Bug 112893

Summary: CAN-2003-0984 rtc leaks
Product: [Fedora] Fedora Reporter: Robert Scheck <redhat-bugzilla>
Component: kernelAssignee: Arjan van de Ven <arjanv>
Status: CLOSED ERRATA QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 1CC: mitr, yeti
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-01-07 21:48:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
The backported rtc patch for kernel-2.4.22-1.2138.nptl none

Description Robert Scheck 2004-01-05 15:51:59 UTC
Description of problem:
Paul Starzetz discovered a flaw in bounds checking in mremap() in the
Linux kernel versions 2.4.23 and previous which may allow a local
attacker to gain root privileges. No exploit is currently available;
however, it is believed that this issue is exploitable (although not
trivially.)

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0985 to this issue.


Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space. 

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0984 to this issue.


Additional info:
Red Hat Linux 7.x, 8 and 9 are already patched against both issues.

Comment 1 Dave Jones 2004-01-05 22:45:47 UTC
Fixed in 2.4.22-1.2138


Comment 2 Robert Scheck 2004-01-05 23:08:26 UTC
You only fixed CAN-2003-0985 but I still can't find CAN-2003-0984 - either in changelog nor via grep through the patches.

Isn't that patch important?

> <trini:mvista.com>:
>   o /dev/rtc can leak parts of kernel memory to unpriviledged users

CAN-2003-0984 is fixed in the Red Hat Kernels...why not in that one of Fedora Core?

Comment 3 Robert Scheck 2004-01-06 00:22:19 UTC
Created attachment 96776 [details]
The backported rtc patch for kernel-2.4.22-1.2138.nptl

Why is the rtc patch ported to the old Red Hat kernels but not to the Fedora
kernel? Forgotten? I only appendet my patch in the file
linux-2.4.24pre-selected-patches.patch

Comment 4 Mark J. Cox 2004-01-06 10:07:42 UTC
CAN-2003-0984 is a fairly minor issue (a few bytes of kernel memory
can get leaked - although an attacker doesn't really have the ability
to control which bytes).  Leaving bug open until it gets fixed in some
future update.

Comment 5 Robert Scheck 2004-01-07 20:37:04 UTC
Strange - I thought after the response from mjc, it isn't such important, but today there was 2.4.22-1.2140 released...

Comment 6 Dave Jones 2004-01-07 21:48:35 UTC
Its fairly low impact, but a security issue nonetheless.