| 1 |
Candidate: CVE-2009-2584
|
| 2 |
Description:
|
| 3 |
Off-by-one error in the options_write function in
|
| 4 |
drivers/misc/sgi-gru/gruprocfs.c in the SGI GRU driver in the Linux kernel
|
| 5 |
2.6.30.2 and earlier on ia64 and x86 platforms might allow local users to
|
| 6 |
overwrite arbitrary memory locations and gain privileges via a crafted count
|
| 7 |
argument, which triggers a stack-based buffer overflow.
|
| 8 |
References:
|
| 9 |
http://grsecurity.net/~spender/exploit_demo.c
|
| 10 |
http://lkml.org/lkml/2009/7/20/348
|
| 11 |
http://xorl.wordpress.com/2009/07/21/linux-kernel-sgi-gru-driver-off-by-one-overwrite
|
| 12 |
Ubuntu-Description:
|
| 13 |
Notes:
|
| 14 |
- high urgency since exploit code is currently in the wild
|
| 15 |
- the patch is still not applied upstream so i've sent a message upstream to lkml:
|
| 16 |
http://lkml.org/lkml/2009/11/4/538
|
| 17 |
Bugs:
|
| 18 |
upstream: released (2.6.32-rc7) [d39b7dd1dcbf394a1cb897457c862dafe9a20ac5], released (2.6.31.6) [42d7bdfc3320039bb9310703d6475a62f5c74772]
|
| 19 |
linux-2.6: released (2.6.31-2)
|
| 20 |
2.6.18-etch-security: N/A "code not present"
|
| 21 |
2.6.24-etch-security: N/A "code not present"
|
| 22 |
2.6.26-lenny-security: N/A "code not present"
|
Parent Directory
| 
Revision Log