diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2009-10-20 21:47:12 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2009-10-20 21:47:12 +0000 |
commit | 7178a309381b9328c691c64e727124078a3cc142 (patch) | |
tree | eb82c2b4e0a5d884f0dcbf4325ab2a42de2481c7 /retired/CVE-2009-0834 | |
parent | 5662f0b2a69d60db40460e71293e7d6a5f1851b1 (diff) |
fix path
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1531 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2009-0834')
-rw-r--r-- | retired/CVE-2009-0834 | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/retired/CVE-2009-0834 b/retired/CVE-2009-0834 new file mode 100644 index 00000000..73a5c8fb --- /dev/null +++ b/retired/CVE-2009-0834 @@ -0,0 +1,26 @@ +Candidate: CVE-2009-0834 +Description: + The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier + on the x86_64 platform does not properly handle (1) a 32-bit process making + a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which + allows local users to bypass certain syscall audit configurations via + crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343. +References: + http://marc.info/?l=linux-kernel&m=123579056530191&w=2 + http://marc.info/?l=linux-kernel&m=123579065130246&w=2 + http://marc.info/?l=oss-security&m=123597642832637&w=2 + http://scary.beasts.org/security/CESA-2009-001.html + http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccbe495caa5e604b04d5a31d7459a6f6a76a756c + https://bugzilla.redhat.com/show_bug.cgi?id=487990 +Ubuntu-Description: +Notes: +Bugs: +upstream: released (2.6.27.20, 2.6.28.8, 2.6.29-rc7) +linux-2.6: released (2.6.29-1) +2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/syscall-audit-fix-32+64-syscall-hole.patch] +2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/syscall-audit-fix-32+64-syscall-hole.patch] +2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/x86/syscall-audit-fix-32+64-syscall-hole.patch] +2.6.15-dapper-security: +2.6.22-gutsy-security: +2.6.24-hardy-security: +2.6.27-intrepid-security: |