Secure testing team - Mar 2006 - A new round of kernel vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


These are the CVE assignments I requested from Mitre for the security
patches that have been already applied to the 2.6.8sarge1 update.
I will work with horms to get these added to the changelog entries
next to the patches which address the problems.

Micah


Moritz Muehlenhoff wrote:
> Hi, as usual; to minimize the overhead I''m sending these again by
> email and not through the BTS.
>
> CAN-2005-3110: DoS on SMP, potentially 2.4 and 2.6
>
http://sourceforge.net/mailarchive/forum.php?thread_id=6800453&forum_id=8572
>
>
> CAN-2005-3109: Local DoS through oops by mounting a non-HFS+
> filesystem as HFS+.
>
http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=945b092011c6af71a0107be96e119c8c08776f3f
>
>
> CAN-2005-3108: DoS and potential information leak in ioremap
> (seemingly specific to amd64)
>
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2
>
>
> CAN-2005-3107: Local DoS through threads tracing each other by
> forcing a core dump, while the traced thread is in TASK_TRACED
> state.
>
http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.11-rc1/2.6.11-rc1-mm1/broken-out/fix-coredump_wait-deadlock-with-ptracer-tracee-on-shared-mm.patch
>
>
> CAN-2005-3106: DoS through race condition in processes that share a
> memory mapping through CLONE_VM
>
http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.156?nav=index.html|src/|src/fs|hist/fs/exec.c
>
>
> CAN-2005-3105: ia64 Montecito CPU do not maintain cache coherency
> correctly, which can be exploited by a local DoS.
>
http://linux.bkbits.net:8080/linux-2.6/cset@4248d4019z8HvgrPAji51TKrWiV2uw?nav=index.html|src/|src/mm|related/mm/mprotect.c
>
>
> Cheers, Moritz
>
> _______________________________________________ Secure-testing-team
> mailing list Secure-testing-team@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDRTQT9n4qXRzy1ioRAoKRAJsGUSRaKIlxe6VVzEJquG7WktwGhgCglpe9
f6eFq6/pL8jWckbN5BIcyVY=2dBi
-----END PGP SIGNATURE-----

On Thu, Oct 06, 2005 at 03:16:26PM +0200, Moritz Muehlenhoff
wrote:
> Hi,
> as usual; to minimize the overhead I''m sending these again by
email and not
> through the BTS.
thanks, I''ve put that in my new holding pen,
kernel/people/horms/patch_note on svn.debian.org as
newcve-2005-10-06

I''m not sure if putting stuff there is actually going to 
be useful to me or anyone else. But I guess we are going
to find out :)

-- 
Horms

Hi,
as usual; to minimize the overhead I''m sending these again by email and
not
through the BTS.

CAN-2005-3110:
DoS on SMP, potentially 2.4 and 2.6
http://sourceforge.net/mailarchive/forum.php?thread_id=6800453&forum_id=8572

CAN-2005-3109:
Local DoS through oops by mounting a non-HFS+ filesystem as HFS+.
http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=945b092011c6af71a0107be96e119c8c08776f3f

CAN-2005-3108:
DoS and potential information leak in ioremap (seemingly specific to amd64)
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2

CAN-2005-3107:
Local DoS through threads tracing each other by forcing a core dump, while the
traced
thread is in TASK_TRACED state.
http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.11-rc1/2.6.11-rc1-mm1/broken-out/fix-coredump_wait-deadlock-with-ptracer-tracee-on-shared-mm.patch

CAN-2005-3106:
DoS through race condition in processes that share a memory mapping through
CLONE_VM
http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.156?nav=index.html|src/|src/fs|hist/fs/exec.c

CAN-2005-3105:
ia64 Montecito CPU do not maintain cache coherency correctly, which can be
exploited by
a local DoS.
http://linux.bkbits.net:8080/linux-2.6/cset@4248d4019z8HvgrPAji51TKrWiV2uw?nav=index.html|src/|src/mm|related/mm/mprotect.c

Cheers,
        Moritz