[kernel] r5205 - patch-tracking
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Tue Jan 3 15:59:51 UTC 2006
Author: jmm-guest
Date: Tue Jan 3 15:59:50 2006
New Revision: 5205
Modified:
patch-tracking/proc_memory_disclosure
Log:
CVE assignment for procfs info leak
Modified: patch-tracking/proc_memory_disclosure
==============================================================================
--- patch-tracking/proc_memory_disclosure (original)
+++ patch-tracking/proc_memory_disclosure Tue Jan 3 15:59:50 2006
@@ -1,7 +1,13 @@
-Candidate: requested
+Candidate: CVE-2005-4605
References:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8b90db0df7187a01fb7177f1f812123138f562cf
+ http://marc.theaimsgroup.com/?l=full-disclosure&m=113535380422339&w=2
+ http://linux.bkbits.net:8080/linux-2.6/gnupatch@43b562ae6hJGLWZA4TNf2k-RzXnVlQ
Description:
+ The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions
+ before 2.6.15 allows attackers to read sensitive kernel memory via
+ unspecified vectors in which a signed value is added to an unsigned
+ value.
Notes:
jmm> 2.4 not affected as proc_file_lseek() contains a check for this
jmm> if (offset>=0 && (unsigned long long)offset<=file->f_dentry->d_inode->i_sb->s_maxbytes) {
More information about the Kernel-svn-changes
mailing list