From 7eb11c30638529575969fa17b2a170cae7e515a0 Mon Sep 17 00:00:00 2001
From: Raphael Geissert <geissert@debian.org>
Date: Tue, 15 Dec 2009 23:02:14 +0000
Subject: retire a few issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1653 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2009-2584 | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 retired/CVE-2009-2584

(limited to 'retired/CVE-2009-2584')

diff --git a/retired/CVE-2009-2584 b/retired/CVE-2009-2584
new file mode 100644
index 00000000..f099cf12
--- /dev/null
+++ b/retired/CVE-2009-2584
@@ -0,0 +1,22 @@
+Candidate: CVE-2009-2584
+Description:
+ Off-by-one error in the options_write function in 
+ drivers/misc/sgi-gru/gruprocfs.c in the SGI GRU driver in the Linux kernel 
+ 2.6.30.2 and earlier on ia64 and x86 platforms might allow local users to 
+ overwrite arbitrary memory locations and gain privileges via a crafted count 
+ argument, which triggers a stack-based buffer overflow.
+References:
+ http://grsecurity.net/~spender/exploit_demo.c
+ http://lkml.org/lkml/2009/7/20/348
+ http://xorl.wordpress.com/2009/07/21/linux-kernel-sgi-gru-driver-off-by-one-overwrite
+Ubuntu-Description:
+Notes:
+ - high urgency since exploit code is currently in the wild
+ - the patch is still not applied upstream so i've sent a message upstream to lkml:
+   http://lkml.org/lkml/2009/11/4/538
+Bugs:
+upstream: released (2.6.32-rc7) [d39b7dd1dcbf394a1cb897457c862dafe9a20ac5], released (2.6.31.6) [42d7bdfc3320039bb9310703d6475a62f5c74772]
+linux-2.6: released (2.6.31-2)
+2.6.18-etch-security: N/A "code not present"
+2.6.24-etch-security: N/A "code not present"
+2.6.26-lenny-security: N/A "code not present"
-- 
cgit v1.2.3