[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#382210: [CVE-2006-0457]: kernel-image-2.6.8-3-686-smp: Linux Kernel Security Key Functions Local Copy_To_User Race

Package: kernel-image-2.6.8-3-686-smp
Version: 2.6.8-16sarge4
Severity: important
Tags: security


Race condition in the (1) add_key, (2) request_key, and (3) keyctl
functions in Linux kernel 2.6.x allows local users to cause a denial of
service (crash) or read sensitive kernel memory by modifying the length
of a string argument between the time that the kernel calculates the
length and when it copies the data into kernel memory.

It's fixed at http://www.ubuntu.com/usn/usn-263-1 , so possibly a patch
could be gotten from them.


-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-3-686-smp
Locale: LANG=en_US.ISO-8859-1, LC_CTYPE=en_US.ISO-8859-1 (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US.ISO-8859-1)

Versions of packages kernel-image-2.6.8-3-686-smp depends on:
ii  coreutils [fileutils]         5.2.1-2    The GNU core utilities
ii  fileutils                     5.2.1-2    The GNU file management utilities 
ii  initrd-tools           tools to create initrd image for p
ii  module-init-tools             3.2-pre1-2 tools for managing Linux kernel mo

-- no debconf information

|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |

Attachment: signature.asc
Description: Digital signature

Reply to: