Bug 112893 - CAN-2003-0984 rtc leaks
CAN-2003-0984 rtc leaks
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Arjan van de Ven
Brian Brock
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-01-05 10:51 EST by Robert Scheck
Modified: 2007-11-30 17:10 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-01-07 16:48:35 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
The backported rtc patch for kernel-2.4.22-1.2138.nptl (5.81 KB, patch)
2004-01-05 19:22 EST, Robert Scheck
no flags Details | Diff

  None (edit)
Description Robert Scheck 2004-01-05 10:51:59 EST
Description of problem:
Paul Starzetz discovered a flaw in bounds checking in mremap() in the
Linux kernel versions 2.4.23 and previous which may allow a local
attacker to gain root privileges. No exploit is currently available;
however, it is believed that this issue is exploitable (although not
trivially.)

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0985 to this issue.


Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space. 

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0984 to this issue.


Additional info:
Red Hat Linux 7.x, 8 and 9 are already patched against both issues.
Comment 1 Dave Jones 2004-01-05 17:45:47 EST
Fixed in 2.4.22-1.2138
Comment 2 Robert Scheck 2004-01-05 18:08:26 EST
You only fixed CAN-2003-0985 but I still can't find CAN-2003-0984 - either in changelog nor via grep through the patches.

Isn't that patch important?

> <trini:mvista.com>:
>   o /dev/rtc can leak parts of kernel memory to unpriviledged users

CAN-2003-0984 is fixed in the Red Hat Kernels...why not in that one of Fedora Core?
Comment 3 Robert Scheck 2004-01-05 19:22:19 EST
Created attachment 96776 [details]
The backported rtc patch for kernel-2.4.22-1.2138.nptl

Why is the rtc patch ported to the old Red Hat kernels but not to the Fedora
kernel? Forgotten? I only appendet my patch in the file
linux-2.4.24pre-selected-patches.patch
Comment 4 Mark J. Cox (Product Security) 2004-01-06 05:07:42 EST
CAN-2003-0984 is a fairly minor issue (a few bytes of kernel memory
can get leaked - although an attacker doesn't really have the ability
to control which bytes).  Leaving bug open until it gets fixed in some
future update.
Comment 5 Robert Scheck 2004-01-07 15:37:04 EST
Strange - I thought after the response from mjc, it isn't such important, but today there was 2.4.22-1.2140 released...
Comment 6 Dave Jones 2004-01-07 16:48:35 EST
Its fairly low impact, but a security issue nonetheless.

Note You need to log in before you can comment on or make changes to this bug.