SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  OS (Linux)  >  Linux Kernel Vendors:  kernel.org
Linux Kernel cpufreq Signed Integer Assignment Flaw Discloses Memory to Local Users
SecurityTracker Alert ID:  1009924
SecurityTracker URL:  http://securitytracker.com/id?1009924
CVE Reference:  CAN-2004-0228   (Links to External Site)
Date:  Apr 23 2004
Impact:  Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 2.4, 2.5, 2.6
Description:  A vulnerability was reported in the Linux kernel in the cpufreq_userspace proc handler. A local user may be able to read kernel memory.

Red Hat reported that the Linux kernel contains a signed integer boundary error in the cpufreq ioctl proc handler. A user-supplied signed integer is cast to a signed integer and then used in copying memory. As a result, a local user can read or write arbitrary amounts of kernel memory.

A local user can read arbitrary portions of kernel memory. A root-level user can also write to arbitrary memory locations.

The flaw resides in 'drivers/cpufreq/cpufreq_userspace.c'.

Brad Spengler is credited with discovering this flaw.
Impact:  A local user can read arbitrary portions of kernel memory.
Solution:  A fix is available in 'drivers/cpufreq/cpufreq_userspace.c' as of April 21, 2004.
Vendor URL:  www.kernel.org/ (Links to External Site)
Cause:  Access control error, Boundary error
Underlying OS:  Linux (Caldera/SCO), Linux (Conectiva), Linux (Debian), Linux (EnGarde), Linux (Gentoo), Linux (HP Secure OS), Linux (Immunix), Linux (Mandrake), Linux (Progeny Debian), Linux (Red Hat Enterprise), Linux (Red Hat Fedora), Linux (Red Hat Linux), Linux (SGI), Linux (Slackware), Linux (Sun), Linux (SuSE), Linux (Trustix), Linux (Turbo Linux), Linux (Xandros)

Message History:   This archive entry has one or more follow-up message(s) listed below.
May 4 2004 (SuSE Issues Fix) Linux Kernel cpufreq Signed Integer Assignment Flaw Discloses Memory to Local Users   (Roman Drahtmueller <draht@suse.de>)
SuSE has released a fix.
May 25 2004 (Mandrake Issues Fix) Linux Kernel cpufreq Signed Integer Assignment Flaw Discloses Memory to Local Users   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.


 Source Message Contents
Date:  Fri, 23 Apr 2004 13:11:32 -0400
Subject:  CAN-2004-0228

 

CVE: CAN-2004-0228

Red Hat reported that the Linux kernel contains a signed integer boundary error in the 
cpufreq ioctl proc handler.  A local user may be able to read arbitrary portions of kernel 
memory.

Brad Spengler is credited with discovering this flaw.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC