SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   OS (Linux)  >   Linux Kernel Vendors:   kernel.org
(Mandrake Issues Fix) Linux Kernel cpufreq Signed Integer Assignment Flaw Discloses Memory to Local Users
SecurityTracker Alert ID:  1010271
SecurityTracker URL:  http://securitytracker.com/id/1010271
CVE Reference:   CAN-2004-0228   (Links to External Site)
Date:  May 25 2004
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.2, 10.0
Description:   A vulnerability was reported in the Linux kernel in the cpufreq_userspace proc handler. A local user may be able to read kernel memory.

Red Hat reported that the Linux kernel contains a signed integer boundary error in the cpufreq ioctl proc handler. A user-supplied signed integer is cast to a signed integer and then used in copying memory. As a result, a local user can read or write arbitrary amounts of kernel memory.

A local user can read arbitrary portions of kernel memory. A root-level user can also write to arbitrary memory locations.

The flaw resides in 'drivers/cpufreq/cpufreq_userspace.c'.

Brad Spengler is credited with discovering this flaw.
Impact:   A local user can read arbitrary portions of kernel memory.
Solution:   Mandrake has released a fix.

Mandrakelinux 10.0:
c27bdbed859af49a0e7400b2608394e9 10.0/RPMS/kernel-2.4.25.5mdk-1-1mdk.i586.rpm
2aa96fed17d8a9a82e9603b9f1ca112b 10.0/RPMS/kernel-2.6.3.13mdk-1-1mdk.i586.rpm
32df9053e07cac55d09a0bb962323e65 10.0/RPMS/kernel-enterprise-2.4.25.5mdk-1-1mdk.i586.rpm
9e4406b3df09e62913928d13fc1638a6 10.0/RPMS/kernel-enterprise-2.6.3.13mdk-1-1mdk.i586.rpm
fd4e9bedce11cd21bdcf0dc40301f2f1 10.0/RPMS/kernel-i686-up-4GB-2.4.25.5mdk-1-1mdk.i586.rpm
48ca6d4b319ff4b93c3f49242d9dab91 10.0/RPMS/kernel-i686-up-4GB-2.6.3.13mdk-1-1mdk.i586.rpm
7126bd36be90cda4292f16d43cd8df3f 10.0/RPMS/kernel-p3-smp-64GB-2.4.25.5mdk-1-1mdk.i586.rpm
1f4569fb3ee33a8ee392ec06833e85ae 10.0/RPMS/kernel-p3-smp-64GB-2.6.3.13mdk-1-1mdk.i586.rpm
d396431c7e9ec430a3a67f1e844bac74 10.0/RPMS/kernel-secure-2.6.3.13mdk-1-1mdk.i586.rpm
41958f6522922947a8fee8d199454946 10.0/RPMS/kernel-smp-2.4.25.5mdk-1-1mdk.i586.rpm
44b3d21a879e488b36ec6522f2ba1f56 10.0/RPMS/kernel-smp-2.6.3.13mdk-1-1mdk.i586.rpm
462effd5b3b452749994887cba792109 10.0/RPMS/kernel-source-2.4.25-5mdk.i586.rpm
3bbac2f69ac134f15211fdbfe48adca8 10.0/RPMS/kernel-source-2.6.3-13mdk.i586.rpm
f5ec5f36685134e6cc13f8e140c811a2 10.0/RPMS/kernel-source-stripped-2.6.3-13mdk.i586.rpm
ca54ddc53be37e332531e9c7574b282f 10.0/SRPMS/kernel-2.4.25.5mdk-1-1mdk.src.rpm
dd67df2cffe071aef5fad4691d4fcf01 10.0/SRPMS/kernel-2.6.3.13mdk-1-1mdk.src.rpm

Mandrakelinux 10.0/AMD64:
30130b0a95df43ab8bbc78034abb982e amd64/10.0/RPMS/kernel-2.4.25.5mdk-1-1mdk.amd64.rpm
6de514e0a70381d91358dcccc17b2047 amd64/10.0/RPMS/kernel-2.6.3.13mdk-1-1mdk.amd64.rpm
7d428529767fdb4f1e0586161c450252 amd64/10.0/RPMS/kernel-secure-2.6.3.13mdk-1-1mdk.amd64.rpm
20ed7696fa02ac41de642f18b4be5367 amd64/10.0/RPMS/kernel-smp-2.4.25.5mdk-1-1mdk.amd64.rpm
6820f8941edf150f0d31c7266a889604 amd64/10.0/RPMS/kernel-smp-2.6.3.13mdk-1-1mdk.amd64.rpm
2733b3696b80c6b6f14a1e5cd6aa7636 amd64/10.0/RPMS/kernel-source-2.4.25-5mdk.amd64.rpm
cf3cc155e7cf92790a7271d9bfc32337 amd64/10.0/RPMS/kernel-source-2.6.3-13mdk.amd64.rpm
c35af18fa10fd0293940cc0264a9fb30 amd64/10.0/RPMS/kernel-source-stripped-2.6.3-13mdk.amd64.rpm
ca54ddc53be37e332531e9c7574b282f amd64/10.0/SRPMS/kernel-2.4.25.5mdk-1-1mdk.src.rpm
dd67df2cffe071aef5fad4691d4fcf01 amd64/10.0/SRPMS/kernel-2.6.3.13mdk-1-1mdk.src.rpm

Mandrakelinux 9.2:
83b384a70158a22b07d1675b348a756e 9.2/RPMS/kernel-2.4.22.32mdk-1-1mdk.i586.rpm
d8dd19717e444638a4d86150a9b16f88 9.2/RPMS/kernel-enterprise-2.4.22.32mdk-1-1mdk.i586.rpm
231b42c760bb976d56f34f17fe524ed6 9.2/RPMS/kernel-i686-up-4GB-2.4.22.32mdk-1-1mdk.i586.rpm
2dd6754351b6d5a1a004e4ba94c6df4b 9.2/RPMS/kernel-p3-smp-64GB-2.4.22.32mdk-1-1mdk.i586.rpm
839e5c6fc4c346c187f6c6e9e847d407 9.2/RPMS/kernel-secure-2.4.22.32mdk-1-1mdk.i586.rpm
96d80a6197d075e3380aa27f64ad17d4 9.2/RPMS/kernel-smp-2.4.22.32mdk-1-1mdk.i586.rpm
299b347b46e5eafb070cfa9e75519fa5 9.2/RPMS/kernel-source-2.4.22-32mdk.i586.rpm
da504294cf4d64769b8cc3855c05e306 9.2/SRPMS/kernel-2.4.22.32mdk-1-1mdk.src.rpm

Mandrakelinux 9.2/AMD64:
2d16c561573580aba9a645b5db364fd0 amd64/9.2/RPMS/kernel-2.4.22.32mdk-1-1mdk.amd64.rpm
3d578c646f2b708e65e210e6f829c7c9 amd64/9.2/RPMS/kernel-secure-2.4.22.32mdk-1-1mdk.amd64.rpm
ae1baf4717dad49787ac9de697eb42b7 amd64/9.2/RPMS/kernel-smp-2.4.22.32mdk-1-1mdk.amd64.rpm
1959cb64b5eafafc8afba80db2cd50ee amd64/9.2/RPMS/kernel-source-2.4.22-32mdk.amd64.rpm
da504294cf4d64769b8cc3855c05e306 amd64/9.2/SRPMS/kernel-2.4.22.32mdk-1-1mdk.src.rpm
Vendor URL:  www.kernel.org/ (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  

Message History:   This archive entry is a follow-up to the message listed below.
Apr 23 2004 Linux Kernel cpufreq Signed Integer Assignment Flaw Discloses Memory to Local Users


 Source Message Contents
Date:  22 May 2004 05:18:24 -0000
Subject:  [Security Announce] MDKSA-2004:050 - Updated kernel packages fix


This is a multi-part message in MIME format...

------------=_1085182897-1124-648

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           kernel
 Advisory ID:            MDKSA-2004:050
 Date:                   May 21st, 2004

 Affected versions:	 10.0, 9.2
 ______________________________________________________________________

 Problem Description:

 Brad Spender discovered an exploitable bug in the cpufreq code in
 the Linux 2.6 kernel (CAN-2004-0228).
 
 As well, a permissions problem existed on some SCSI drivers; a fix
 from Olaf Kirch is provided that changes the mode from 0777 to 0600.
 
 This update also provides a 10.0/amd64 kernel with fixes for the
 previous MDKSA-2004:037 advisory as well as the above-noted fixes.
 
 The provided packages are patched to fix these vulnerabilities.  All
 users are encouraged to upgrade to these updated kernels.
 
 To update your kernel, please follow the directions located at:
 
   http://www.mandrakesoft.com/kernelupdate
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0228
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 c27bdbed859af49a0e7400b2608394e9  10.0/RPMS/kernel-2.4.25.5mdk-1-1mdk.i586.rpm
 2aa96fed17d8a9a82e9603b9f1ca112b  10.0/RPMS/kernel-2.6.3.13mdk-1-1mdk.i586.rpm
 32df9053e07cac55d09a0bb962323e65  10.0/RPMS/kernel-enterprise-2.4.25.5mdk-1-1mdk.i586.rpm
 9e4406b3df09e62913928d13fc1638a6  10.0/RPMS/kernel-enterprise-2.6.3.13mdk-1-1mdk.i586.rpm
 fd4e9bedce11cd21bdcf0dc40301f2f1  10.0/RPMS/kernel-i686-up-4GB-2.4.25.5mdk-1-1mdk.i586.rpm
 48ca6d4b319ff4b93c3f49242d9dab91  10.0/RPMS/kernel-i686-up-4GB-2.6.3.13mdk-1-1mdk.i586.rpm
 7126bd36be90cda4292f16d43cd8df3f  10.0/RPMS/kernel-p3-smp-64GB-2.4.25.5mdk-1-1mdk.i586.rpm
 1f4569fb3ee33a8ee392ec06833e85ae  10.0/RPMS/kernel-p3-smp-64GB-2.6.3.13mdk-1-1mdk.i586.rpm
 d396431c7e9ec430a3a67f1e844bac74  10.0/RPMS/kernel-secure-2.6.3.13mdk-1-1mdk.i586.rpm
 41958f6522922947a8fee8d199454946  10.0/RPMS/kernel-smp-2.4.25.5mdk-1-1mdk.i586.rpm
 44b3d21a879e488b36ec6522f2ba1f56  10.0/RPMS/kernel-smp-2.6.3.13mdk-1-1mdk.i586.rpm
 462effd5b3b452749994887cba792109  10.0/RPMS/kernel-source-2.4.25-5mdk.i586.rpm
 3bbac2f69ac134f15211fdbfe48adca8  10.0/RPMS/kernel-source-2.6.3-13mdk.i586.rpm
 f5ec5f36685134e6cc13f8e140c811a2  10.0/RPMS/kernel-source-stripped-2.6.3-13mdk.i586.rpm
 ca54ddc53be37e332531e9c7574b282f  10.0/SRPMS/kernel-2.4.25.5mdk-1-1mdk.src.rpm
 dd67df2cffe071aef5fad4691d4fcf01  10.0/SRPMS/kernel-2.6.3.13mdk-1-1mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 30130b0a95df43ab8bbc78034abb982e  amd64/10.0/RPMS/kernel-2.4.25.5mdk-1-1mdk.amd64.rpm
 6de514e0a70381d91358dcccc17b2047  amd64/10.0/RPMS/kernel-2.6.3.13mdk-1-1mdk.amd64.rpm
 7d428529767fdb4f1e0586161c450252  amd64/10.0/RPMS/kernel-secure-2.6.3.13mdk-1-1mdk.amd64.rpm
 20ed7696fa02ac41de642f18b4be5367  amd64/10.0/RPMS/kernel-smp-2.4.25.5mdk-1-1mdk.amd64.rpm
 6820f8941edf150f0d31c7266a889604  amd64/10.0/RPMS/kernel-smp-2.6.3.13mdk-1-1mdk.amd64.rpm
 2733b3696b80c6b6f14a1e5cd6aa7636  amd64/10.0/RPMS/kernel-source-2.4.25-5mdk.amd64.rpm
 cf3cc155e7cf92790a7271d9bfc32337  amd64/10.0/RPMS/kernel-source-2.6.3-13mdk.amd64.rpm
 c35af18fa10fd0293940cc0264a9fb30  amd64/10.0/RPMS/kernel-source-stripped-2.6.3-13mdk.amd64.rpm
 ca54ddc53be37e332531e9c7574b282f  amd64/10.0/SRPMS/kernel-2.4.25.5mdk-1-1mdk.src.rpm
 dd67df2cffe071aef5fad4691d4fcf01  amd64/10.0/SRPMS/kernel-2.6.3.13mdk-1-1mdk.src.rpm

 Mandrakelinux 9.2:
 83b384a70158a22b07d1675b348a756e  9.2/RPMS/kernel-2.4.22.32mdk-1-1mdk.i586.rpm
 d8dd19717e444638a4d86150a9b16f88  9.2/RPMS/kernel-enterprise-2.4.22.32mdk-1-1mdk.i586.rpm
 231b42c760bb976d56f34f17fe524ed6  9.2/RPMS/kernel-i686-up-4GB-2.4.22.32mdk-1-1mdk.i586.rpm
 2dd6754351b6d5a1a004e4ba94c6df4b  9.2/RPMS/kernel-p3-smp-64GB-2.4.22.32mdk-1-1mdk.i586.rpm
 839e5c6fc4c346c187f6c6e9e847d407  9.2/RPMS/kernel-secure-2.4.22.32mdk-1-1mdk.i586.rpm
 96d80a6197d075e3380aa27f64ad17d4  9.2/RPMS/kernel-smp-2.4.22.32mdk-1-1mdk.i586.rpm
 299b347b46e5eafb070cfa9e75519fa5  9.2/RPMS/kernel-source-2.4.22-32mdk.i586.rpm
 da504294cf4d64769b8cc3855c05e306  9.2/SRPMS/kernel-2.4.22.32mdk-1-1mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 2d16c561573580aba9a645b5db364fd0  amd64/9.2/RPMS/kernel-2.4.22.32mdk-1-1mdk.amd64.rpm
 3d578c646f2b708e65e210e6f829c7c9  amd64/9.2/RPMS/kernel-secure-2.4.22.32mdk-1-1mdk.amd64.rpm
 ae1baf4717dad49787ac9de697eb42b7  amd64/9.2/RPMS/kernel-smp-2.4.22.32mdk-1-1mdk.amd64.rpm
 1959cb64b5eafafc8afba80db2cd50ee  amd64/9.2/RPMS/kernel-source-2.4.22-32mdk.amd64.rpm
 da504294cf4d64769b8cc3855c05e306  amd64/9.2/SRPMS/kernel-2.4.22.32mdk-1-1mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAruKfmqjQ0CJFipgRAjZcAJ9M7JN8l+t3tZhvO0N5WlXUP1fCKgCgxGnb
ZYzKnsLHpec+SYNFdmHxLMM=
=zVv0
-----END PGP SIGNATURE-----


------------=_1085182897-1124-648
Content-Type: text/plain; name="message.footer"
Content-Disposition: inline; filename="message.footer"
Content-Transfer-Encoding: 8bit

____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________

------------=_1085182897-1124-648--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC