144520 – 2.6 scsi ioctl integer overflow and information leak

Bug 144520 - 2.6 scsi ioctl integer overflow and information leak

Summary: 2.6 scsi ioctl integer overflow and information leak

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 2.1
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	2.1
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Dave Jones
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:	public=20060107,impact=important
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-01-07 21:50 UTC by Josh Bressers
Modified:	2015-01-04 22:15 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-01-07 22:00:54 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Josh Bressers 2005-01-07 21:50:42 UTC

*** This bug has been split off bug 144519 ***

------- Original comment by Josh Bressers (Security Response Team) on 2005.01.07
16:47 -------

grsecurity announcement to full-disclosure
http://lists.netsys.com/pipermail/full-disclosure/2005-January/030660.html

It would seem that user input controlls the integers being overflowed.  It looks
like a malicious user should be able to alter kernel memory.

The fix for this issue is in attachment 109500 [details]

Comment 1 Josh Bressers 2005-01-07 22:00:54 UTC

This issue does not affect the 2.4 kernel.  I copied the wrong text when I filed
this.  I'm just closing it.

Note You need to log in before you can comment on or make changes to this bug.