[Bug 191208] [NEW] [linux-source] missing access checks

hk47 bugtracker at slideomania.com
Tue Feb 12 09:47:24 UTC 2008


Public bug reported:

Binary package hint: linux-source

References:
DSA-1494-1 (http://www.debian.org/security/2008/dsa-1494)

Quoting:
"The vmsplice system call did not properly verify address arguments
passed by user space processes, which allowed local attackers to
overwrite arbitrary kernel memory, gaining root privileges
(CVE-2008-0010, CVE-2008-0600).

In the vserver-enabled kernels, a missing access check on certain
symlinks in /proc enabled local attackers to access resources in other
vservers (CVE-2008-0163)."

** Affects: linux-meta (Ubuntu)
     Importance: Undecided
         Status: New

** Visibility changed to: Public

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-0010

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-0163

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-0600

-- 
[linux-source] missing access checks
https://bugs.launchpad.net/bugs/191208
You received this bug notification because you are a member of Kernel
Bugs, which is a bug contact for linux-meta in ubuntu.




More information about the kernel-bugs mailing list