Re: Three more security problems in the 2.6 kernel

To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: secure-testing-team@lists.alioth.debian.org, security@debian.org, debian-kernel@lists.debian.org
Subject: Re: Three more security problems in the 2.6 kernel
From: Horms <horms@debian.org>
Date: Wed, 12 Oct 2005 15:13:34 +0900
Message-id: <[🔎] 20051012061333.GE31676@verge.net.au>
Mail-followup-to: Moritz Muehlenhoff <jmm@inutil.org>, secure-testing-team@lists.alioth.debian.org, security@debian.org, debian-kernel@lists.debian.org
In-reply-to: <[🔎] 20051011203041.GA5202@informatik.uni-bremen.de>
References: <[🔎] 20051009101854.GA5635@informatik.uni-bremen.de> <[🔎] 20051011053138.GA17028@verge.net.au> <[🔎] 20051011203041.GA5202@informatik.uni-bremen.de>

On Tue, Oct 11, 2005 at 10:30:42PM +0200, Moritz Muehlenhoff wrote:
> Horms wrote:
> > > I found three more security related reports/patches on linux-kernel.
> > 
> > As mentioned elsewhere, the first (request_key_auth memleek) is CAN-2005-3119.
> > Can we get CAN numbers for the other two?
> 
> Here they are:

Thanks, I'll get them into svn and my patch_notes space ASAP.

> > > From: Dave Jones <davej@redhat.com>
> > > 
> > > Please consider for next 2.6.13, it is a minor security issue allowing
> > > users to turn on drm debugging when they shouldn't...
> 
> ======================================================
> Candidate: CAN-2005-3179
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3179
> Reference: CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=d7067d7d1f92cba14963a430cfbd53098cbbc8fd
> Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=107893
> 
> drm.c in Linux kernel 2.6.13 and earlier creates a debug file in sysfs
> with world-readable and world-writable permissions, which allows local
> users to enable DRM debugging and obtain sensitive information.
> 
> 
> > > From: Pavel Roskin <proski@gnu.org>
> > > 
> > > The orinoco driver can send uninitialized data exposing random pieces of
> > > the system memory.  This happens because data is not padded with zeroes
> > > when its length needs to be increased.
> 
> ======================================================
> Candidate: CAN-2005-3180
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3180
> Reference: CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=feecb2ffde28639e60ede769c6f817dc536c677b
> 
> The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does
> not properly clear memory from a previously used packet whose length
> is increased, which allows remote attackers to obtain sensitive
> information.

-- 
Horms

Reply to:

References:
- Three more security problems in the 2.6 kernel
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Re: Three more security problems in the 2.6 kernel
  - From: Horms <horms@debian.org>
- Re: Three more security problems in the 2.6 kernel
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: RE: amd64 kernel on i386 sarge system
Next by Date: Re: initrd/initramfs: we discussed enough, let's take some action now :)
Previous by thread: Re: Three more security problems in the 2.6 kernel
Next by thread: 2.6.13.4
Index(es):
- Date
- Thread