Bug 177313 - CVE-2005-4618 sysctl overflow
Summary: CVE-2005-4618 sysctl overflow
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: kernel
Version: 2.1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Don Howard
QA Contact: Brian Brock
URL:
Whiteboard: reported=20051231,source=lkml,impact=...
Depends On:
Blocks: 143573
TreeView+ depends on / blocked
 
Reported: 2006-01-09 15:52 UTC by Mark J. Cox
Modified: 2007-11-30 22:06 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-10-19 19:20:04 UTC


Attachments (Terms of Use)

Description Mark J. Cox 2006-01-09 15:52:22 UTC
+++ This bug was initially created as a clone of Bug #177311 +++

CVE defines CVE-2005-4618 as:
"Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows local
users to cause a denial of service and possibly execute arbitrary code via a
long string, which causes sysctl to write a zero byte outside the buffer."

This is fixed by
        http://linux.bkbits.net:8080/linux-2.6/cset@43b729ad5Zc6t6URyaHNNtodT1nRpg

I can't see a useful attack vector here, writing a character to one spot after a
userland buffer seems to me likely at the worst to crash your userland program,
and not cause a DoS or privilege escalation.  So we have marked this severity
low but this could equally be severity none (kernel maintainers please let us
know what you think after analysis)

Comment 1 RHEL Product and Program Management 2007-10-19 19:20:04 UTC
This bug is filed against RHEL2.1, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products.  Since
this bug does not meet that criteria, it is now being closed.

For more information of the RHEL errata support policy, please visit:
http://www.redhat.com/security/updates/errata/

If you feel this bug is indeed mission critical, please contact your
support representative.  You may be asked to provide detailed
information on how this bug is affecting you.


Note You need to log in before you can comment on or make changes to this bug.