Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 202290 - sys-kernel/*-sources <=2.6.23.X possible memory overrun issue in the isdn ioctl code. (CVE-2007-6151)
Summary: sys-kernel/*-sources <=2.6.23.X possible memory overrun issue in the isdn ioc...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://cve.mitre.org/cgi-bin/cvename....
Whiteboard: [linux < 2.6.16.60][gp < 2.6.16-15][l...
Keywords:
Depends on:
Blocks:
 
Reported: 2007-12-14 18:05 UTC by Lars Hartmann
Modified: 2013-09-12 04:56 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Lars Hartmann 2007-12-14 18:05:09 UTC 
the sprintf() function can be overflown by other local users using the ioctl. Howewer, there is no return pointer so this can only be used for DoS.

Solution:
Apply this patch: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=eafe1aa37e6ec2d56f14732b5240c4dd09f0613a


Reproducible: Always
Comment 1 Krzysztof Pawlik (RETIRED) gentoo-dev 2007-12-14 19:13:50 UTC 
Fixed in 2.6.23.10: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.10:

commit 27b396672af95abad9591d9123e62d6ab4b655da
Author: Karsten Keil <kkeil@suse.de>
Date:   Sat Dec 1 12:16:15 2007 -0800

    I4L: fix isdn_ioctl memory overrun vulnerability
    
    patch eafe1aa37e6ec2d56f14732b5240c4dd09f0613a in mainline.
    
    Fix possible memory overrun issue in the isdn ioctl code.  Found by ADLAB
    <adlab@venustech.com.cn>
    
    Signed-off-by: Karsten Keil <kkeil@suse.de>
    Cc: ADLAB <adlab@venustech.com.cn>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Comment 2 svrmarty 2009-08-05 15:58:07 UTC 
latest update from 2007

please close