Bug#300163: [CAN-2004-1191]: Race condition could allow local users to read unauthorized memory from "foreign memory pages."
Package: kernel-source-2.6.8
Version: 2.6.8-14
Severity: normal
Tags: security patch
CAN-2004-1191 reads:
Race condition ... when run on SMP systems that have more than 4GB of
memory, could allow local users to read unauthorized memory from
"foreign memory pages." Apparantly it also allows remote attackers to
obtain sensitive information, caused by a vulnerability in the
smb_recv_trans2 function, could also send a specially-crafted TRANS2
SMB packet to cause a kernel memory leak.
More information about this is here:
http://www.novell.com/linux/security/advisories/2004_42_kernel.html
http://xforce.iss.net/xforce/xfdb/18137
2.6.8 needs both these patches:
http://linux.bkbits.net:8080/linux-2.6/patch@1.1938.197.15?nav=cset@1.1938.197.15
http://linux.bkbits.net:8080/linux-2.6/cset%4041e9a86bi4MvUzMJ8Ru62gdkFgHKtg
The second patch has been applied to Debian's kernel-source-2.6.8, but
the first is also needed.
Micah
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (300, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-k7
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages kernel-source-2.6.8 depends on:
ii binutils 2.15-5 The GNU assembler, linker and bina
ii bzip2 1.0.2-5 high-quality block-sorting file co
ii coreutils [fileutils] 5.2.1-2 The GNU core utilities
ii fileutils 5.2.1-2 The GNU file management utilities
-- no debconf information
Reply to: