Bug 172357 - CVE-2005-3257 loadkeys key bindings
CVE-2005-3257 loadkeys key bindings
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
4.0
All Linux
medium Severity low
: ---
: ---
Assigned To: Aristeu Rozanski
Brian Brock
impact=low,public=20051015
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-11-03 05:53 EST by Mark J. Cox (Product Security)
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version: RHBA-2007-0304
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-05-01 19:55:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
updated patch (664 bytes, patch)
2006-05-10 15:16 EDT, Aristeu Rozanski
no flags Details | Diff
patch in FC-5 kdb package (671 bytes, patch)
2006-05-11 09:56 EDT, Aristeu Rozanski
no flags Details | Diff

  None (edit)
Description Mark J. Cox (Product Security) 2005-11-03 05:53:15 EST
"The VT implementation (vt_ioctl.c) allows local users to use certain IOCTLs on
terminals of other users and gain privileges, as demonstrated by modifying key
bindings using loadkeys"

Thread here:
http://www.gossamer-threads.com/lists/linux/kernel/580641

Committed upstream fix to allow only root to use setkeys:       
http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0b360adbdb54d5b98b78d57ba0916bc4b8871968
Comment 1 Aristeu Rozanski 2006-05-10 15:16:44 EDT
Created attachment 128857 [details]
updated patch

updated patch based on e3f17f0f6e98f58edb13cb38810d93e6d4808e68 commit
Comment 2 Aristeu Rozanski 2006-05-11 07:45:59 EDT
ok, tested it on RHEL4 but it seems to break initscripts package assumption
(/etc/profile.d/lang.sh) of an user being able to load keymaps. probably this
fix is already on Fedora, so I'll take a look how they fixed this.
Comment 3 Aristeu Rozanski 2006-05-11 09:33:00 EDT
the fix done in fedora was to add 'kbd-1.12-no-user-map.patch' patch to kbd
package, that I'll add here just for reference
Comment 4 Aristeu Rozanski 2006-05-11 09:56:55 EDT
Created attachment 128887 [details]
patch in FC-5 kdb package

time to check if this fits on U5 or will have to wait until RHEL-5
Comment 10 RHEL Product and Program Management 2006-09-07 15:35:57 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 11 RHEL Product and Program Management 2006-09-07 15:35:58 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 12 RHEL Product and Program Management 2006-09-07 15:36:26 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 14 Jason Baron 2006-10-03 13:09:28 EDT
committed in stream U5 build 42.15. A test kernel with this patch is available
from http://people.redhat.com/~jbaron/rhel4/
Comment 17 Red Hat Bugzilla 2007-05-01 19:55:09 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0304.html

Note You need to log in before you can comment on or make changes to this bug.