Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 172748 (CVE-2007-1353) - Kernel: [Bluetooth] Fix L2CAP and HCI setsockopt() information leaks (CVE-2007-1353)
Summary: Kernel: [Bluetooth] Fix L2CAP and HCI setsockopt() information leaks (CVE-200...
Status: RESOLVED FIXED
Alias: CVE-2007-1353
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: [linux < 2.6.22]
Keywords:
Depends on:
Blocks:
 
Reported: 2007-03-30 06:26 UTC by Sune Kloppenborg Jeppesen
Modified: 2013-09-15 18:50 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen gentoo-dev 2007-03-30 06:26:54 UTC
The L2CAP and HCI setsockopt() implementations have a small information
leak that makes it possible to leak kernel stack memory to userspace.

If the optlen parameter is 0, no data will be copied by copy_from_user(),
but the uninitialized stack buffer will be read and stored later. A call
to getsockopt() can now retrieve the leaked information.

To fix this problem the stack buffer given to copy_from_user() must be
initialized with the current settings.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Comment 1 Lars Hartmann 2007-04-25 19:09:27 UTC
http://secunia.com/advisories/24976/
http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.34.3

The weaknesses are reported in versions prior to 2.4.34.3.

Solution:
Update to version 2.4.34.3.
Comment 2 unnamedrambler 2008-03-08 19:12:43 UTC
According to git commit 0878b6667f28772aa7d6b735abff53efc7bf6d91  2.6.* was also vulnerable. It was patched in 2.6.22.

metadata:
[linux < 2.6.22]
Comment 3 Gustavo F. Padovan 2010-02-02 02:11:54 UTC
We don't have 2.6.22 kernels anymore on portage. Looks we can close this bug.