[kernel-sec-discuss] r1304 - active
jmm at alioth.debian.org
jmm at alioth.debian.org
Tue Mar 3 16:49:46 UTC 2009
Author: jmm
Date: 2009-03-03 16:49:46 +0000 (Tue, 03 Mar 2009)
New Revision: 1304
Added:
active/CVE-2009-0675
active/CVE-2009-0676
active/CVE-2009-0745
active/CVE-2009-0746
active/CVE-2009-0747
active/CVE-2009-0748
Log:
fix new kernel issues
Added: active/CVE-2009-0675
===================================================================
--- active/CVE-2009-0675 (rev 0)
+++ active/CVE-2009-0675 2009-03-03 16:49:46 UTC (rev 1304)
@@ -0,0 +1,29 @@
+Candidate: CVE-2009-0675
+Description:
+ The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux
+ kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when
+ the CAP_NET_ADMIN capability is absent, instead of when this
+ capability is present, which allows local users to reset the
+ driver statistics, related to an "inverted logic" issue.
+References:
+ URL:http://lists.openwall.net/netdev/2009/01/28/90
+ MLIST:[oss-security] 20090220 CVE request: kernel: skfp_ioctl inverted logic flaw
+ URL:http://openwall.com/lists/oss-security/2009/02/20/2
+ CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c25b9abbc2c2c0da88e180c3933d6e773245815a
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.6
+ CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=486534
+ SECUNIA:33938
+ URL:http://secunia.com/advisories/33938
+Ubuntu-Description:
+Notes:
+ jmm> Well, that's not exactly earth-shattering...
+Bugs:
+upstream: released (2.6.28.6)
+linux-2.6: needed
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Added: active/CVE-2009-0676
===================================================================
--- active/CVE-2009-0676 (rev 0)
+++ active/CVE-2009-0676 2009-03-03 16:49:46 UTC (rev 1304)
@@ -0,0 +1,27 @@
+Candidate: CVE-2009-0676
+Description:
+ The sock_getsockopt function in net/core/sock.c in the Linux kernel
+ before 2.6.28.6 does not initialize a certain structure member, which
+ allows local users to obtain potentially sensitive information from
+ kernel memory via an SO_BSDCOMPAT getsockopt request.
+References:
+ MLIST:[linux-kernel] 20090212 [PATCH] 4 bytes kernel memory disclosure in SO_BSDCOMPAT gsopt try #2
+ URL:http://lkml.org/lkml/2009/2/12/123
+ MLIST:[oss-security] 20090220 CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt
+ URL:http://openwall.com/lists/oss-security/2009/02/20/1
+ CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=df0bca049d01c0ee94afb7cd5dfd959541e6c8da
+ CONFIRM:http://patchwork.kernel.org/patch/6816/
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.6
+ CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=486305
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.28.6)
+linux-2.6: needed
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Added: active/CVE-2009-0745
===================================================================
--- active/CVE-2009-0745 (rev 0)
+++ active/CVE-2009-0745 2009-03-03 16:49:46 UTC (rev 1304)
@@ -0,0 +1,29 @@
+Candidate: CVE-2009-0745
+Description:
+ The ext4_group_add function in fs/ext4/resize.c in the Linux
+ kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does
+ not properly initialize the group descriptor during a resize
+ (aka resize2fs) operation, which might allow local users to
+ cause a denial of service (OOPS) by arranging for crafted
+ values to be present in available memory.
+References:
+ http://bugzilla.kernel.org/show_bug.cgi?id=12433
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fdff73f094e7220602cc3f8959c7230517976412
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7
+Ubuntu-Description:
+Notes:
+ jmm> ext4 is marked as experimental and the vulnerability fairly
+ jmm> obscure, I don't think we should spend energy on this. Dann,
+ jmm> if you don't object I'll mark this as "unimportant" in the
+ jmm> security tracker
+Bugs:
+upstream: released (2.6.28.7)
+linux-2.6: needed
+2.6.18-etch-security: N/A
+2.6.24-etch-security:
+2.6.26-lenny-security:
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Added: active/CVE-2009-0746
===================================================================
--- active/CVE-2009-0746 (rev 0)
+++ active/CVE-2009-0746 2009-03-03 16:49:46 UTC (rev 1304)
@@ -0,0 +1,27 @@
+Candidate: CVE-2009-0746
+Description:
+ The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel
+ 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate
+ a certain rec_len field, which allows local users to cause a denial
+ of service (OOPS) by attempting to mount a crafted ext4 filesystem.
+References:
+ http://bugzilla.kernel.org/show_bug.cgi?id=12430
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e6b8bc09ba2075cd91fbffefcd2778b1a00bd76f
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7
+Ubuntu-Description:
+Notes:
+ jmm> ext4 is marked as experimental and the vulnerability fairly
+ jmm> obscure, I don't think we should spend energy on this. Dann,
+ jmm> if you don't object I'll mark this as "unimportant" in the
+ jmm> security tracker
+Bugs:
+upstream: released (2.6.28.7)
+linux-2.6: needed
+2.6.18-etch-security: N/A
+2.6.24-etch-security:
+2.6.26-lenny-security:
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Added: active/CVE-2009-0747
===================================================================
--- active/CVE-2009-0747 (rev 0)
+++ active/CVE-2009-0747 2009-03-03 16:49:46 UTC (rev 1304)
@@ -0,0 +1,29 @@
+Candidate: CVE-2009-0747
+Description:
+ The ext4_isize function in fs/ext4/ext4.h in the Linux kernel
+ 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the
+ i_size_high structure member during operations on arbitrary
+ types of files, which allows local users to cause a denial of
+ service (CPU consumption and error-message flood) by
+ attempting to mount a crafted ext4 filesystem.
+References:
+ http://bugzilla.kernel.org/show_bug.cgi?id=12375
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=06a279d636734da32bb62dd2f7b0ade666f65d7c
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7
+Ubuntu-Description:
+Notes:
+ jmm> ext4 is marked as experimental and the vulnerability fairly
+ jmm> obscure, I don't think we should spend energy on this. Dann,
+ jmm> if you don't object I'll mark this as "unimportant" in the
+ jmm> security tracker
+Bugs:
+upstream: released (2.6.28.7)
+linux-2.6: needed
+2.6.18-etch-security: N/A
+2.6.24-etch-security:
+2.6.26-lenny-security:
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Added: active/CVE-2009-0748
===================================================================
--- active/CVE-2009-0748 (rev 0)
+++ active/CVE-2009-0748 2009-03-03 16:49:46 UTC (rev 1304)
@@ -0,0 +1,24 @@
+Candidate: CVE-2009-0748
+Description:
+ The ext4_fill_super function in fs/ext4/super.c in the Linux kernel
+ 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate
+ the superblock configuration, which allows local users to cause a
+ denial of service (NULL pointer dereference and OOPS) by attempting
+ to mount a crafted ext4 filesystem.
+References:
+Ubuntu-Description:
+Notes:
+ jmm> ext4 is marked as experimental and the vulnerability fairly
+ jmm> obscure, I don't think we should spend energy on this. Dann,
+ jmm> if you don't object I'll mark this as "unimportant" in the
+ jmm> security tracker
+Bugs:
+upstream: released (2.6.28.7)
+linux-2.6: needed
+2.6.18-etch-security: N/A
+2.6.24-etch-security:
+2.6.26-lenny-security:
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
More information about the kernel-sec-discuss
mailing list