Bug 112893 - CAN-2003-0984 rtc leaks
Summary: CAN-2003-0984 rtc leaks
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 1
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Arjan van de Ven
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-01-05 15:51 UTC by Robert Scheck
Modified: 2007-11-30 22:10 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2004-01-07 21:48:35 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
The backported rtc patch for kernel-2.4.22-1.2138.nptl (5.81 KB, patch)
2004-01-06 00:22 UTC, Robert Scheck
no flags Details | Diff

Description Robert Scheck 2004-01-05 15:51:59 UTC
Description of problem:
Paul Starzetz discovered a flaw in bounds checking in mremap() in the
Linux kernel versions 2.4.23 and previous which may allow a local
attacker to gain root privileges. No exploit is currently available;
however, it is believed that this issue is exploitable (although not
trivially.)

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0985 to this issue.


Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space. 

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0984 to this issue.


Additional info:
Red Hat Linux 7.x, 8 and 9 are already patched against both issues.

Comment 1 Dave Jones 2004-01-05 22:45:47 UTC
Fixed in 2.4.22-1.2138


Comment 2 Robert Scheck 2004-01-05 23:08:26 UTC
You only fixed CAN-2003-0985 but I still can't find CAN-2003-0984 - either in changelog nor via grep through the patches.

Isn't that patch important?

> <trini:mvista.com>:
>   o /dev/rtc can leak parts of kernel memory to unpriviledged users

CAN-2003-0984 is fixed in the Red Hat Kernels...why not in that one of Fedora Core?

Comment 3 Robert Scheck 2004-01-06 00:22:19 UTC
Created attachment 96776 [details]
The backported rtc patch for kernel-2.4.22-1.2138.nptl

Why is the rtc patch ported to the old Red Hat kernels but not to the Fedora
kernel? Forgotten? I only appendet my patch in the file
linux-2.4.24pre-selected-patches.patch

Comment 4 Mark J. Cox 2004-01-06 10:07:42 UTC
CAN-2003-0984 is a fairly minor issue (a few bytes of kernel memory
can get leaked - although an attacker doesn't really have the ability
to control which bytes).  Leaving bug open until it gets fixed in some
future update.

Comment 5 Robert Scheck 2004-01-07 20:37:04 UTC
Strange - I thought after the response from mjc, it isn't such important, but today there was 2.4.22-1.2140 released...

Comment 6 Dave Jones 2004-01-07 21:48:35 UTC
Its fairly low impact, but a security issue nonetheless.



Note You need to log in before you can comment on or make changes to this bug.