Bug#306137: marked as done (CAN-2005-0867: Integer overflow in sysfs_write_file())

Wed, 04 May 2005 06:25:27 -0700 

Your message dated Wed, 4 May 2005 11:17:19 +1000
with message-id <[EMAIL PROTECTED]>
and subject line Kernel security issues
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 24 Apr 2005 13:11:09 +0000
>From [EMAIL PROTECTED] Sun Apr 24 06:11:09 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org (vserver151.vserver151.serverflex.de) 
[193.22.164.111] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DPgtB-0006Zc-00; Sun, 24 Apr 2005 06:11:09 -0700
Received: from p548964d2.dip.t-dialin.net ([84.137.100.210] 
helo=localhost.localdomain)
        by vserver151.vserver151.serverflex.de with esmtpsa 
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
        (Exim 4.50)
        id 1DPgt9-0002Nh-6Z
        for [EMAIL PROTECTED]; Sun, 24 Apr 2005 15:11:07 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.50)
        id 1DPgt1-0002bi-J5; Sun, 24 Apr 2005 15:10:59 +0200
Content-Type: multipart/mixed; boundary="===============0894555148=="
MIME-Version: 1.0
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: CAN-2005-0867: Integer overflow in sysfs_write_file()
X-Mailer: reportbug 3.9
Date: Sun, 24 Apr 2005 15:10:59 +0200
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 84.137.100.210
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond 
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

This is a multi-part MIME message sent by reportbug.

--===============0894555148==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Package: kernel-source-2.6.8
Severity: important
Tags: security patch

CAN-2005-0867 describes an integer overflow in sysfs_write_file() that
could be exploited to overwrite kernel memory.
I've attached the patch from Alexander Nyberg as found in the Ubuntu
package.

2.4 is not affected.

Cheers,
        Moritz

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages kernel-source-2.6.8 depends on:
ii  binutils                      2.15-5     The GNU assembler, linker and bina
ii  bzip2                         1.0.2-5    high-quality block-sorting file co
ii  coreutils [fileutils]         5.2.1-2    The GNU core utilities

--===============0894555148==
Content-Type: application/x-shellscript
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="sysfs-write-file.dpatch"

IyEgL2Jpbi9zaCAtZSAKIyMgPFBBVENITkFNRT4uZHBhdGNoIGJ5IDxQQVRDSF9BVVRIT1JARU1B
ST4KIyMKIyMgQWxsIGxpbmVzIGJlZ2lubmluZyB3aXRoIGAjIyBEUDonIGFyZSBhIGRlc2NyaXB0
aW9uIG9mIHRoZSBwYXRjaC4KIyMgRFA6IERlc2NyaXB0aW9uOiBGaXhlZCBzaWduZWRuZXNzIHBy
b2JsZW0gaW4gc3lzZnMuCiMjIERQOiBQYXRjaCBhdXRob3I6IEFsZXhhbmRlciBOeWJlcmcgPGFs
ZXhuQGRzdi5zdS5zZT4KIyMgRFA6IFVwc3RyZWFtIHN0YXR1czogYmFja3BvcnQKCi4gJChkaXJu
YW1lICQwKS9EUEFUQ0gKCkBEUEFUQ0hACmRpZmYgLXVyTiB4L2ZzL3N5c2ZzL2ZpbGUuYyB5L2Zz
L3N5c2ZzL2ZpbGUuYwotLS0geC9mcy9zeXNmcy9maWxlLmMJMjAwNC0wOC0yNCAxNzoxNToyOC4w
MDAwMDAwMDAgKzEwMDAKKysrIHkvZnMvc3lzZnMvZmlsZS5jCTIwMDUtMDQtMDUgMTk6NTQ6MzEu
MDAwMDAwMDAwICsxMDAwCkBAIC0yMjgsMTMgKzIyOCwxNCBAQAogc3lzZnNfd3JpdGVfZmlsZShz
dHJ1Y3QgZmlsZSAqZmlsZSwgY29uc3QgY2hhciBfX3VzZXIgKmJ1Ziwgc2l6ZV90IGNvdW50LCBs
b2ZmX3QgKnBwb3MpCiB7CiAJc3RydWN0IHN5c2ZzX2J1ZmZlciAqIGJ1ZmZlciA9IGZpbGUtPnBy
aXZhdGVfZGF0YTsKKwlzc2l6ZV90IGxlbjsKIAotCWNvdW50ID0gZmlsbF93cml0ZV9idWZmZXIo
YnVmZmVyLGJ1Zixjb3VudCk7Ci0JaWYgKGNvdW50ID4gMCkKLQkJY291bnQgPSBmbHVzaF93cml0
ZV9idWZmZXIoZmlsZSxidWZmZXIsY291bnQpOwotCWlmIChjb3VudCA+IDApCi0JCSpwcG9zICs9
IGNvdW50OwotCXJldHVybiBjb3VudDsKKwlsZW4gPSBmaWxsX3dyaXRlX2J1ZmZlcihidWZmZXIs
IGJ1ZiwgY291bnQpOworCWlmIChsZW4gPiAwKQorCQlsZW4gPSBmbHVzaF93cml0ZV9idWZmZXIo
ZmlsZSwgYnVmZmVyLCBsZW4pOworCWlmIChsZW4gPiAwKQorCQkqcHBvcyArPSBsZW47CisJcmV0
dXJuIGxlbjsKIH0KIAogc3RhdGljIGludCBjaGVja19wZXJtKHN0cnVjdCBpbm9kZSAqIGlub2Rl
LCBzdHJ1Y3QgZmlsZSAqIGZpbGUpCg==

--===============0894555148==--

---------------------------------------
Received: (at 306137-done) by bugs.debian.org; 4 May 2005 13:06:02 +0000
>From [EMAIL PROTECTED] Wed May 04 06:06:02 2005
Return-path: <[EMAIL PROTECTED]>
Received: from stephanie.vergenet.net [203.222.130.46] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DTJZh-0006c2-00; Wed, 04 May 2005 06:06:02 -0700
Received: from stephanie.vergenet.net (stephanie [127.0.0.1])
        by stephanie.vergenet.net (8.12.3/8.12.3) with ESMTP id j44D3cAB026199;
        Wed, 4 May 2005 23:03:38 +1000
Received: (from [EMAIL PROTECTED])
        by stephanie.vergenet.net (8.12.3/8.12.3/Debian-7.1) id j44D3aK8026195;
        Wed, 4 May 2005 23:03:36 +1000
Date: Wed, 4 May 2005 11:17:19 +1000
From: Horms <[EMAIL PROTECTED]>
To: Moritz Muehlenhoff <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: Kernel security issues
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
X-Cluestick: seven
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-2.4 required=4.0 tests=BAYES_00,DATE_IN_PAST_06_12 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

The Debian Packages for 2.6.8 and 2.6.11 do not appear to 
have this bug. 2.4.27 does not include sysfs, and thus
also does not have this bug.

-- 
Horms


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to