blob: e6f7557551a1aa847dc04320e57100c9d71bffea (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
Candidate: CVE-2005-4605
References:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8b90db0df7187a01fb7177f1f812123138f562cf
http://marc.theaimsgroup.com/?l=full-disclosure&m=113535380422339&w=2
http://linux.bkbits.net:8080/linux-2.6/gnupatch@43b562ae6hJGLWZA4TNf2k-RzXnVlQ
Description:
The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions
before 2.6.15 allows attackers to read sensitive kernel memory via
unspecified vectors in which a signed value is added to an unsigned
value.
Notes:
jmm> 2.4 not affected as proc_file_lseek() contains a check for this
jmm> if (offset>=0 && (unsigned long long)offset<=file->f_dentry->d_inode->i_sb->s_maxbytes) {
jmm> Discovered by Karl Janmar
Bugs:
upstream: released (2.6.15), released (2.6.14.6)
linux-2.6: released (2.6.15-1)
2.6.8-sarge-security: released (2.6.8-16sarge2) [proc-legacy-loff-underflow.dpatch]
2.4.27-sarge-security: N/A
2.4.19-woody-security: N/A
2.4.18-woody-security: N/A
2.4.17-woody-security: N/A
2.4.16-woody-security: N/A
2.4.17-woody-security-hppa: N/A
2.4.17-woody-security-ia64: N/A
|