[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#300163: [CAN-2004-1191]: Race condition could allow local users to read unauthorized memory from "foreign memory pages."

Package: kernel-source-2.6.8
Version: 2.6.8-14
Severity: normal
Tags: security patch

CAN-2004-1191 reads:

Race condition ... when run on SMP systems that have more than 4GB of
memory, could allow local users to read unauthorized memory from
"foreign memory pages." Apparantly it also allows remote attackers to
obtain sensitive information, caused by a vulnerability in the
smb_recv_trans2 function, could also send a specially-crafted TRANS2
SMB packet to cause a kernel memory leak.

More information about this is here:
http://www.novell.com/linux/security/advisories/2004_42_kernel.html
http://xforce.iss.net/xforce/xfdb/18137

2.6.8 needs both these patches:
http://linux.bkbits.net:8080/linux-2.6/patch@1.1938.197.15?nav=cset@1.1938.197.15
http://linux.bkbits.net:8080/linux-2.6/cset%4041e9a86bi4MvUzMJ8Ru62gdkFgHKtg

The second patch has been applied to Debian's kernel-source-2.6.8, but
the first is also needed.

Micah

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (300, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-k7
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages kernel-source-2.6.8 depends on:
ii  binutils                      2.15-5     The GNU assembler, linker and bina
ii  bzip2                         1.0.2-5    high-quality block-sorting file co
ii  coreutils [fileutils]         5.2.1-2    The GNU core utilities
ii  fileutils                     5.2.1-2    The GNU file management utilities 

-- no debconf information
Reply to: