Bug#306137: marked as done (CAN-2005-0867: Integer overflow in sysfs_write_file())

To: Horms <horms@debian.org>
Cc: Debian kernel team <debian-kernel@lists.debian.org>
Subject: Bug#306137: marked as done (CAN-2005-0867: Integer overflow in sysfs_write_file())
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 04 May 2005 06:18:34 -0700
Message-id: <[🔎] handler.306137.D306137.111521196225444.ackdone@bugs.debian.org>
In-reply-to: <20050504011717.GA8113@verge.net.au>
References: <20050504011717.GA8113@verge.net.au> <E1DPgt1-0002bi-J5@localhost.localdomain>

Your message dated Wed, 4 May 2005 11:17:19 +1000
with message-id <20050504011717.GA8113@verge.net.au>
and subject line Kernel security issues
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 24 Apr 2005 13:11:09 +0000
>From jmm@inutil.org Sun Apr 24 06:11:09 2005
Return-path: <jmm@inutil.org>
Received: from inutil.org (vserver151.vserver151.serverflex.de) [193.22.164.111] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1DPgtB-0006Zc-00; Sun, 24 Apr 2005 06:11:09 -0700
Received: from p548964d2.dip.t-dialin.net ([84.137.100.210] helo=localhost.localdomain)
	by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32)
	(Exim 4.50)
	id 1DPgt9-0002Nh-6Z
	for submit@bugs.debian.org; Sun, 24 Apr 2005 15:11:07 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.50)
	id 1DPgt1-0002bi-J5; Sun, 24 Apr 2005 15:10:59 +0200
Content-Type: multipart/mixed; boundary="===============0894555148=="
MIME-Version: 1.0
From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CAN-2005-0867: Integer overflow in sysfs_write_file()
X-Mailer: reportbug 3.9
Date: Sun, 24 Apr 2005 15:10:59 +0200
Message-Id: <E1DPgt1-0002bi-J5@localhost.localdomain>
X-SA-Exim-Connect-IP: 84.137.100.210
X-SA-Exim-Mail-From: jmm@inutil.org
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

This is a multi-part MIME message sent by reportbug.

--===============0894555148==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Package: kernel-source-2.6.8
Severity: important
Tags: security patch

CAN-2005-0867 describes an integer overflow in sysfs_write_file() that
could be exploited to overwrite kernel memory.
I've attached the patch from Alexander Nyberg as found in the Ubuntu
package.

2.4 is not affected.

Cheers,
        Moritz

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)

Versions of packages kernel-source-2.6.8 depends on:
ii  binutils                      2.15-5     The GNU assembler, linker and bina
ii  bzip2                         1.0.2-5    high-quality block-sorting file co
ii  coreutils [fileutils]         5.2.1-2    The GNU core utilities

--===============0894555148==
Content-Type: application/x-shellscript
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="sysfs-write-file.dpatch"

IyEgL2Jpbi9zaCAtZSAKIyMgPFBBVENITkFNRT4uZHBhdGNoIGJ5IDxQQVRDSF9BVVRIT1JARU1B
ST4KIyMKIyMgQWxsIGxpbmVzIGJlZ2lubmluZyB3aXRoIGAjIyBEUDonIGFyZSBhIGRlc2NyaXB0
aW9uIG9mIHRoZSBwYXRjaC4KIyMgRFA6IERlc2NyaXB0aW9uOiBGaXhlZCBzaWduZWRuZXNzIHBy
b2JsZW0gaW4gc3lzZnMuCiMjIERQOiBQYXRjaCBhdXRob3I6IEFsZXhhbmRlciBOeWJlcmcgPGFs
ZXhuQGRzdi5zdS5zZT4KIyMgRFA6IFVwc3RyZWFtIHN0YXR1czogYmFja3BvcnQKCi4gJChkaXJu
YW1lICQwKS9EUEFUQ0gKCkBEUEFUQ0hACmRpZmYgLXVyTiB4L2ZzL3N5c2ZzL2ZpbGUuYyB5L2Zz
L3N5c2ZzL2ZpbGUuYwotLS0geC9mcy9zeXNmcy9maWxlLmMJMjAwNC0wOC0yNCAxNzoxNToyOC4w
MDAwMDAwMDAgKzEwMDAKKysrIHkvZnMvc3lzZnMvZmlsZS5jCTIwMDUtMDQtMDUgMTk6NTQ6MzEu
MDAwMDAwMDAwICsxMDAwCkBAIC0yMjgsMTMgKzIyOCwxNCBAQAogc3lzZnNfd3JpdGVfZmlsZShz
dHJ1Y3QgZmlsZSAqZmlsZSwgY29uc3QgY2hhciBfX3VzZXIgKmJ1Ziwgc2l6ZV90IGNvdW50LCBs
b2ZmX3QgKnBwb3MpCiB7CiAJc3RydWN0IHN5c2ZzX2J1ZmZlciAqIGJ1ZmZlciA9IGZpbGUtPnBy
aXZhdGVfZGF0YTsKKwlzc2l6ZV90IGxlbjsKIAotCWNvdW50ID0gZmlsbF93cml0ZV9idWZmZXIo
YnVmZmVyLGJ1Zixjb3VudCk7Ci0JaWYgKGNvdW50ID4gMCkKLQkJY291bnQgPSBmbHVzaF93cml0
ZV9idWZmZXIoZmlsZSxidWZmZXIsY291bnQpOwotCWlmIChjb3VudCA+IDApCi0JCSpwcG9zICs9
IGNvdW50OwotCXJldHVybiBjb3VudDsKKwlsZW4gPSBmaWxsX3dyaXRlX2J1ZmZlcihidWZmZXIs
IGJ1ZiwgY291bnQpOworCWlmIChsZW4gPiAwKQorCQlsZW4gPSBmbHVzaF93cml0ZV9idWZmZXIo
ZmlsZSwgYnVmZmVyLCBsZW4pOworCWlmIChsZW4gPiAwKQorCQkqcHBvcyArPSBsZW47CisJcmV0
dXJuIGxlbjsKIH0KIAogc3RhdGljIGludCBjaGVja19wZXJtKHN0cnVjdCBpbm9kZSAqIGlub2Rl
LCBzdHJ1Y3QgZmlsZSAqIGZpbGUpCg==

--===============0894555148==--

---------------------------------------
Received: (at 306137-done) by bugs.debian.org; 4 May 2005 13:06:02 +0000
>From horms@stephanie.vergenet.net Wed May 04 06:06:02 2005
Return-path: <horms@stephanie.vergenet.net>
Received: from stephanie.vergenet.net [203.222.130.46] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1DTJZh-0006c2-00; Wed, 04 May 2005 06:06:02 -0700
Received: from stephanie.vergenet.net (stephanie [127.0.0.1])
	by stephanie.vergenet.net (8.12.3/8.12.3) with ESMTP id j44D3cAB026199;
	Wed, 4 May 2005 23:03:38 +1000
Received: (from horms@localhost)
	by stephanie.vergenet.net (8.12.3/8.12.3/Debian-7.1) id j44D3aK8026195;
	Wed, 4 May 2005 23:03:36 +1000
Date: Wed, 4 May 2005 11:17:19 +1000
From: Horms <horms@debian.org>
To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: 306137-done@bugs.debian.org
Subject: Re: Kernel security issues
Message-ID: <20050504011717.GA8113@verge.net.au>
References: <20050428174905.GA9245@informatik.uni-bremen.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20050428174905.GA9245@informatik.uni-bremen.de>
X-Cluestick: seven
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: 306137-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-2.4 required=4.0 tests=BAYES_00,DATE_IN_PAST_06_12 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

The Debian Packages for 2.6.8 and 2.6.11 do not appear to 
have this bug. 2.4.27 does not include sysfs, and thus
also does not have this bug.

-- 
Horms

Reply to:

Prev by Date: Re: Kernel compiling....
Next by Date: Re: Kernel compiling....
Previous by thread: Re: Kernel compiling....
Next by thread: Bug#307703: kernel-image-2.6.8-powerpc: Hang at the initrd stage - never finish boot
Index(es):
- Date
- Thread