Debian Bug report logs - #330353
kernel-source-2.6.8: CAN-2005-3053

Package: kernel-source-2.6.8; Maintainer for kernel-source-2.6.8 is (unknown);

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Tue, 27 Sep 2005 17:48:04 UTC

Severity: important

Tags: sarge, security

Done: Martin Michlmayr <tbm@cyrius.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#330353; Package linux-2.6. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Kernel Team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: linux-2.6: Two more local DoS vulnerabilities
Date: Tue, 27 Sep 2005 19:37:33 +0200
Package: linux-2.6
Severity: important
Tags: security

Two more local denial-of-service vulnerabilities have been
found in the Linux 2.6 kernel:

CAN-2005-3055:
Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service
(kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a
USB device and terminates before the URB is finished, which leads to a stale
pointer reference.

http://marc.theaimsgroup.com/?l=linux-kernel&m=112766129313883

Linus refused the above patch on technical grounds, there was a short folloup-
thread on linux-kernel.

CAN-2005-3053:
The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x allows local
users to cause a denial of service (kernel BUG()) via a negative first argument.

http://linux.bkbits.net:8080/linux-2.6/cset@42eef8b09C5r6iI0LuMe5Uy3k05c5g

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc1
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#330353; Package linux-2.6. Full text and rfc822 format available.

Acknowledgement sent to dann frazier <dannf@dannf.org>:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #10 received at submit@bugs.debian.org (full text, mbox):

From: dann frazier <dannf@dannf.org>
To: 330353@bugs.debian.org, Moritz Muehlenhoff <jmm@inutil.org>
Cc: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Re: Bug#330353: linux-2.6: Two more local DoS vulnerabilities
Date: Tue, 27 Sep 2005 15:57:50 -0600
retitle 330353 kernel-source-2.6.8: CAN-2005-3053
reassign 330353 kernel-source-2.6.8
tags 330353 + sarge
thanks

On Tue, 2005-09-27 at 19:37 +0200, Moritz Muehlenhoff wrote:
> Package: linux-2.6
> Severity: important
> Tags: security
> 
> Two more local denial-of-service vulnerabilities have been
> found in the Linux 2.6 kernel:
> 
> CAN-2005-3055:
> Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service
> (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a
> USB device and terminates before the URB is finished, which leads to a stale
> pointer reference.

Thanks Moritz.

This one is already covered by #330287, so let's track it there.  In
general, its easier to deal with one issue per bug report.

> CAN-2005-3053:
> The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x allows local
> users to cause a denial of service (kernel BUG()) via a negative first argument.
> 
> http://linux.bkbits.net:8080/linux-2.6/cset@42eef8b09C5r6iI0LuMe5Uy3k05c5g

I've included this patch in our sarge and sarge-security branches of
2.6.8.  This patch is part of the patch-2.6.12.5 patch, which was
included as part of linux-2.6 (2.6.12-3).  This patch was already
included in the upstream release of 2.6.13.





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#330353; Package linux-2.6. Full text and rfc822 format available.

Acknowledgement sent to dann frazier <dannf@dannf.org>:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Changed Bug title. Request was from dann frazier <dannf@dannf.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug reassigned from package `linux-2.6' to `kernel-source-2.6.8'. Request was from dann frazier <dannf@dannf.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: sarge Request was from dann frazier <dannf@dannf.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian kernel team <debian-kernel@lists.debian.org>:
Bug#330353; Package kernel-source-2.6.8. Full text and rfc822 format available.

Acknowledgement sent to Horms <horms@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian kernel team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #26 received at 330353@bugs.debian.org (full text, mbox):

From: Horms <horms@debian.org>
To: control@bugs.debian.org
Cc: 322273@bugs.debian.org, 328389@bugs.debian.org, 330353@bugs.debian.org
Subject: pending bugs galore
Date: Thu, 6 Oct 2005 14:07:25 +0900
tag 322273 +pending
tag 328389 +pending
tag 330353 +pending
thanks

These bugs are fixed for 2.6.8 in SVN and are pending release.
#322273: CAN-2005-2456: XFRM array index buffer overflow
#328389: CAN-2005-2800: memory leak in scsi procfs leads to local DoS
#330353: kernel-source-2.6.8: CAN-2005-3053


-- 
Horms



Tags added: pending Request was from Horms <horms@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Martin Michlmayr <tbm@cyrius.com>:
You have taken responsibility. (Fri, 14 Nov 2008 18:00:09 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Fri, 14 Nov 2008 18:00:10 GMT) Full text and rfc822 format available.

Message #33 received at 330353-done@bugs.debian.org (full text, mbox):

From: Martin Michlmayr <tbm@cyrius.com>
To: 330353-done@bugs.debian.org
Subject: 2.6.8 kernel removed from Debian
Date: Fri, 14 Nov 2008 18:58:18 +0100
The 2.6.8 kernel is no longer supported by Debian so I'm closing
your bug report.  Please try the 2.6.26 kernel from Debian lenny.
If this issue is still present, let me know.

Thanks.

-- 
Martin Michlmayr
http://www.cyrius.com/




Information forwarded to debian-bugs-dist@lists.debian.org, unknown-package@qa.debian.org:
Bug#330353; Package kernel-source-2.6.8. (Fri, 14 Nov 2008 18:24:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to unknown-package@qa.debian.org. (Fri, 14 Nov 2008 18:24:04 GMT) Full text and rfc822 format available.

Message #38 received at 330353@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: 330353@bugs.debian.org
Subject: Re: Bug#330353 closed by Martin Michlmayr <tbm@cyrius.com> (2.6.8 kernel removed from Debian)
Date: Fri, 14 Nov 2008 19:21:54 +0100
On Fri, Nov 14, 2008 at 06:00:10PM +0000, Debian Bug Tracking System wrote:
> The 2.6.8 kernel is no longer supported by Debian so I'm closing
> your bug report.  Please try the 2.6.26 kernel from Debian lenny.
> If this issue is still present, let me know.

This was fixed in 2.6.12.5, so it's properly closed.

Cheers,
        Moritz




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 13 Dec 2008 07:35:30 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 22:30:57 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.