Bug 64171 (CVE-2004-1333)

Summary: VUL-0: CVE-2004-1333: kernel: local dos in tty handler
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Marcus Meissner <meissner>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2004-1333: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: tty2vendor.c
vtresize-26.patch
vtresize-24.patch

Description Marcus Meissner 2004-12-13 17:19:41 UTC 
From: Georgi Guninski <guninski@guninski.com> 
To: vendor-sec@lst.de 
header: best read with a sniffer 
User-Agent: Mutt/1.5.5.1i 
Subject: [vendor-sec] long live cve and mitre 
Errors-To: vendor-sec-admin@lst.de 
Date: Fri, 10 Dec 2004 16:02:45 +0200 
 
attached is a proggie. 
 
it is a little hard debugging it when run from *console*. 
 
tested on i386 2.6.9. 
 
kernel developers are notified with description of the problem.
Comment 1 Marcus Meissner 2004-12-13 17:19:41 UTC 
<!-- SBZ_reproduce  -->
see attached exploit.
Comment 2 Marcus Meissner 2004-12-13 17:20:11 UTC 
Created attachment 26994 [details]
tty2vendor.c

exploit from georgi
Comment 3 Hubert Mantel 2005-01-13 23:45:33 UTC 
Is someone working on a fix?
Comment 4 Marcus Meissner 2005-01-21 22:01:49 UTC 
raise a bit in prio
Comment 5 Marcus Meissner 2005-01-25 19:41:16 UTC 
http://linux.bkbits.net:8080/linux-2.6/diffs/drivers/char/vt.c%401.85?nav=index.html|
src/.|src/drivers|src/drivers/char|hist/drivers/char/vt.c
Comment 6 Marcus Meissner 2005-01-25 19:43:03 UTC 
Created attachment 27902 [details]
vtresize-26.patch
Comment 7 Marcus Meissner 2005-01-25 19:48:01 UTC 
Created attachment 27903 [details]
vtresize-24.patch
Comment 8 Marcus Meissner 2005-01-25 19:48:18 UTC 
last 2 attachments are patches from mainline kernels.
Comment 9 Marcus Meissner 2005-01-26 23:19:55 UTC 
this is public
Comment 10 Hubert Mantel 2005-01-26 23:41:33 UTC 
Ok, I just committed the fixes to all trees except the SLES9 SP1 tree. Someone
needs to decide what to do with this one...
Comment 11 Marcus Meissner 2005-01-26 23:46:16 UTC 
is public, so move to suselinux category
Comment 12 Ralf Flaxa 2005-01-27 01:10:15 UTC 
I approve it to also go into the next maintenance/security update kernel.
Comment 13 Ralf Flaxa 2005-01-31 16:46:53 UTC 
Assigning back to security-team. 
Apparently forgot that when adding my last comment.
Comment 14 Marcus Meissner 2005-02-05 01:06:35 UTC 
released for 9.1/SP1 branch. 
 
other products still missing, will in their next update round.
Comment 15 Marcus Meissner 2005-03-14 14:01:56 UTC 
marcus tracked
Comment 16 Marcus Meissner 2005-03-17 15:50:20 UTC 
CAN-2004-1333
Comment 17 Marcus Meissner 2005-03-24 17:21:10 UTC 
updates and advisory released
Comment 18 Thomas Biege 2009-10-13 20:03:38 UTC 
CVE-2004-1333: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)