Info

Disclosure

Jun 29, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A local overflow exists in the Sbus PROM driver in the Linux kernel. The copyin_string function fails to check if an integer is signed resulting in an integer overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity, and/or availability.

Classification

Location: Local Access Required
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.4.19 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

kernel.org	Linux	2.4.0
		2.4.1
		2.4.2
		2.4.3
		2.4.4
		2.4.5
		2.4.6
		2.4.7
		2.4.8
		2.4.9
		2.4.10
		2.4.11
		2.4.12
		2.4.13
		2.4.14
		2.4.15
		2.4.16
		2.4.17
		2.4.18

References

Security Tracker: 1010617
Bugtraq ID: 10632
Secunia Advisory ID: 11981 29058
CVE ID: 2004-2731 (see also: NVD)
Related OSVDB ID: 8363
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-06/0463.html
Generic Informational URL: http://linux.bkbits.net:8080/linux-2.4/related/drivers/sbus/char/openprom.c?nav=index.html|src/.|src/drivers|src/drivers/sbus|src/drivers/sbus/char
Other Advisory URL: http://lists.debian.org/debian-security-announce/2008/msg00067.html
http://www.securiteam.com/unixfocus/5GP0515DFW.html

Credit

Sean - infamous41mdhotpop.com -

Direct URL: http://osvdb.org/7345

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

kernel.org

Linux

References

Credit