Re: Bug#564079: Is this really a screensaver issue?
Hey, * Bastian Blank wa...@debian.org [2010-01-26 14:44]: On Tue, Jan 26, 2010 at 11:21:56AM +0100, Josselin Mouette wrote: Le samedi 23 janvier 2010 à 11:37 +0100, Guido Günther a écrit : Should this really be handled in the screensaver? The user can also kill other processes during boot like accounting daemons and therefore compromise security. The only fix is to disable this feature. I fully concur. Such a ???feature??? should be disabled by default, and this has to be done in the kernel packages. The OOM killer can always be forced with normal processes as long as over-commitment is enabled. So it is never save to add security measures within processes that can be killed seperately. Of course but this requires either a bug in another application that can be used remotely or access to the system e.g. via an own account. I???d appreciate if we could have some input from the kernel maintainers. Someone with access to the console have several attack vectors available. True, but this one is trivial to exploit and is also fairly easy to prevent so why stick with it? Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0 For security reasons, all text in this mail is double-rot13 encrypted. pgpslxfd4Pocn.pgp Description: PGP signature
Bug#550534: firmware-iwlwifi: iwlagn 0000:03:00.0: Microcode SW error detected. Restarting 0x82000000
severity 550534 grave thanks Hi, I have similar issues using Intel Corporation PRO/Wireless 4965 AG or AGN [Kedron] Network Connection (rev 61). From dmesg: [ 105.305807] iwlagn :03:00.0: firmware: requesting iwlwifi-4965-2.ucode [ 105.390624] iwlagn :03:00.0: loaded firmware version 228.61.2.24 [ 105.606288] Registered led device: iwl-phy0::radio [ 105.606341] Registered led device: iwl-phy0::assoc [ 105.606390] Registered led device: iwl-phy0::RX [ 105.606433] Registered led device: iwl-phy0::TX [ 105.641976] ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 108.967393] wlan0: direct probe to AP 00:23:04:c8:9f:f1 try 1 [ 109.164101] wlan0: direct probe to AP 00:23:04:c8:9f:f1 try 2 [ 109.364114] wlan0: direct probe to AP 00:23:04:c8:9f:f1 try 3 [ 109.564105] wlan0: direct probe to AP 00:23:04:c8:9f:f1 timed out [ 116.151242] wlan0: direct probe to AP 00:23:04:c8:9f:f3 try 1 [ 116.348119] wlan0: direct probe to AP 00:23:04:c8:9f:f3 try 2 [ 116.548086] wlan0: direct probe to AP 00:23:04:c8:9f:f3 try 3 [ 116.748076] wlan0: direct probe to AP 00:23:04:c8:9f:f3 timed out [ 125.380828] wlan0: authenticate with AP 00:23:04:c8:9f:fc [ 125.381485] wlan0: authenticated [ 125.381493] wlan0: associate with AP 00:23:04:c8:9f:fc [ 125.384076] wlan0: RX AssocResp from 00:23:04:c8:9f:fc (capab=0x111 status=0 aid=1) [ 125.384084] wlan0: associated [ 125.399718] iwlagn :03:00.0: Microcode SW error detected. Restarting 0x8200. [ 125.399741] iwlagn :03:00.0: Error setting new RXON (-5) [ 125.401363] ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 125.642397] Registered led device: iwl-phy0::radio [ 125.642448] Registered led device: iwl-phy0::assoc [ 125.642492] Registered led device: iwl-phy0::RX [ 125.642543] Registered led device: iwl-phy0::TX [ 125.681093] iwlagn :03:00.0: Microcode SW error detected. Restarting 0x8200. [ 125.681127] iwlagn :03:00.0: Error setting new RXON (-5) [ 126.180084] iwlagn :03:00.0: Error sending REPLY_TX_PWR_TABLE_CMD: time out after 500ms. [ 126.418310] Registered led device: iwl-phy0::radio [ 126.418359] Registered led device: iwl-phy0::assoc [ 126.418402] Registered led device: iwl-phy0::RX [ 126.418445] Registered led device: iwl-phy0::TX [ 126.449857] cfg80211: Calling CRDA for country: DE [ 126.452479] iwlagn :03:00.0: Microcode SW error detected. Restarting 0x8200. [ 126.452504] iwlagn :03:00.0: Error setting new RXON (-5) [ 126.694364] Registered led device: iwl-phy0::radio [ 126.694413] Registered led device: iwl-phy0::assoc [ 126.694456] Registered led device: iwl-phy0::RX [ 126.694500] Registered led device: iwl-phy0::TX [ 126.731116] iwlagn :03:00.0: Microcode SW error detected. Restarting 0x8200. [ 127.228106] iwlagn :03:00.0: Error sending REPLY_PHY_CALIBRATION_CMD: time out after 500ms. [ 127.228115] iwlagn :03:00.0: Could not send REPLY_PHY_CALIBRATION_CMD [ 127.469808] iwlagn :03:00.0: Microcode SW error detected. Restarting 0x8200. [ 127.469873] iwlagn :03:00.0: Error setting new RXON (-5) [ 127.968097] iwlagn :03:00.0: Error sending REPLY_CT_KILL_CONFIG_CMD: time out after 500ms. [ 127.968107] iwlagn :03:00.0: REPLY_CT_KILL_CONFIG_CMD failed This happens on 2.6.31-1-amd64 with the latest firmware package. Wireless is currently not working at all with this kernel and firmwared combination - Raising severity. Please adapt if you disagree. Cheers Nico -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#529326: linux-2.6: CVE-2009-0787 information disclosure in ecryptfs
Hi, * dann frazier da...@dannf.org [2009-05-18 23:19]: On Mon, May 18, 2009 at 02:20:20PM -0400, Michael S. Gilbert wrote: On Mon, 18 May 2009 11:52:04 -0600, dann frazier wrote: On Mon, May 18, 2009 at 01:28:56PM -0400, Michael S. Gilbert wrote: [...] This issue supposedly only affected 2.6.28 - do you have information to the contrary? yes, i have studied the code/patches for this issue. the 2.6.26 ecryptfs kernel code is identical to that of the affected 2.6.28 code. hence, it is my assessment that 2.6.26 is vulnerable. i anticipate that this also affects etch-and-a-half (2.6.24) as well, but i have not checked yet. My understanding is that this issue was introduced by 87b811c (in 2.6.28), which resulted in only a single page getting allocated for the headers even though the size of the headers maybe the page size. Yes and you are correct with this, no other version included the vulnerable code. Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpiFLvSwMX01.pgp Description: PGP signature
Bug#496410: The possibility of attack with the help of symlinks in some Debian packages
Hi, the following two additional CVE ids have been assigned to symlink issues in cman redhat-cluster: CVE-2008-4579[0]: | The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) | fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, | allows local users to append to arbitrary files via a symlink attack | on the apclog temporary file. CVE-2008-4580[1]: | fence_manual in fence allows local users to modify arbitrary files via | a symlink attack on the fence_manual.fifo temporary file. [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4579 http://security-tracker.debian.net/tracker/CVE-2008-4579 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4580 http://security-tracker.debian.net/tracker/CVE-2008-4580 Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgp1gd75XlpYb.pgp Description: PGP signature
Bug#485944: linux-2.6: CVE-2008-1673 problem when validating length values during decoding of ASN.1 BER data
Package: linux-2.6 Version: 2.6.22-6.lenny1 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities Exposures) id was published for linux-2.6. CVE-2008-1673[0]: | The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 | and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic | modules; and (b) the gxsnmp package; does not properly validate length | values during decoding of ASN.1 BER data, which allows remote | attackers to cause a denial of service (crash) or execute arbitrary | code via (1) a length greater than the working buffer, which can lead | to an unspecified overflow; (2) an oid length of zero, which can lead | to an off-by-one error; or (3) an indefinite length for a primitive | encoding. Patches are linked from the mitre site but I guess you will update to 2.6.25.5 anyway. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1673 http://security-tracker.debian.net/tracker/CVE-2008-1673 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpCmvBsH4REq.pgp Description: PGP signature
Bug#485944: retitle 485944 to linux-2.6: CVE-2008-1673 problem when validating length values during decoding of ASN.1 BER data
# Automatically generated email from bts, devscripts version 2.10.29 # args retitled wrong bug retitle 485944 linux-2.6: CVE-2008-1673 problem when validating length values during decoding of ASN.1 BER data -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#481195: linux-2.6: CVE-2008-2148 local denial of service
Package: linux-2.6 Version: 2.6.22-1 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities Exposures) id was published for linux-2.6. CVE-2008-2148[0]: | The utimensat system call in Linux kernel 2.6.22 and other versions | before 2.6.25.3 does not check file permissions when certain UTIME_NOW | and UTIME_OMIT combinations are used, which allows local users to | modify file times of arbitrary files, possibly leading to a denial of | service. Upstream patch: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=f9dfda1ad0637a89a64d001cf81478bd8d9b6306 Stable is not affected by this. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2148 http://security-tracker.debian.net/tracker/CVE-2008-2148 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgp05JUQyrSDx.pgp Description: PGP signature
Bug#446073: CVE-2007-3843 possible spoofing of CIFS traffic
Package: linux-2.6 Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for linux-2.6. CVE-2007-3843[0]: | The Linux kernel before 2.6.23-rc1 checks the wrong global variable | for the CIFS sec mount option, which might allow remote attackers to | spoof CIFS network traffic that the client configured for security | signatures, as demonstrated by lack of signing despite sec=ntlmv2i in | a SetupAndX request. If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3843 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpn3YECGy5xd.pgp Description: PGP signature
Bug#444571: CVE-2007-4571 sensitive information disclosure
Package: linux-2.6 Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for linux-2.6. CVE-2007-4571[0]: | The snd_mem_proc_read function in sound/core/memalloc.c in the | Advanced Linux Sound Architecture (ALSA) in the Linux kernel before | 2.6.22.8 does not return the correct write size, which allows local | users to obtain sensitive information (kernel memory contents) via a | small count argument, as demonstrated by multiple reads of | /proc/driver/snd-page-alloc. If you fix this vulnerability please also include the CVE id in your changelog entry. You can find a fix on: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212 For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4571 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpZrwsENFcca.pgp Description: PGP signature
Bug#443694: CVE-2007-4308 missing permissions check for ioctls in aacraid
Package: linux-2.6 Version: 2.6.22-4 Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for linux-2.6. CVE-2007-4308[0]: | The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI | layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do | not check permissions for ioctls, which might allow local users to | cause a denial of service or gain privileges. If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4308 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpM0xqkgkCOK.pgp Description: PGP signature
Bug#442245: CVE-2007-4849 insecure permission storage in JFFS2
Package: linux-2.6 Severity: normal Tags: security Hi, a CVE has been issued against JFFS2 which is included in the linux kernel. CVE-2007-4849[0]: JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly other Linux systems, when POSIX ACL support is enabled, does not properly store permissions during (1) inode creation or (2) ACL setting, which might allow local users to access restricted files or directories after a remount of a filesystem, related to legacy modes and an inconsistency between dentry permissions and inode permissions. If you fix this issue please include the CVE id in the changelog. [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4849 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpl6CgpfxSYD.pgp Description: PGP signature
Bug#356387: ipw2100 does not work anylonger
Package: linux-image-2.6.15-1-686 Version: 2.6.15-8 Severity: important Hi, I used ipw2100 wlan driver module in the past with vanilla kernels. Lately i switched to debian kernels. Ipw2100 is included in this kernel vision, same for ieee80211 stuff. the ipw2100 module is loaded correctly, but if I try to set some things I get the following: iwconfig eth1 essid any Error for wireless request Set ESSID (8B1A) : SET failed on device eth1 ; Operation not supported. Same thing for other iwconfig options. The firmware is installed: ls /usr/lib/hotplug/firmware/ ipw2100-1.3.fw ipw2100-1.3-i.fw ipw2100-1.3-p.fw LICENSE I dont know what happens here, it worked with non-debian-kernels but I want to use them. If you need further information or something like this, let me know. Kind regards Nico -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15-1-686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages linux-image-2.6.15-1-686 depends on: ii initramfs-tools [linux-initra 0.53c tools for generating an initramfs ii module-init-tools 3.2.2-2tools for managing Linux kernel mo Versions of packages linux-image-2.6.15-1-686 recommends: pn libc6-i686none (no description available) -- debconf information: linux-image-2.6.15-1-686/preinst/abort-install-2.6.15-1-686: linux-image-2.6.15-1-686/preinst/abort-overwrite-2.6.15-1-686: linux-image-2.6.15-1-686/prerm/would-invalidate-boot-loader-2.6.15-1-686: true linux-image-2.6.15-1-686/preinst/bootloader-initrd-2.6.15-1-686: true linux-image-2.6.15-1-686/postinst/kimage-is-a-directory: linux-image-2.6.15-1-686/preinst/lilo-initrd-2.6.15-1-686: true linux-image-2.6.15-1-686/postinst/old-initrd-link-2.6.15-1-686: true linux-image-2.6.15-1-686/postinst/old-dir-initrd-link-2.6.15-1-686: true linux-image-2.6.15-1-686/preinst/overwriting-modules-2.6.15-1-686: true linux-image-2.6.15-1-686/postinst/depmod-error-initrd-2.6.15-1-686: false * linux-image-2.6.15-1-686/preinst/already-running-this-2.6.15-1-686: linux-image-2.6.15-1-686/preinst/initrd-2.6.15-1-686: linux-image-2.6.15-1-686/postinst/depmod-error-2.6.15-1-686: false linux-image-2.6.15-1-686/postinst/bootloader-error-2.6.15-1-686: linux-image-2.6.15-1-686/postinst/bootloader-test-error-2.6.15-1-686: linux-image-2.6.15-1-686/preinst/lilo-has-ramdisk: linux-image-2.6.15-1-686/postinst/create-kimage-link-2.6.15-1-686: true linux-image-2.6.15-1-686/prerm/removing-running-kernel-2.6.15-1-686: true linux-image-2.6.15-1-686/preinst/failed-to-move-modules-2.6.15-1-686: linux-image-2.6.15-1-686/preinst/elilo-initrd-2.6.15-1-686: true linux-image-2.6.15-1-686/postinst/old-system-map-link-2.6.15-1-686: true -- Nico Golde - JAB: [EMAIL PROTECTED] | GPG: 0x73647CFF http://www.ngolde.de | http://www.muttng.org | http://grml.org Forget about that mouse with 3/4/5 buttons - gimme a keyboard with 103/104/105 keys! signature.asc Description: Digital signature
config.gz files
Hi, why the debian kernel-packages don't provide the config file via /proc? Please CC me, I am not on this list. Regards Nico -- Nico Golde - [EMAIL PROTECTED] | GPG: 1024D/73647CFF http://www.ngolde.de | http://www.muttng.org | http://grml.org VIM has two modes - the one in which it beeps and the one in which it doesn't -- encrypted mail preferred pgp8KOdyAVqXY.pgp Description: PGP signature
Re: config.gz files
Hello Matus, * Matus UHLAR - fantomas [EMAIL PROTECTED] [2005-05-06 17:45]: On 06.05 10:42, Nico Golde wrote: why the debian kernel-packages don't provide the config file via /proc? For 2.4 kernels, it requires patch that is not in debian distribution. Shure. Sorry, I forgot to mention that its a 2.6.x Also, as some people already mentioned it, debian kernels come with /boot/config-version, so you do not need to have this (even if you loose the file, you may extract it from the package, and it doesn't make your kernel bigger. Ok good idea. Can you please document it somewhere? [...] It seems that you are using mutt. Please set up 'lists' and 'subscribe' properly for debian mailing lists. I use mutt-ng :) But my configs are not wrong. I will not edit my config file for one-three mails to this list, sorry :) Regards Nico -- Nico Golde - [EMAIL PROTECTED] | GPG: 1024D/73647CFF http://www.ngolde.de | http://www.muttng.org | http://grml.org VIM has two modes - the one in which it beeps and the one in which it doesn't -- encrypted mail preferred pgp7mpvECjkD6.pgp Description: PGP signature
