93652 – (CVE-2005-2500) VUL-0: CVE-2005-2500: kernel: Overflow in xdr input validation

Bug 93652 (CVE-2005-2500) - VUL-0: CVE-2005-2500: kernel: Overflow in xdr input validation

Summary: VUL-0: CVE-2005-2500: kernel: Overflow in xdr input validation

Status:	RESOLVED DUPLICATE of bug 105101

Alias:	CVE-2005-2500

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other All

Priority:	P5 - None Severity: Critical
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	CVE-2005-2500: CVSS v2 Base Score: 7....
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-06-23 10:40 UTC by Andreas Gruenbacher
Modified:	2021-11-04 16:21 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Proposed fix (1.19 KB, patch) 2005-06-23 10:42 UTC, Andreas Gruenbacher	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Gruenbacher 2005-06-23 10:40:52 UTC

The bounds check in xdr_xcode_array2 can overflow. Reported by  
Florian Weimer <fw@deneb.enyo.de>. This affects the nfsacl protocol.

Comment 1 Andreas Gruenbacher 2005-06-23 10:42:01 UTC

Created attachment 39735 [details]
Proposed fix

Already in the SP2 CVS, so it will be in RC4.

Comment 2 Marcus Meissner 2005-06-23 10:43:11 UTC

please assign and/or cc security team on such issues generally ;) 
 
ccing the oither usual suspects too.

Comment 3 Marcus Meissner 2005-06-27 08:21:06 UTC

potential remote dos

Comment 4 Marcus Meissner 2005-06-27 09:13:05 UTC

please apply to all 2.6 based branches. 
 
(SL92, SL93 are missing I think.) 
 
Is 2.4 affected too?

Comment 5 Marcus Meissner 2005-06-27 09:34:01 UTC

just looked at 2.4.21 ... it has way less xdr stuff and is not affected by 
this problem 
 
assign to agruen for apply

Comment 6 Andreas Gruenbacher 2005-06-27 09:47:58 UTC

It's on the SL91, SL92, SL93, and SLES9_SP1 branches as well now. 2.4 is not  
affected. Back to security team.

Comment 7 Marcus Meissner 2005-06-30 15:32:21 UTC

thanks!

Comment 8 Ludwig Nussel 2005-07-25 09:44:30 UTC

Did this come from upstream or directly to us? Does it have a CAN#?

Comment 9 Andreas Gruenbacher 2005-07-25 09:55:39 UTC

It came via the LKML. I don't think it has a CAN #.

Comment 10 Ludwig Nussel 2005-08-04 07:12:39 UTC

updates released

Comment 11 Marcus Meissner 2005-08-09 07:49:12 UTC

====================================================== 
Candidate: CAN-2005-2500 
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2500 
Reference: MISC:http://lkml.org/lkml/2005/6/23/19 
Reference: CONFIRM:http://lkml.org/lkml/2005/6/23/126 
Reference: SUSE:SUSE-SA:2005:044 
Reference: 
+URL:http://www.novell.com/linux/security/advisories/2005_44_kernel.html 
 
Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux 
kernel 2.6.5 and earlier might allow remote attackers to cause a 
denial of service and possibly execute arbitrary code via crafted XDR 
data for the nfsacl protocol.

Comment 12 Olaf Hering 2005-08-17 15:12:46 UTC

I have disabled the patch, it conflicts with this commit from 2.6.13-rc6-git9:

http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=58fcb8df0bf663bb6b8f46cd3010bfe8d13d97cf

Comment 13 Andreas Gruenbacher 2005-08-17 15:23:23 UTC

This has resurfaced today.

Comment 14 Andreas Gruenbacher 2005-08-17 15:23:39 UTC


*** This bug has been marked as a duplicate of 105101 ***

Comment 15 Thomas Biege 2009-10-13 21:29:22 UTC

CVE-2005-2500: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)