Bug#300163: [CAN-2004-1191]: Race condition could allow local users to read unauthorized memory from "foreign memory pages."
- To: Debian Bug Tracking System <email@example.com>
- Subject: Bug#300163: [CAN-2004-1191]: Race condition could allow local users to read unauthorized memory from "foreign memory pages."
- From: Micah Anderson <firstname.lastname@example.org>
- Date: Thu, 17 Mar 2005 22:42:28 -0600
- Message-id: <20050318044229.29961564F9@pond>
- Reply-to: Micah Anderson <email@example.com>, firstname.lastname@example.org
Tags: security patch
Race condition ... when run on SMP systems that have more than 4GB of
memory, could allow local users to read unauthorized memory from
"foreign memory pages." Apparantly it also allows remote attackers to
obtain sensitive information, caused by a vulnerability in the
smb_recv_trans2 function, could also send a specially-crafted TRANS2
SMB packet to cause a kernel memory leak.
More information about this is here:
2.6.8 needs both these patches:
The second patch has been applied to Debian's kernel-source-2.6.8, but
the first is also needed.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (300, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-k7
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages kernel-source-2.6.8 depends on:
ii binutils 2.15-5 The GNU assembler, linker and bina
ii bzip2 1.0.2-5 high-quality block-sorting file co
ii coreutils [fileutils] 5.2.1-2 The GNU core utilities
ii fileutils 5.2.1-2 The GNU file management utilities
-- no debconf information