[kernel-sec-discuss] r1311 - active

jmm at alioth.debian.org jmm at alioth.debian.org
Thu Mar 19 15:45:54 UTC 2009


Author: jmm
Date: 2009-03-19 15:45:54 +0000 (Thu, 19 Mar 2009)
New Revision: 1311

Added:
   active/CVE-2009-0834
   active/CVE-2009-0835
Log:
new issues


Added: active/CVE-2009-0834
===================================================================
--- active/CVE-2009-0834	                        (rev 0)
+++ active/CVE-2009-0834	2009-03-19 15:45:54 UTC (rev 1311)
@@ -0,0 +1,26 @@
+Candidate: CVE-2009-0834
+Description:
+ The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier
+ on the x86_64 platform does not properly handle (1) a 32-bit process making
+ a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which
+ allows local users to bypass certain syscall audit configurations via
+ crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343. 
+References:
+ http://marc.info/?l=linux-kernel&m=123579056530191&w=2
+ http://marc.info/?l=linux-kernel&m=123579065130246&w=2
+ http://marc.info/?l=oss-security&m=123597642832637&w=2
+ http://scary.beasts.org/security/CESA-2009-001.html
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccbe495caa5e604b04d5a31d7459a6f6a76a756c
+ https://bugzilla.redhat.com/show_bug.cgi?id=487990 
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:

Added: active/CVE-2009-0835
===================================================================
--- active/CVE-2009-0835	                        (rev 0)
+++ active/CVE-2009-0835	2009-03-19 15:45:54 UTC (rev 1311)
@@ -0,0 +1,33 @@
+Candidate: CVE-2009-0835
+Description:
+ The __secure_computing function in kernel/seccomp.c in the seccomp subsystem
+ in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when
+ CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process
+ making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which
+ allows local users to bypass intended access restrictions via crafted syscalls
+ that are misinterpreted as (a) stat or (b) chmod, a related issue to
+ CVE-2009-0342 and CVE-2009-0343. 
+References:
+ http://marc.info/?l=linux-kernel&m=123579056530191&w=2
+ http://marc.info/?l=linux-kernel&m=123579069630311&w=2
+ http://marc.info/?l=oss-security&m=123597627132485&w=2
+ http://lkml.org/lkml/2009/2/28/23
+ http://scary.beasts.org/security/CESA-2009-001.html
+ http://scary.beasts.org/security/CESA-2009-004.html
+ http://scarybeastsecurity.blogspot.com/2009/02/linux-kernel-minor-seccomp.html
+ https://bugzilla.redhat.com/show_bug.cgi?id=487255 
+Ubuntu-Description:
+Notes:
+ jmm> CONFIG_SECCOMP has only been enabled in 2.6.26. Since it's ultra-obscure
+ jmm> and mostly unused anyway, we can likely mark in N/A for 2.6.18 and 2.6.24
+ jmm> Dann, what do you think?
+Bugs:
+upstream:
+linux-2.6: needed
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:




More information about the kernel-sec-discuss mailing list