory (http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:062): A vulnerability in the e1000 driver for the Linux kernel 2.4.26 and earlier was discovered by Chris Wright. The e1000 driver does not properly reset memory or restrict the maximum length of a data structure, which can allow a local user to read portions of kernel memory (CAN-2004-0535). Most things should now be patched; adding externally maintained sources on to the CC lists for kernels which need patching for both CAN-2004-0495 and CAN-2004-0535: sys-kernel/grsec-sources - Adding solar... sys-kernel/hardened-sources - Adding hardened... sys-kernel/hardened-dev-sources - Same as above... sys-kernel/hppa-dev-sources - Adding GMSoft; this just needs 2.6.7 stable. sys-kernel/hppa-sources - Adding GMSoft; this needs patching. sys-kernel/openmosix-sources - Adding cluster... sys-kernel/pegasos-sources - Adding dholm... sys-kernel/rsbac-dev-sources - Adding kang... ../../gentoo-sources/files/gentoo-sources-2.4.CAN-2004-0495.patch ../../gentoo-sources/files/gentoo-sources-2.4.CAN-2004-0535.patch Above added to grsec-sources/files/ Updated digests and verified a clean src_unpack. Added ChangeLog references to this bug. Unable to verify runtime at this point in time. pegasos-sources has been updated Hardened-dev-sources is OK now; it's been bumped to 2.6.7. Adding `Kumba for mips-sources... belatedly adding Chris for selinux-sources. hardened-sources updated selinux-src fixed hppa-dev-sources is stable now hardened-dev-sources-2.6.7 marked ~x86 ~ppc ~amd64 it only has a stable version on amd64. This might be a good time for arch testing :) - rsbac-sources: fixed CAN 0535/0495 - rsbac-dev-sources: is using kernel 2.6.7 sorry for the little delay, cvs was buggy and today update fixed things so that i could upload finally a new rsbac-sources. openmosix-sources: fixed in -r10, will be unmasked soon. (patches taken from gentoo-sources, tested) Added to mips-sources Stable on hppa. GLSA 200407-02; http://article.gmane.org/gmane.linux.gentoo.announce/382; closing as FIXED. |