Bug 190077
Summary: | CVE-2006-2071 mprotect gives write permission to a readonly attachment | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 2.1 | Reporter: | Marcel Holtmann <holtmann> | ||||
Component: | kernel | Assignee: | Don Howard <dhoward> | ||||
Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 2.1 | CC: | security-response-team | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | ia64 | ||||||
OS: | Linux | ||||||
Whiteboard: | impact=moderate,public=20060417 | ||||||
Fixed In Version: | RHSA-2006-0580 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2006-07-13 11:55:45 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 143573 | ||||||
Attachments: |
|
Description
Marcel Holtmann
2006-04-27 11:26:03 UTC
The upstream fix can be found here: http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=0dba0f6b382bf360a1974fd78538273478dfc784 This is _not_ CVE-2006-1524. The commit message of the upstream fix is wrong. Created attachment 132028 [details]
Testcase for shmat/mprotect bug. Test should fail with -EPERM.
Fix looks good: .qa.[root@ia64-21as-bos root]# ./maywrite shm segment attached at 0x300000 shmaddr)[512] = mprotect() failed: Permission denied .qa.[root@ia64-21as-bos root]# echo $? 1 An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2006-0580.html |