Hide Forgot
Description of the problem: A buffer overrun flaw was found in kernels from 3.0 to 3.4 when calling log_prefix() function from call_console_drivers(). In log_prefix(), the access to "p[1]", "p[2]" or "simple_strtoul(&p[1], &endp, 10)" may cause a buffer overflow as this function is called from call_console_drivers by passing "&LOG_BUF(cur_index)" where the index must be masked to do not exceed the buffer's boundary. A local user able to write to /dev/kmsg could use this flaw to crash the system. Note: /dev/kmsg is root writable only (at least on RHEL/Fedora), but it still might cause issues in restricted root environments. References: https://bugs.gentoo.org/458780 https://secunia.com/advisories/52366/
Statement: This issue did not affect the versions of kernel package as shipped with Red Hat Enterprise Linux 5 and 6. Future kernel updates for Red Hat Enterprise MRG 2 may address this flaw.
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2013:0566 https://rhn.redhat.com/errata/RHSA-2013-0566.html