LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

linux-source-2.6.8.1: multiple vulnerabilities

Package(s):linux-source-2.6.8.1 CVE #(s):CAN-2005-0176 CAN-2005-0177 CAN-2005-0178
Created:February 15, 2005 Updated:March 15, 2005
Description: Michael Kerrisk noticed an insufficient permission checking in the shmctl() function. Any process was permitted to lock/unlock any System V shared memory segment that fell within the the RLIMIT_MEMLOCK limit (that is the maximum size of shared memory that unprivileged users can acquire). This allowed am unprivileged user process to unlock locked memory of other processes, thereby allowing them to be swapped out. Usually locked shared memory is used to store passphrases and other sensitive content which must not be written to the swap space (where it could be read out even after a reboot). (CAN-2005-0176)

OGAWA Hirofumi noticed that the table sizes in nls_ascii.c were incorrectly set to 128 instead of 256. This caused a buffer overflow in some cases which could be exploited to crash the kernel. (CAN-2005-177)

A race condition was found in the terminal handling of the "setsid()" function, which is used to start new process sessions. (CAN-2005-178)

Alerts:
Ubuntu USN-95-1 2005-03-15
Conectiva CLA-2005:930 2005-03-07
Red Hat RHSA-2005:092-01 2005-02-18
Ubuntu USN-82-1 2005-02-15
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds