retire issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1759 e094ebfe-e918-0410-adfb-c712417f3574

17 files changed, 257 insertions, 0 deletions

diff --git a/retired/CVE-2009-2691 b/retired/CVE-2009-2691
new file mode 100644
index 00000000..6069194d
--- /dev/null
+++ b/retired/CVE-2009-2691
@@ -0,0 +1,14 @@
+Candidate: CVE-2009-2691
+Description:
+ The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier
+ allows local users to read (1) maps and (2) smaps files under proc/ via vectors
+ related to ELF loading, a setuid process, and a race condition.
+References:
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.31-rc6) [13f0fea, 00f89d2, 704b836], released (2.6.30.5) [95d7e670e3158b6a52a8279290a0d6f7047250b4, 17dc3e97d6d51df33cb6e35fabb62b91ef14cf2c, c6d59cb0341e2c3aed3eb65cbf166a686c3443aa]
+linux-2.6: released (2.6.30-7)
+2.6.18-etch-security: ignored (end of life)
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch]
+2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch]
diff --git a/retired/CVE-2009-2695 b/retired/CVE-2009-2695
new file mode 100644
index 00000000..307fc3b4
--- /dev/null
+++ b/retired/CVE-2009-2695
@@ -0,0 +1,21 @@
+Candidate: CVE-2009-2695
+Description:
+ The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that 
+ target page zero and other low memory addresses, which allows local users to gain 
+ privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) 
+ the default configuration of the allow_unconfined_mmap_low boolean in SELinux on 
+ Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes 
+ allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a 
+ requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4) 
+ interaction between the mmap_min_addr protection mechanism and certain application 
+ programs.
+References:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2695
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.31-rc7)
+linux-2.6: released (2.6.31-1)
+2.6.18-etch-security: N/A "no mmap_min_addr"
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/security-use-mmap_min_addr-independently-of-security-models.patch, bugfix/all/selinux-call-cap_file_mmap-in-selinux_file_mmap.patch, bugfix/all/capabilities-move-cap_file_mmap-to-commoncap.c.patch, bugfix/all/security-seperate-lsm-specific-mmap_min_addr.patch, bugfix/all/security-define-round_hint_to_min-when-CONFIG_SECURITY-is-off.patch]
+2.6.26-lenny-security: released (2.6.26-19lenny1) [bugfix/all/security-use-mmap_min_addr-independently-of-security-models.patch, bugfix/all/selinux-call-cap_file_mmap-in-selinux_file_mmap.patch, bugfix/all/capabilities-move-cap_file_mmap-to-commoncap.c.patch, bugfix/all/security-seperate-lsm-specific-mmap_min_addr.patch, bugfix/all/security-define-round_hint_to_min-when-CONFIG_SECURITY-is-off.patch]
diff --git a/retired/CVE-2009-3080 b/retired/CVE-2009-3080
new file mode 100644
index 00000000..b72f4281
--- /dev/null
+++ b/retired/CVE-2009-3080
@@ -0,0 +1,13 @@
+Candidate: CVE-2009-3080
+Description:
+ index error in gdth_read_event
+References:
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3080
+Notes:
+Bugs:
+upstream: released (2.6.32-rc8) [690e7448]
+2.6.31-upstream-stable: released (2.6.31.7) [17438898]
+linux-2.6: released (2.6.32-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch]
+2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch]
diff --git a/retired/CVE-2009-3613 b/retired/CVE-2009-3613
new file mode 100644
index 00000000..423241ee
--- /dev/null
+++ b/retired/CVE-2009-3613
@@ -0,0 +1,14 @@
+Candidate: CVE-2009-3613
+Description:
+References:
+ http://git.kernel.org/linus/a866bbf6aacf95f849810079442a20be118ce905
+ http://git.kernel.org/linus/97d477a914b146e7e6722ded21afa79886ae8ccd
+ http://bugzilla.kernel.org/show_bug.cgi?id=9468
+ https://bugzilla.redhat.com/show_bug.cgi?id=529137
+Notes:
+Bugs:
+upstream: released (2.6.29) [a866bbf, 97d477a]
+linux-2.6: released (2.6.29-1)
+2.6.18-etch-security: ignored (EOL)
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch1) [bugfix/all/r8169-balance-pci_map-pci_unmap-pair.patch, bugfix/all/r8169-use-hardware-auto-padding.patch]
+2.6.26-lenny-security: released (2.6.26-19lenny1) [bugfix/all/r8169-use-hardware-auto-padding.patch]
diff --git a/retired/CVE-2009-3726 b/retired/CVE-2009-3726
new file mode 100644
index 00000000..f03e2464
--- /dev/null
+++ b/retired/CVE-2009-3726
@@ -0,0 +1,13 @@
+Candidate: CVE-2009-3726
+Description:
+ null ptr dereference in nfs4_proc_lock
+References:
+ http://www.openwall.com/lists/oss-security/2009/11/05/1
+ http://xorl.wordpress.com/2009/11/07/cve-2009-3726-linux-kernel-nfsv4-null-pointer-dereference/
+Notes:
+Bugs:
+upstream: released (2.6.31) [d953126a28f97ec965d23c69fd5795854c048f30]
+linux-2.6: released (2.6.31-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/nfsv4-buggy-server-oops.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/nfsv4-buggy-server-oops.patch]
+2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/nfsv4-buggy-server-oops.patch]
diff --git a/retired/CVE-2009-3889 b/retired/CVE-2009-3889
new file mode 100644
index 00000000..cea67afa
--- /dev/null
+++ b/retired/CVE-2009-3889
@@ -0,0 +1,18 @@
+Candidate: CVE-2009-3889
+Description:
+ The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 
+ 2.6.27 has world-writable permissions, which allows local users to change 
+ the (1) behavior and (2) logging level of the driver by modifying this file.
+References:
+ http://www.openwall.com/lists/oss-security/2009/11/13/1
+ https://bugzilla.redhat.com/show_bug.cgi?id=526068
+Notes:
+ poll_mode_io aspect of this issue got its own id, CVE-2009-3939
+Bugs:
+upstream: released (2.6.27) [66dca9b8]
+linux-2.6: released (2.6.27-1)
+2.6.18-etch-security: N/A (Vulnerable code not present)
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch]
+2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch]
+
+
diff --git a/retired/CVE-2009-4005 b/retired/CVE-2009-4005
new file mode 100644
index 00000000..2577d111
--- /dev/null
+++ b/retired/CVE-2009-4005
@@ -0,0 +1,14 @@
+Candidate: CVE-2009-4005
+Description:
+ buffer overflow in hfc_usb
+References:
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4005
+Notes:
+Bugs:
+upstream: released (2.6.32-rc7) [286e633e]
+2.6.31-upstream-stable: N/A
+linux-2.6: released (2.6.32-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch]
+2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch]
+2.6.32-squeeze-security: released (2.6.32-1) 
diff --git a/retired/CVE-2009-4020 b/retired/CVE-2009-4020
new file mode 100644
index 00000000..270085ba
--- /dev/null
+++ b/retired/CVE-2009-4020
@@ -0,0 +1,14 @@
+Candidate: CVE-2009-4020
+Description:
+ hfs buffer overflow
+References:
+ http://www.openwall.com/lists/oss-security/2009/12/04/1
+Notes:
+Bugs:
+upstream: released (2.6.33-rc1) [ec81aecb]
+2.6.32-upstream-stable: released (2.6.32.2) [037b7867]
+linux-2.6: released (2.6.32-3)
+2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/hfs-fix-a-potential-buffer-overflow.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/hfs-fix-a-potential-buffer-overflow.patch]
+2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/hfs-fix-a-potential-buffer-overflow.patch]
+2.6.32-squeeze-security: released (2.6.32-3)
diff --git a/retired/CVE-2009-4021 b/retired/CVE-2009-4021
new file mode 100644
index 00000000..fbf0a0c5
--- /dev/null
+++ b/retired/CVE-2009-4021
@@ -0,0 +1,14 @@
+Candidate: CVE-2009-4021
+Description:
+ fuse null ptr dereference
+References:
+ http://www.openwall.com/lists/oss-security/2009/11/19/1
+Notes:
+ introduced in 2.6.14
+Bugs:
+upstream: released (2.6.32-rc7) [f60311d5]
+linux-2.6: released (2.6.32-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch]
+2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch]
+2.6.32-squeeze-security: released (2.6.32-1)
diff --git a/retired/CVE-2009-4138 b/retired/CVE-2009-4138
new file mode 100644
index 00000000..668226de
--- /dev/null
+++ b/retired/CVE-2009-4138
@@ -0,0 +1,14 @@
+Candidate: CVE-2009-4138
+Description:
+ firewire: ohci: handle receive packets with a data length of zero
+References:
+ http://www.openwall.com/lists/oss-security/2009/12/15/1
+Notes:
+Bugs:
+upstream: released (2.6.33-rc1) [8c0c0cc2]
+2.6.32-upstream-stable: released (2.6.32.2) [e39b7b49]
+linux-2.6: released (2.6.32-3)
+2.6.18-etch-security: N/A "ohci introduced in 2.6.22"
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/firewire-ohci-handle-receive-packets-with-a-data-length-of-zero.patch]
+2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/firewire-ohci-handle-receive-packets-with-a-data-length-of-zero.patch]
+2.6.32-squeeze-security: released (2.6.32-3)
diff --git a/retired/CVE-2009-4141 b/retired/CVE-2009-4141
new file mode 100644
index 00000000..2bc82b31
--- /dev/null
+++ b/retired/CVE-2009-4141
@@ -0,0 +1,19 @@
+Candidate: CVE-2009-4141
+Description:
+ fasync issue
+References:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4141
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=53281b6d3
+Notes:
+ Believed to have been introduced in 233e70f in 2.6.28-rc3.
+ Might make sense to backport to stable as a precaution.
+Bugs:
+jmm> Commit 53281b6d
+upstream: released (2.6.32.4)
+2.6.32-upstream-stable: released (2.6.32.4)
+linux-2.6: released (2.6.32-6) [bugfix/all/fasync-split-fasync_helper.patch]
+2.6.18-etch-security: N/A
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: N/A
+2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/fasync-split-fasync_helper.patch]
+
diff --git a/retired/CVE-2009-4308 b/retired/CVE-2009-4308
new file mode 100644
index 00000000..fc6270fd
--- /dev/null
+++ b/retired/CVE-2009-4308
@@ -0,0 +1,13 @@
+Candidate: CVE-2009-4308
+Description:
+References:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4308
+Notes:
+Bugs:
+upstream: released (2.6.32) [78f1ddbb]
+2.6.31-upstream-stable: released (2.6.31.8) [4ef61f0a]
+linux-2.6: released (2.6.32-1)
+2.6.18-etch-security: N/A "ext4 introduced in 2.6.19"
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/ext4-avoid-null-pointer-deref-when-decoding-EROFS-wo-a-journal.patch]
+2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/ext4-avoid-null-pointer-deref-when-decoding-EROFS-wo-a-journal.patch]
+2.6.32-squeeze-security: released (2.6.32-1)
diff --git a/retired/CVE-2009-4536 b/retired/CVE-2009-4536
new file mode 100644
index 00000000..a1f3b11a
--- /dev/null
+++ b/retired/CVE-2009-4536
@@ -0,0 +1,16 @@
+Candidate: CVE-2009-4536
+Description:
+ regression in e1000 driver
+References:
+ http://www.openwall.com/lists/oss-security/2009/12/31/1
+Notes:
+ jmm> Commit 40a14deaf411592b57cb0720f0e8004293ab9865
+ jmm> Submitted for 2.6.32 stable
+Bugs:
+upstream: released (2.6.33-rc6) [40a14dea]
+2.6.32-upstream-stable:
+linux-2.6: released (2.6.32-6) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]
+2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]
+2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]
diff --git a/retired/CVE-2009-4538 b/retired/CVE-2009-4538
new file mode 100644
index 00000000..adbcddc9
--- /dev/null
+++ b/retired/CVE-2009-4538
@@ -0,0 +1,16 @@
+Candidate:CVE-2009-4538
+Description:
+ regression in e1000e driver
+References:
+ http://www.openwall.com/lists/oss-security/2009/12/31/1
+Notes:
+ jmm> commit b94b50289622e816adc9f94111cfc2679c80177c
+ jmm> Submitted for 2.6.32 stable
+Bugs:
+upstream: released (2.6.33-rc6) [b94b5028]
+2.6.32-upstream-stable:
+linux-2.6: released (2.6.32-6) [bugfix/all/e1000e-enhance-fragment-detection.patch]
+2.6.18-etch-security: N/A "no e1000e"
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/e1000e-enhance-frame-fragment-detection.patch]
+2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/e1000e-enhance-frame-fragment-detection.patch]
+2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/e1000e-enhance-fragment-detection.patch]
diff --git a/retired/CVE-2010-0003 b/retired/CVE-2010-0003
new file mode 100644
index 00000000..e29ae9b6
--- /dev/null
+++ b/retired/CVE-2010-0003
@@ -0,0 +1,14 @@
+Candidate: CVE-2010-0003
+Description:
+ kernel info leak if print-fatal-signals=1
+References:
+ http://www.openwall.com/lists/oss-security/2010/01/12/1
+Notes:
+Bugs:
+upstream: released (2.6.33-rc4) [b45c6e76bc]
+2.6.32-upstream-stable: released (2.6.32.4)
+linux-2.6: released (2.6.32-6) [bugfix/all/stable/2.6.32.4.patch]
+2.6.18-etch-security: N/A "print-fatal-signals didn't exist yet"
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/signal-fix-information-leak-with-print-fatal-signals.patch]
+2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/signal-fix-information-leak-with-print-fatal-signals.patch]
+2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/stable/2.6.32.4.patch]
diff --git a/retired/CVE-2010-0006 b/retired/CVE-2010-0006
new file mode 100644
index 00000000..baab029d
--- /dev/null
+++ b/retired/CVE-2010-0006
@@ -0,0 +1,17 @@
+Candidate: CVE-2010-0006
+Description:
+ ipv6: skb_dst() null ptr dereference 
+References:
+ http://www.openwall.com/lists/oss-security/2010/01/14/2
+Notes:
+ oss-sec posting says that this codebase is not turned
+ on in most cases in oss-sec posting, so likely not a
+ very high urgency issue
+Bugs:
+upstream: released (2.6.33) (2570a4f5428bcdb1077622342181755741e7fa60)
+2.6.32-upstream-stable: released (2.6.32.4)
+linux-2.6: released (2.6.32-6)
+2.6.18-etch-security: N/A "introduced in 2.6.28 commit 483a47d2"
+2.6.24-etch-security: N/A "introduced in 2.6.28 commit 483a47d2"
+2.6.26-lenny-security: N/A "introduced in 2.6.28 commit 483a47d2"
+2.6.32-squeeze-security: released (2.6.32-6)
diff --git a/retired/CVE-2010-0007 b/retired/CVE-2010-0007
new file mode 100644
index 00000000..4febf548
--- /dev/null
+++ b/retired/CVE-2010-0007
@@ -0,0 +1,13 @@
+Candidate: CVE-2010-0007
+Description:
+ normal users can modify etables rules
+References:
+Notes:
+Bugs:
+upstream: released (2.6.33-rc4) [dce766a]
+2.6.32-upstream-stable: released (2.6.32.4)
+linux-2.6: released (2.6.32-6) [bugfix/all/stable/2.6.32.4.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/netfilter-ebtables-enforce-CAP_NET_ADMIN.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/netfilter-ebtables-enforce-CAP_NET_ADMIN.patch]
+2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/netfilter-ebtables-enforce-CAP_NET_ADMIN.patch]
+2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/stable/2.6.32.4.patch]