[kernel] r4755 - people/dannf/patchinfo

Simon Horman horms at costa.debian.org
Wed Nov 9 03:46:28 UTC 2005 

Author: horms
Date: Wed Nov  9 03:46:26 2005
New Revision: 4755

Added:
   people/dannf/patchinfo/cve-2005-2709-sysctl-unregistration-oops.patch
Log:
Added cve-2005-2709-sysctl-unregistration-oops.patch / CVE-2005-2709

Added: people/dannf/patchinfo/cve-2005-2709-sysctl-unregistration-oops.patch
==============================================================================
--- (empty file)
+++ people/dannf/patchinfo/cve-2005-2709-sysctl-unregistration-oops.patch	Wed Nov  9 03:46:26 2005
@@ -0,0 +1,36 @@
+## A list of valid fields for patch description files, with examples
+Candidate: CVE-2005-2709
+References:
+ CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob_plain;h=5dbbdc13a7bdbc132de44bc00e13079afaf033d0;f=2.6.14.1/cve-2005-2709-sysctl-unregistration-oops.patch
+ MISC:##URL## 
+Description: 
+ From: Al Viro <viro at zeniv.linux.org.uk>
+ .
+ You could open the /proc/sys/net/ipv4/conf/<if>/<whatever> file, then
+ wait for interface to go away, try to grab as much memory as possible in
+ hope to hit the (kfreed) ctl_table.  Then fill it with pointers to your
+ function. Then do read from file you've opened and if you are lucky,
+ you'll get it called as ->proc_handler() in kernel mode.
+
+ So this is at least an Oops and possibly more.  It does depend on an
+ interface going away though, so less of a security risk than it would
+ otherwise be.
+Notes:
+ CVE is reserved, so we can't take the description from there yet
+Bug: 
+## per-tree status.
+##  pending: fix has been committed to svn
+##  released: we've cut a version with this fix in it
+##  needed: bug is applicable to this tree and needs a fix
+##  An empty value means that someone needs to determine the relevancy for this tree
+## 
+##
+## status maybe followed by a version string in ()'s, and/or a patchname in []'s
+## Prerequisite patches maybe listed in [] as well, even though they may not be
+## directly part of the fix.
+upstream: pending (2.6.14.1)
+2.6.13: needed
+2.6.12: 
+2.6.8-sarge-security: 
+2.4.27-sarge-security:
+2.4.27:

More information about the Kernel-svn-changes mailing list