Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 74392 - Kernel Local DoS using __scm_send (CAN-2004-1016)
Summary: Kernel Local DoS using __scm_send (CAN-2004-1016)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
URL: http://isec.pl/vulnerabilities/isec-0...
Whiteboard: [linux <2.6.10]
Keywords:
: 72458 (view as bug list)
Depends on:
Blocks:
 
Reported: 2004-12-14 09:00 UTC by Thierry Carrez (RETIRED)
Modified: 2009-05-03 13:56 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Patch (2.4/2.6) (patch-2.6.x-CAN-2004-1016.patch,2.77 KB, patch)
2004-12-14 09:01 UTC, Thierry Carrez (RETIRED) 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thierry Carrez (RETIRED) gentoo-dev 2004-12-14 09:00:45 UTC 
Synopsis:  Linux kernel scm_send local DoS
Product:   Linux kernel
Version:   2.4 up to and including 2.4.28, 2.6 up to and including 2.6.9
Vendor:    http://www.kernel.org/
URL:       http://isec.pl/vulnerabilities/isec-0019-scm.txt
CVE:       CAN-2004-1016
Author:    Paul Starzetz <ihaquer@isec.pl>
Date:      Dec 14, 2004
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2004-12-14 09:01:58 UTC 
Created attachment 45975 [details, diff]
Patch (2.4/2.6)

Patch for 2.6 tree.
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2004-12-14 09:05:24 UTC 
*** Bug 72458 has been marked as a duplicate of this bug. ***
Comment 3 solar (RETIRED) gentoo-dev 2004-12-14 22:12:31 UTC 
Note: attachment # 45975 [details, diff] patches clean to 2.4.x kernels. 
This code has also been merged upsream in bk
http://kernel.org/pub/linux/kernel/v2.4/snapshots/patch-2.4.29-pre1-bk8.bz2
Comment 4 solar (RETIRED) gentoo-dev 2004-12-14 23:00:57 UTC 
grsec-sources done.
Comment 5 Christian Birchinger (RETIRED) gentoo-dev 2004-12-16 12:10:30 UTC 
sparc-sources 2.4.28-r2 are patched
Comment 6 Adam Mondl (RETIRED) gentoo-dev 2004-12-24 13:11:46 UTC 
Patched in ~x86 hardened-sources-2.4.28-r1
Comment 7 Tim Yamin (RETIRED) gentoo-dev 2004-12-24 16:36:13 UTC 
Ok, all patched - the following externally maintained sources still need patching:

gentoo-dev-sources -- Adding dsd...
hppa(-dev)-sources -- Adding GMSoft...
mips-sources -- Adding `Kumba...
openmosix-sources -- Adding cluster herd...
pegasos-dev-sources -- Adding dholm...
rsbac(-dev)-sources -- Adding kang...
Comment 8 Daniel Drake (RETIRED) gentoo-dev 2004-12-24 19:19:35 UTC 
gentoo-dev-sources was already done :)
Comment 9 David Holm (RETIRED) gentoo-dev 2004-12-25 05:29:33 UTC 
pegasos-dev-sources fixed
Comment 10 Konstantin Arkhipov (RETIRED) gentoo-dev 2004-12-27 01:21:37 UTC 
done in oM6-sources
Comment 11 Guy Martin (RETIRED) gentoo-dev 2004-12-27 06:27:32 UTC 
2.4 is dropped on hppa and I've added 2.6.10-pa1 which doesn't seems affected by this problem.
Comment 12 Joshua Kinard gentoo-dev 2005-01-05 21:21:21 UTC 
mips-sources fixed.
Comment 13 Guillaume Destuynder (RETIRED) gentoo-dev 2005-01-13 16:03:44 UTC 
rsbac-dev-sources fixed
Comment 14 Guillaume Destuynder (RETIRED) gentoo-dev 2005-01-21 05:38:53 UTC 
rsbac-sources 2.4 is also fixed in ~x86
Comment 15 Thierry Carrez (RETIRED) gentoo-dev 2005-03-16 03:16:30 UTC 
Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all
of these...
Comment 16 Tim Yamin (RETIRED) gentoo-dev 2005-03-16 06:08:24 UTC 
All fixed, resolving bug.