Bug 132748 (CVE-2005-3276)

Summary: VUL-0: CVE-2005-3276: kernel: local memory leakage in sys_get_thread_area
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Olaf Kirch <okir>
Status: RESOLVED WONTFIX QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVE-2005-3276: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: the patch

Description Marcus Meissner 2005-11-08 16:44:36 UTC 
CVE-2005-3276

The sys_get_thread_area function in process.c in Linux 2.6 before 2.6.12.4 and 2.6.13 does not clear a data structure before copying it to userspace, which might allow a user process to obtain sensitive information. 

CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@42e81864gSEM90Oun0jA8dufpM3inw 
CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=71ae18ec690953e9ba7107c7cc44589c2cc0d9f1 
CONFIRM:http://lkml.org/lkml/2005/8/3/36
Comment 1 Olaf Kirch 2005-11-09 08:58:26 UTC 
I think these info leak issues are really lame. This is your local kernel
stack you're leaking data from - so your chances are really really slim
to find anything useful there.
Comment 2 Olaf Kirch 2005-11-09 09:06:37 UTC 
Created attachment 56746 [details]
the patch
Comment 3 Olaf Kirch 2005-11-11 14:25:14 UTC 
Marcus, please let me know if you really think this is a must-have.
I think it's a WONTFIX, but if you want it fixed we can do it of course.
It's not a very complex patch :)
Comment 4 Marcus Meissner 2005-11-11 14:45:56 UTC 
yes. i agree. near impossible to exploit too.
Comment 5 Thomas Biege 2009-10-13 20:33:33 UTC 
CVE-2005-3276: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)