Summary: | Kernel signed types issues (CAN-2005-{0529,0530,0531,0532}) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> | ||||
Component: | Kernel | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | major | CC: | m.debruijne, security-kernel, zataz | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
URL: | http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html | ||||||
Whiteboard: | [linux >=2.6 < 2.6.11] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-02-15 11:30:04 UTC
*** Bug 82221 has been marked as a duplicate of this bug. *** Hmm - some more vulnerabilities... :-( http://secunia.com/advisories/14295/ - nls_ascii.c buffer overflow (potential crash kernel exploit) - error in netfilter (potential crash kernel exploit or bypass of firewall rules) CANs assigned: CAN-2005-0529 CAN-2005-0530 CAN-2005-0531 CAN-2005-0532 From Ubuntu's latest: Georgi Guninski discovered a buffer overflow in the ATM driver. The atm_get_addr() function does not validate its arguments sufficiently, which could allow a local attacker to overwrite large portions of kernel memory by supplying a negative length argument. This could eventually lead to arbitrary code execution. (CAN-2005-0531) Georgi Guninski also discovered three other integer comparison problems in the TTY layer, in the /proc interface and the ReiserFS driver. However, the previous Ubuntu security update (kernel version 2.6.8.1-16.11) already contained a patch which checks the arguments to these functions at a higher level and thus prevents these flaws from being exploited. (CAN-2005-0529, CAN-2005-0530, CAN-2005-0532) *** Bug 80107 has been marked as a duplicate of this bug. *** Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all of these... gentoo-dev-sources unaffected Created attachment 55516 [details, diff]
Patch
Everything seems to have been patched or upgraded to 2.6.11; mips-sources branches remain that still need patching so CCing Kumba. mips-sources fixed. KISS says all done: http://kiss.gentoo.org/dev/viewBug.php?BugID=82141 All fixed, closing bug. |