Bug 112893 - CAN-2003-0984 rtc leaks
Summary: CAN-2003-0984 rtc leaks
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel   
(Show other bugs)
Version: 1
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Arjan van de Ven
QA Contact: Brian Brock
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-01-05 15:51 UTC by Robert Scheck
Modified: 2007-11-30 22:10 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-01-07 21:48:35 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
The backported rtc patch for kernel-2.4.22-1.2138.nptl (5.81 KB, patch)
2004-01-06 00:22 UTC, Robert Scheck 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)

Description Robert Scheck 2004-01-05 15:51:59 UTC 
Description of problem:
Paul Starzetz discovered a flaw in bounds checking in mremap() in the
Linux kernel versions 2.4.23 and previous which may allow a local
attacker to gain root privileges. No exploit is currently available;
however, it is believed that this issue is exploitable (although not
trivially.)

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0985 to this issue.


Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space. 

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0984 to this issue.


Additional info:
Red Hat Linux 7.x, 8 and 9 are already patched against both issues.
Comment 1 Dave Jones 2004-01-05 22:45:47 UTC 
Fixed in 2.4.22-1.2138
Comment 2 Robert Scheck 2004-01-05 23:08:26 UTC 
You only fixed CAN-2003-0985 but I still can't find CAN-2003-0984 - either in changelog nor via grep through the patches.

Isn't that patch important?

> <trini:mvista.com>:
>   o /dev/rtc can leak parts of kernel memory to unpriviledged users

CAN-2003-0984 is fixed in the Red Hat Kernels...why not in that one of Fedora Core?
Comment 3 Robert Scheck 2004-01-06 00:22:19 UTC 
Created attachment 96776 [details]
The backported rtc patch for kernel-2.4.22-1.2138.nptl

Why is the rtc patch ported to the old Red Hat kernels but not to the Fedora
kernel? Forgotten? I only appendet my patch in the file
linux-2.4.24pre-selected-patches.patch
Comment 4 Mark J. Cox 2004-01-06 10:07:42 UTC 
CAN-2003-0984 is a fairly minor issue (a few bytes of kernel memory
can get leaked - although an attacker doesn't really have the ability
to control which bytes).  Leaving bug open until it gets fixed in some
future update.
Comment 5 Robert Scheck 2004-01-07 20:37:04 UTC 
Strange - I thought after the response from mjc, it isn't such important, but today there was 2.4.22-1.2140 released...
Comment 6 Dave Jones 2004-01-07 21:48:35 UTC 
Its fairly low impact, but a security issue nonetheless.
Note You need to log in before you can comment on or make changes to this bug.