[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request - kernel: information leak in sigaltstack
From:       Solar Designer <solar () openwall ! com>
Date:       2009-08-26 4:07:51
Message-ID: 20090826040751.GA20809 () openwall ! com
[Download RAW message or body]

Steve,

On Tue, Aug 18, 2009 at 04:54:43PM -0400, Steven M. Christey wrote:
> On Tue, 4 Aug 2009, Eugene Teo wrote:
> 
> > do_sigaltstack: avoid copying 'stack_t' as a structure to user space
> 
> 
> ======================================================
> Name: CVE-2009-2847
[...]
> The do_sigaltstack function in kernel/signal.c in Linux kernel 2.6
> before 2.6.31-rc5, when running on 64-bit systems, does not clear
> certain padding bytes from a structure, which allows local users to
> obtain sensitive information from the kernel stack via the sigaltstack
> function.

As far as I'm aware, this also affects 2.4 (I did not actively test for
it, but the vulnerable code is there).  I've included a fix for it in
2.4.37.5-ow1, and I expect that Willy will fix it in his next release
(likely 2.4.37.6).

Alexander
[prev in list] [next in list] [prev in thread] [next in thread]