Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 48050 - sys-kernel/* - infoleak in ext3 and DoS through soundblaster
Summary: sys-kernel/* - infoleak in ext3 and DoS through soundblaster
Status: RESOLVED DUPLICATE of bug 47881
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://www.debian.org/security/2004/d...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-04-16 09:32 UTC by antiher0
Modified: 2011-10-30 22:42 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
ext3 patch - CAN-2004-0177 (jbd-CAN-2004-0177.patch,384 bytes, patch)
2004-04-16 09:33 UTC, antiher0 		no flags Details | Diff
soundblaster patch - CAN-2004-0178 (sb_audio-CAN-2004-0178.patch,424 bytes, patch)
2004-04-16 09:34 UTC, antiher0 		no flags Details | Diff
CAN-2004-0010 - ncp_lookup buffer overflow (CAN-2004-0010.patch,5.91 KB, patch)
2004-04-17 02:09 UTC, Tim Yamin (RETIRED) 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description antiher0 2004-04-16 09:32:20 UTC 
# CAN-2004-0177
Solar Designer discovered an information leak in the ext3 code of Linux. In a worst case an attacker could read sensitive data such as cryptographic keys which would otherwise never hit disk media. Theodore Ts'o developed a correction for this.

# CAN-2004-0178
Andreas Kies discovered a denial of service condition in the Sound Blaster driver in Linux. He also developed a correction.


Reproducible: Always
Steps to Reproduce:




Fixed in 2.4.26.  Patches included here.  Both apply cleanly to
gentoo-sources-2.4.25-r1.  Haven't tested any others.
Comment 1 antiher0 2004-04-16 09:33:13 UTC 
Created attachment 29427 [details, diff]
ext3 patch - CAN-2004-0177
Comment 2 antiher0 2004-04-16 09:34:00 UTC 
Created attachment 29428 [details, diff]
soundblaster patch - CAN-2004-0178
Comment 3 Tim Yamin (RETIRED) gentoo-dev 2004-04-17 01:24:31 UTC 
[ Noting down that these are both 2.4 only issues ]
Comment 4 Tim Yamin (RETIRED) gentoo-dev 2004-04-17 02:09:39 UTC 
Created attachment 29477 [details, diff]
CAN-2004-0010 - ncp_lookup buffer overflow
Comment 5 Tim Yamin (RETIRED) gentoo-dev 2004-04-17 02:10:33 UTC 
AA-sources patched and alpha-sources patched and revision bumped [2.4.21-r6] for the three.
Comment 6 Tim Yamin (RETIRED) gentoo-dev 2004-04-17 02:25:36 UTC 
CK-Sources patched; the last patch doesn't apply for 2.4.25.
Comment 7 Tim Yamin (RETIRED) gentoo-dev 2004-04-17 04:02:22 UTC 
Compaq-sources-2.4.9.32.7-r4 added...
Gaming-sources-2.4.20-r10 added...
Gentoo-sources-2.4.19-r13 added...
Gentoo-sources-2.4.20-r16 added...
Gentoo-sources-2.4.22-r9 added...
Gentoo-sources-2.4.25-r2 added...
Comment 8 Tim Yamin (RETIRED) gentoo-dev 2004-04-17 05:04:32 UTC 
GS-sources 2.4.25_pre7-r4 added...
Hardened-sources 2.4.24-r3 added...
IA64-sources 2.4.24-r3 added...
PAC-sources 2.4.23-r5 added...
Comment 9 Tim Yamin (RETIRED) gentoo-dev 2004-04-17 06:18:11 UTC 
PPC-sources-2.4.24-r4 added...
PPC-sources-benh-2.4.22-r7 added...
PPC-sources-crypto-2.4.20-r5 added...
PPC-sources-dev-2.4.24-r4 added...
Comment 10 Thierry Carrez (RETIRED) gentoo-dev 2004-04-17 08:05:36 UTC 
I suppose we should issue a common GLSA with #47881 ?
Comment 11 Tim Yamin (RETIRED) gentoo-dev 2004-04-17 08:35:21 UTC 
Yep; I'll issue a common GLSA...

SELinux-sources 2.4.25-r2 added...
UCLinux-sources 2.4.24_p0-r2 added...
Usermode-sources 2.4.24-r3 added...
VServer-sources 2.4.25.1.3.8-r2 added...
Win4Lin-sources 2.4.25-r2 added...
WOLK-sources 4.9-r6 added...
WOLK-sources 4.11-r3 added...
XFS-sources 2.4.24-r5 added...

*** This bug has been marked as a duplicate of 47881 ***