blob: 4b6758bb702ff58002d57ff818131e23255c64fa (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
Candidate: CVE-2004-0228
References:
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852
http://www.redhat.com/archives/fedora-announce-list/2004-April/msg00010.html
http://security.gentoo.org/glsa/glsa-200407-02.xml
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:050
http://www.novell.com/linux/security/advisories/2004_10_kernel.html
http://secunia.com/advisories/11429
http://secunia.com/advisories/11464
http://secunia.com/advisories/11486
http://secunia.com/advisories/11491
http://secunia.com/advisories/11683
http://xforce.iss.net/xforce/xfdb/15951
Description:
Integer signedness error in the cpufreq proc handler (cpufreq_procctl) in
Linux kernel 2.6 allows local users to gain privileges.
Notes:
jmm> 2.4 does not have cpufreq
jmm> In 2.6 the affected code has changed to drivers/cpufreq/cpufreq_userspace.c
jmm> I've verified that the isolated patch from
jmm> http://www.ultramonkey.org/bugs/cve-patch/CAN-2004-0228.patch
jmm> is included in 2.6.8
Bugs:
upstream:
linux-2.6: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.4.19-woody-security: N/A
2.4.18-woody-security: N/A
2.4.17-woody-security: N/A
2.4.16-woody-security: N/A
2.4.17-woody-security-hppa: N/A
2.4.17-woody-security-ia64: N/A
|