Bug#296901: CAN-2005-0530: information disclosure because of signedness error in copy_from_read_buf

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#296901: CAN-2005-0530: information disclosure because of signedness error in copy_from_read_buf
From: Stefan Fritsch <sf@sfritsch.de>
Date: Fri, 25 Feb 2005 15:40:51 +0100
Message-id: <[🔎] E1D4geB-0005f5-Mb@k.local>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 296901@bugs.debian.org

Package: kernel-source-2.6.8
Version: 2.6.8-13
Severity: grave
Tags: security
Justification: user security hole

"Signedness error in the copy_from_read_buf function in n_tty.c for
Linux kernel 2.6.10 and 2.6.11rc1 allows local users to read kernel
memory via a negative argument."

The offending code is also in 2.6.8 and 2.4.27.

A fix is at
http://linux.bkbits.net:8080/linux-2.6/cset@420181322LZmhPTewcCOLkubGwOL3w

Advisory at
http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2

Please also fix 2.6.9 and 2.6.10


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-as2-stf-k-1
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15)

Versions of packages kernel-source-2.6.8 depends on:
ii  binutils                      2.15-5     The GNU assembler, linker and bina
ii  bzip2                         1.0.2-5    high-quality block-sorting file co
ii  coreutils [fileutils]         5.2.1-2    The GNU core utilities
ii  fileutils                     5.2.1-2    The GNU file management utilities 

-- no debconf information

Reply to:

Prev by Date: Bug#296900: CAN-2005-0529: Buffer overflow in proc_file_read
Next by Date: Processed: your mail
Previous by thread: Bug#296900: CAN-2005-0529: Buffer overflow in proc_file_read
Next by thread: Processed: your mail
Index(es):
- Date
- Thread