Bug#300163: [CAN-2004-1191]: Race condition could allow local users to read unauthorized memory from "foreign memory pages."
Package: kernel-source-2.6.8 Version: 2.6.8-14 Severity: normal Tags: security patch CAN-2004-1191 reads: Race condition ... when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages." Apparantly it also allows remote attackers to obtain sensitive information, caused by a vulnerability in the smb_recv_trans2 function, could also send a specially-crafted TRANS2 SMB packet to cause a kernel memory leak. More information about this is here: http://www.novell.com/linux/security/advisories/2004_42_kernel.html http://xforce.iss.net/xforce/xfdb/18137 2.6.8 needs both these patches: http://linux.bkbits.net:8080/linux-2.6/[EMAIL PROTECTED]@1.1938.197.15 http://linux.bkbits.net:8080/linux-2.6/cset%4041e9a86bi4MvUzMJ8Ru62gdkFgHKtg The second patch has been applied to Debian's kernel-source-2.6.8, but the first is also needed. Micah -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (300, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.10-1-k7 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages kernel-source-2.6.8 depends on: ii binutils 2.15-5 The GNU assembler, linker and bina ii bzip2 1.0.2-5high-quality block-sorting file co ii coreutils [fileutils] 5.2.1-2The GNU core utilities ii fileutils 5.2.1-2The GNU file management utilities -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#300163: [CAN-2004-1191]: Race condition could allow local users to read unauthorized memory from "foreign memory pages."
On Wed, Mar 23, 2005 at 04:56:19PM +0900, Horms wrote: > On Thu, Mar 17, 2005 at 10:42:28PM -0600, Micah Anderson wrote: > > Package: kernel-source-2.6.8 > > Version: 2.6.8-14 > > Severity: normal > > Tags: security patch > > > > CAN-2004-1191 reads: > > > > Race condition ... when run on SMP systems that have more than 4GB of > > memory, could allow local users to read unauthorized memory from > > "foreign memory pages." Apparantly it also allows remote attackers to > > obtain sensitive information, caused by a vulnerability in the > > smb_recv_trans2 function, could also send a specially-crafted TRANS2 > > SMB packet to cause a kernel memory leak. > > FYI, this problem (or one that looks a lot like it) is also > present in 2.4.27 and I plan to include the following fixes > in kernel-source-2.4.27-9 > > http://linux.bkbits.net:8080/linux-2.4/[EMAIL PROTECTED] > http://linux.bkbits.net:8080/linux-2.4/[EMAIL PROTECTED] Correction, these changes were included in kernel-source-2.4.27-6. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#300163: [CAN-2004-1191]: Race condition could allow local users to read unauthorized memory from "foreign memory pages."
On Thu, Mar 17, 2005 at 10:42:28PM -0600, Micah Anderson wrote: > Package: kernel-source-2.6.8 > Version: 2.6.8-14 > Severity: normal > Tags: security patch > > CAN-2004-1191 reads: > > Race condition ... when run on SMP systems that have more than 4GB of > memory, could allow local users to read unauthorized memory from > "foreign memory pages." Apparantly it also allows remote attackers to > obtain sensitive information, caused by a vulnerability in the > smb_recv_trans2 function, could also send a specially-crafted TRANS2 > SMB packet to cause a kernel memory leak. FYI, this problem (or one that looks a lot like it) is also present in 2.4.27 and I plan to include the following fixes in kernel-source-2.4.27-9 http://linux.bkbits.net:8080/linux-2.4/[EMAIL PROTECTED] http://linux.bkbits.net:8080/linux-2.4/[EMAIL PROTECTED] -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#300163: [CAN-2004-1191]: Race condition could allow local users to read unauthorized memory from "foreign memory pages."
tag 300163 +pending thanks On Thu, Mar 17, 2005 at 10:42:28PM -0600, Micah Anderson wrote: > Package: kernel-source-2.6.8 > Version: 2.6.8-14 > Severity: normal > Tags: security patch > > CAN-2004-1191 reads: > > Race condition ... when run on SMP systems that have more than 4GB of > memory, could allow local users to read unauthorized memory from > "foreign memory pages." Apparantly it also allows remote attackers to > obtain sensitive information, caused by a vulnerability in the > smb_recv_trans2 function, could also send a specially-crafted TRANS2 > SMB packet to cause a kernel memory leak. > > More information about this is here: > http://www.novell.com/linux/security/advisories/2004_42_kernel.html > http://xforce.iss.net/xforce/xfdb/18137 > > 2.6.8 needs both these patches: > http://linux.bkbits.net:8080/linux-2.6/[EMAIL PROTECTED]@1.1938.197.15 > http://linux.bkbits.net:8080/linux-2.6/cset%4041e9a86bi4MvUzMJ8Ru62gdkFgHKtg > > The second patch has been applied to Debian's kernel-source-2.6.8, but > the first is also needed. Thanks, it was included once upon a time, but was removed as it was thought that the second patch replaced it, rather than adding to the fix. I have reinstated it in SVN and it should appear in kernel-source-2.6.8-16 -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#300163: [CAN-2004-1191]: Race condition could allow local users to read unauthorized memory from "foreign memory pages."
Processing commands for [EMAIL PROTECTED]: > tag 300163 +pending Bug#300163: [CAN-2004-1191]: Race condition could allow local users to read unauthorized memory from "foreign memory pages." Tags were: patch security Tags added: pending > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
