Bug#306137: CAN-2005-0867: Integer overflow in sysfs_write_file()

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#306137: CAN-2005-0867: Integer overflow in sysfs_write_file()
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Sun, 24 Apr 2005 15:10:59 +0200
Message-id: <[🔎] E1DPgt1-0002bi-J5@localhost.localdomain>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 306137@bugs.debian.org

Package: kernel-source-2.6.8
Severity: important
Tags: security patch

CAN-2005-0867 describes an integer overflow in sysfs_write_file() that
could be exploited to overwrite kernel memory.
I've attached the patch from Alexander Nyberg as found in the Ubuntu
package.

2.4 is not affected.

Cheers,
        Moritz

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)

Versions of packages kernel-source-2.6.8 depends on:
ii  binutils                      2.15-5     The GNU assembler, linker and bina
ii  bzip2                         1.0.2-5    high-quality block-sorting file co
ii  coreutils [fileutils]         5.2.1-2    The GNU core utilities

Attachment: sysfs-write-file.dpatch
Description: application/shellscript

Reply to:

Prev by Date: Bug#292328: Also in 2.6.11
Next by Date: Removing 2.4.25 and 2.4.26?
Previous by thread: Bug#292328: Also in 2.6.11
Next by thread: Removing 2.4.25 and 2.4.26?
Index(es):
- Date
- Thread