[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#296897: CAN-2005-0532: Buffer overflow in reiserfs_copy_from_user... on 64bit arches

Package: kernel-source-2.6.8
Version: 2.6.8-13
Severity: critical
Tags: security
Justification: root security hole

Cite:
"The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for Linux kernel
2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit architectures, may allow local
users to trigger a buffer overflow as a result of casting discrepancies between size_t and
int data types."

The offending code is also in 2.6.8. A fix is at
http://linux.bkbits.net:8080/linux-2.6/cset@42018227TkNpHlX6BefnItV_GqMmzQ

The original advisory is at
http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2


Please fix 2.6.9 and 2.6.10 as well. I have also looked at 2.4.27 but couldn't find any
similar code.


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Versions of packages kernel-source-2.6.8 depends on:
ii  binutils                      2.15-5     The GNU assembler, linker and bina
ii  bzip2                         1.0.2-5    high-quality block-sorting file co
ii  coreutils [fileutils]         5.2.1-2    The GNU core utilities
ii  fileutils                     5.2.1-2    The GNU file management utilities 

-- no debconf information
Reply to: