48050 – sys-kernel/* - infoleak in ext3 and DoS through soundblaster

Bug 48050 - sys-kernel/* - infoleak in ext3 and DoS through soundblaster

Summary: sys-kernel/* - infoleak in ext3 and DoS through soundblaster

Status:	RESOLVED DUPLICATE of bug 47881

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High major
Assignee:	Gentoo Security

URL:	http://www.debian.org/security/2004/d...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-04-16 09:32 UTC by antiher0
Modified:	2011-10-30 22:42 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
ext3 patch - CAN-2004-0177 (jbd-CAN-2004-0177.patch,384 bytes, patch) 2004-04-16 09:33 UTC, antiher0	no flags	Details \| Diff
soundblaster patch - CAN-2004-0178 (sb_audio-CAN-2004-0178.patch,424 bytes, patch) 2004-04-16 09:34 UTC, antiher0	no flags	Details \| Diff
CAN-2004-0010 - ncp_lookup buffer overflow (CAN-2004-0010.patch,5.91 KB, patch) 2004-04-17 02:09 UTC, Tim Yamin (RETIRED)	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description antiher0 2004-04-16 09:32:20 UTC

# CAN-2004-0177
Solar Designer discovered an information leak in the ext3 code of Linux. In a worst case an attacker could read sensitive data such as cryptographic keys which would otherwise never hit disk media. Theodore Ts'o developed a correction for this.

# CAN-2004-0178
Andreas Kies discovered a denial of service condition in the Sound Blaster driver in Linux. He also developed a correction.


Reproducible: Always
Steps to Reproduce:




Fixed in 2.4.26.  Patches included here.  Both apply cleanly to
gentoo-sources-2.4.25-r1.  Haven't tested any others.

Comment 1 antiher0 2004-04-16 09:33:13 UTC

Created attachment 29427 [details, diff]
ext3 patch - CAN-2004-0177

Comment 2 antiher0 2004-04-16 09:34:00 UTC

Created attachment 29428 [details, diff]
soundblaster patch - CAN-2004-0178

Comment 3 Tim Yamin (RETIRED) gentoo-dev

2004-04-17 01:24:31 UTC

[ Noting down that these are both 2.4 only issues ]

Comment 4 Tim Yamin (RETIRED) gentoo-dev

2004-04-17 02:09:39 UTC

Created attachment 29477 [details, diff]
CAN-2004-0010 - ncp_lookup buffer overflow

Comment 5 Tim Yamin (RETIRED) gentoo-dev

2004-04-17 02:10:33 UTC

AA-sources patched and alpha-sources patched and revision bumped [2.4.21-r6] for the three.

Comment 6 Tim Yamin (RETIRED) gentoo-dev

2004-04-17 02:25:36 UTC

CK-Sources patched; the last patch doesn't apply for 2.4.25.

Comment 7 Tim Yamin (RETIRED) gentoo-dev

2004-04-17 04:02:22 UTC

Compaq-sources-2.4.9.32.7-r4 added...
Gaming-sources-2.4.20-r10 added...
Gentoo-sources-2.4.19-r13 added...
Gentoo-sources-2.4.20-r16 added...
Gentoo-sources-2.4.22-r9 added...
Gentoo-sources-2.4.25-r2 added...

Comment 8 Tim Yamin (RETIRED) gentoo-dev

2004-04-17 05:04:32 UTC

GS-sources 2.4.25_pre7-r4 added...
Hardened-sources 2.4.24-r3 added...
IA64-sources 2.4.24-r3 added...
PAC-sources 2.4.23-r5 added...

Comment 9 Tim Yamin (RETIRED) gentoo-dev

2004-04-17 06:18:11 UTC

PPC-sources-2.4.24-r4 added...
PPC-sources-benh-2.4.22-r7 added...
PPC-sources-crypto-2.4.20-r5 added...
PPC-sources-dev-2.4.24-r4 added...

Comment 10 Thierry Carrez (RETIRED) gentoo-dev

2004-04-17 08:05:36 UTC

I suppose we should issue a common GLSA with #47881 ?

Comment 11 Tim Yamin (RETIRED) gentoo-dev

2004-04-17 08:35:21 UTC

Yep; I'll issue a common GLSA...

SELinux-sources 2.4.25-r2 added...
UCLinux-sources 2.4.24_p0-r2 added...
Usermode-sources 2.4.24-r3 added...
VServer-sources 2.4.25.1.3.8-r2 added...
Win4Lin-sources 2.4.25-r2 added...
WOLK-sources 4.9-r6 added...
WOLK-sources 4.11-r3 added...
XFS-sources 2.4.24-r5 added...

*** This bug has been marked as a duplicate of 47881 ***