Red Hat Bugzilla – Bug 112893
CAN-2003-0984 rtc leaks
Last modified: 2007-11-30 17:10:35 EST
Description of problem: Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux kernel versions 2.4.23 and previous which may allow a local attacker to gain root privileges. No exploit is currently available; however, it is believed that this issue is exploitable (although not trivially.) The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0985 to this issue. Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0984 to this issue. Additional info: Red Hat Linux 7.x, 8 and 9 are already patched against both issues.
Fixed in 2.4.22-1.2138
You only fixed CAN-2003-0985 but I still can't find CAN-2003-0984 - either in changelog nor via grep through the patches. Isn't that patch important? > <trini:mvista.com>: > o /dev/rtc can leak parts of kernel memory to unpriviledged users CAN-2003-0984 is fixed in the Red Hat Kernels...why not in that one of Fedora Core?
Created attachment 96776 [details] The backported rtc patch for kernel-2.4.22-1.2138.nptl Why is the rtc patch ported to the old Red Hat kernels but not to the Fedora kernel? Forgotten? I only appendet my patch in the file linux-2.4.24pre-selected-patches.patch
CAN-2003-0984 is a fairly minor issue (a few bytes of kernel memory can get leaked - although an attacker doesn't really have the ability to control which bytes). Leaving bug open until it gets fixed in some future update.
Strange - I thought after the response from mjc, it isn't such important, but today there was 2.4.22-1.2140 released...
Its fairly low impact, but a security issue nonetheless.