[kernel-sec-discuss] r1605 - active retired
Moritz Muehlenhoff
jmm at alioth.debian.org
Mon Nov 16 23:42:50 UTC 2009
Author: jmm
Date: 2009-11-16 23:42:50 +0000 (Mon, 16 Nov 2009)
New Revision: 1605
Added:
retired/CVE-2009-3547
retired/CVE-2009-3612
Removed:
active/CVE-2009-3547
active/CVE-2009-3612
Log:
retire two more issues
Deleted: active/CVE-2009-3547
===================================================================
--- active/CVE-2009-3547 2009-11-16 23:42:10 UTC (rev 1604)
+++ active/CVE-2009-3547 2009-11-16 23:42:50 UTC (rev 1605)
@@ -1,22 +0,0 @@
-Candidate: CVE-2009-3547
-Description:
- a NULL pointer dereference flaw was found in each of the following
- functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and
- pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could
- be released by other processes before it is used to update the pipe's reader
- and writer counters. This could lead to a local denial of service or
- privilege escalation.
-References:
- http://www.openwall.com/lists/oss-security/2009/11/03/1
-Notes:
- Brad Spengler *claims* to have already developed a working exploit. Since
- his previous work has been effective, it is probably true. Hence, this
- should be treated with high urgency.
- - May be not be exploitable on debian due to mmap_min_addr protections?
-jmm> ad3960243e55320d74195fb85c975e0a8cc4466c
-Bugs:
-upstream: released (2.6.32-rc6) [ad396024]
-linux-2.6: released (2.6.31-2)
-2.6.18-etch-security: released (2.6.18.dfsg.1-26etch1) [bugfix/all/fs-pipe-null-pointer-dereference.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch1) [bugfix/all/fs-pipe-null-pointer-dereference.patch]
-2.6.26-lenny-security: released (2.6.26-19lenny2) [bugfix/all/fs-pipe-null-pointer-dereference.patch]
Deleted: active/CVE-2009-3612
===================================================================
--- active/CVE-2009-3612 2009-11-16 23:42:10 UTC (rev 1604)
+++ active/CVE-2009-3612 2009-11-16 23:42:50 UTC (rev 1605)
@@ -1,17 +0,0 @@
-Candidate: CVE-2009-3612
-Description:
- The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the
- Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize
- a certain tcm__pad2 structure member, which might allow local users to obtain
- sensitive information from kernel memory via unspecified vectors. NOTE: this issue
- exists because of an incomplete fix for CVE-2005-4881.
-References:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3612
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad61df918c44316940404891d5082c63e79c256a
-Notes:
-Bugs:
-upstream: released (2.6.32-rc5) [ad61df918c44316940404891d5082c63e79c256a], released (2.6.31.6) [cd45ad45a38aa500f96254ce21890ae7611cef46]
-linux-2.6: released (2.6.31-2)
-2.6.18-etch-security: released (2.6.18.dfsg.1-26etch1) [bugfix/all/netlink-fix-typo-in-initialization.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch1) [bugfix/all/netlink-fix-typo-in-initialization.patch]
-2.6.26-lenny-security: released (2.6.26-19lenny2) [bugfix/all/netlink-fix-typo-in-initialization.patch]
Copied: retired/CVE-2009-3547 (from rev 1604, active/CVE-2009-3547)
===================================================================
--- retired/CVE-2009-3547 (rev 0)
+++ retired/CVE-2009-3547 2009-11-16 23:42:50 UTC (rev 1605)
@@ -0,0 +1,22 @@
+Candidate: CVE-2009-3547
+Description:
+ a NULL pointer dereference flaw was found in each of the following
+ functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and
+ pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could
+ be released by other processes before it is used to update the pipe's reader
+ and writer counters. This could lead to a local denial of service or
+ privilege escalation.
+References:
+ http://www.openwall.com/lists/oss-security/2009/11/03/1
+Notes:
+ Brad Spengler *claims* to have already developed a working exploit. Since
+ his previous work has been effective, it is probably true. Hence, this
+ should be treated with high urgency.
+ - May be not be exploitable on debian due to mmap_min_addr protections?
+jmm> ad3960243e55320d74195fb85c975e0a8cc4466c
+Bugs:
+upstream: released (2.6.32-rc6) [ad396024]
+linux-2.6: released (2.6.31-2)
+2.6.18-etch-security: released (2.6.18.dfsg.1-26etch1) [bugfix/all/fs-pipe-null-pointer-dereference.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch1) [bugfix/all/fs-pipe-null-pointer-dereference.patch]
+2.6.26-lenny-security: released (2.6.26-19lenny2) [bugfix/all/fs-pipe-null-pointer-dereference.patch]
Copied: retired/CVE-2009-3612 (from rev 1604, active/CVE-2009-3612)
===================================================================
--- retired/CVE-2009-3612 (rev 0)
+++ retired/CVE-2009-3612 2009-11-16 23:42:50 UTC (rev 1605)
@@ -0,0 +1,17 @@
+Candidate: CVE-2009-3612
+Description:
+ The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the
+ Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize
+ a certain tcm__pad2 structure member, which might allow local users to obtain
+ sensitive information from kernel memory via unspecified vectors. NOTE: this issue
+ exists because of an incomplete fix for CVE-2005-4881.
+References:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3612
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad61df918c44316940404891d5082c63e79c256a
+Notes:
+Bugs:
+upstream: released (2.6.32-rc5) [ad61df918c44316940404891d5082c63e79c256a], released (2.6.31.6) [cd45ad45a38aa500f96254ce21890ae7611cef46]
+linux-2.6: released (2.6.31-2)
+2.6.18-etch-security: released (2.6.18.dfsg.1-26etch1) [bugfix/all/netlink-fix-typo-in-initialization.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch1) [bugfix/all/netlink-fix-typo-in-initialization.patch]
+2.6.26-lenny-security: released (2.6.26-19lenny2) [bugfix/all/netlink-fix-typo-in-initialization.patch]
More information about the kernel-sec-discuss
mailing list