blob: 318d3e4f85bd39274aae80eea52a9bfcd382f19c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
Candidate: CVE-2009-0835
Description:
The __secure_computing function in kernel/seccomp.c in the seccomp subsystem
in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when
CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process
making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which
allows local users to bypass intended access restrictions via crafted syscalls
that are misinterpreted as (a) stat or (b) chmod, a related issue to
CVE-2009-0342 and CVE-2009-0343.
References:
http://marc.info/?l=linux-kernel&m=123579056530191&w=2
http://marc.info/?l=linux-kernel&m=123579069630311&w=2
http://marc.info/?l=oss-security&m=123597627132485&w=2
http://lkml.org/lkml/2009/2/28/23
http://scary.beasts.org/security/CESA-2009-001.html
http://scary.beasts.org/security/CESA-2009-004.html
http://scarybeastsecurity.blogspot.com/2009/02/linux-kernel-minor-seccomp.html
https://bugzilla.redhat.com/show_bug.cgi?id=487255
Ubuntu-Description:
Notes:
jmm> CONFIG_SECCOMP has only been enabled in 2.6.26. Since it's ultra-obscure
jmm> and mostly unused anyway, we can likely mark in N/A for 2.6.18 and 2.6.24
jmm> Dann, what do you think?
dannf> agreed
Bugs:
upstream: released (2.6.28.8, 2.6.29) [1ab4bad21786384ff68dc6576d021acd4e42d8ce, 5b1017404aea6d2e552e991b3fd814d839e9cd67]
linux-2.6: released (2.6.29-1)
2.6.18-etch-security: N/A
2.6.24-etch-security: N/A
2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/seccomp-fix-32+64-syscall-hole.patch]
2.6.15-dapper-security:
2.6.22-gutsy-security:
2.6.24-hardy-security:
2.6.27-intrepid-security:
|
