[Secure-testing-team] Re: Three more security problems in the 2.6
kernel
Moritz Muehlenhoff
jmm at inutil.org
Tue Oct 11 20:30:42 UTC 2005
Horms wrote:
> > I found three more security related reports/patches on linux-kernel.
>
> As mentioned elsewhere, the first (request_key_auth memleek) is CAN-2005-3119.
> Can we get CAN numbers for the other two?
Here they are:
> > From: Dave Jones <davej at redhat.com>
> >
> > Please consider for next 2.6.13, it is a minor security issue allowing
> > users to turn on drm debugging when they shouldn't...
======================================================
Candidate: CAN-2005-3179
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3179
Reference: CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=d7067d7d1f92cba14963a430cfbd53098cbbc8fd
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=107893
drm.c in Linux kernel 2.6.13 and earlier creates a debug file in sysfs
with world-readable and world-writable permissions, which allows local
users to enable DRM debugging and obtain sensitive information.
> > From: Pavel Roskin <proski at gnu.org>
> >
> > The orinoco driver can send uninitialized data exposing random pieces of
> > the system memory. This happens because data is not padded with zeroes
> > when its length needs to be increased.
======================================================
Candidate: CAN-2005-3180
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3180
Reference: CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=feecb2ffde28639e60ede769c6f817dc536c677b
The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does
not properly clear memory from a previously used packet whose length
is increased, which allows remote attackers to obtain sensitive
information.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list