[Bug 830298] Re: TOMOYO bugfix patches

Sun, 21 Aug 2011 19:20:59 -0700 

"apport-collect 830298" didn't work.

root@ubuntu:~# apport-collect 830298
ERROR: connecting to Launchpad failed: 'NoneType' object has no attribute 
'makefile'
You can reset the credentials by removing the file 
"/root/.cache/apport/launchpad.credentials"

Below output shows that patch for CVE-2011-2518 is not yet applied as of
2.6.38-11.48.

root@ubuntu:~# cat /proc/version
Linux version 2.6.38-11-generic-pae (buildd@rothera) (gcc version 4.5.2 
(Ubuntu/Linaro 4.5.2-8ubuntu4) ) #48-Ubuntu SMP Fri Jul 29 20:51:21 UTC 2011
root@ubuntu:~# dmesg
[  527.236229] BUG: unable to handle kernel NULL pointer dereference at   (null)
[  527.255068] IP: [<c113c6f3>] path_init_rcu+0x33/0x220
[  527.255986] *pdpt = 000000003692d001 *pde = 0000000000000000
[  527.256810] Oops: 0000 [#1] SMP
[  527.257704] last sysfs file: 
/sys/devices/system/cpu/cpu3/cache/index2/shared_cpu_map
[  527.259646] Modules linked in: e1000 vesafb ppdev vmw_balloon snd_ens1371 
gameport psmouse serio_raw snd_rawmidi snd_seq_device snd_ac97_codec ac97_bus 
snd_pcm snd_timer parport_pc snd soundcore snd_page_alloc shpchp i2c_piix4 lp 
parport floppy pcnet32 mptspi mptscsih mptbase
[  527.288587]
[  527.289881] Pid: 1884, comm: a.out Not tainted 2.6.38-11-generic-pae 
#48-Ubuntu VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
[  527.292996] EIP: 0060:[<c113c6f3>] EFLAGS: 00010206 CPU: 2
[  527.294817] EIP is at path_init_rcu+0x33/0x220
[  527.334267] EAX: ffffff9c EBX: f69e1e28 ECX: 00000041 EDX: 00000000
[  527.335996] ESI: f3dc82b0 EDI: 00000000 EBP: f69e1dfc ESP: f69e1de8
[  527.337717]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[  527.339528] Process a.out (pid: 1884, ti=f69e0000 task=f3eff1a0 
task.ti=f69e0000)
[  527.343186] Stack:
[  527.345001]  c16d0a50 00000000 f69e1e28 f3dc82b0 00000000 f69e1e1c c113eb91 
f69e1e28
[  527.348842]  ffffff9c 00000001 f69e1ed4 f3dc82b0 f69e1f04 f69e1e90 c113ecb2 
f69e1e28
[  527.390961]  00000010 00008050 f3dc82b0 00000004 f6d333c8 00000000 c114b204 
00000000
[  527.390973] Call Trace:
[  527.391002]  [<c113eb91>] do_path_lookup+0x21/0x120
[  527.391009]  [<c113ecb2>] kern_path+0x22/0x40
[  527.391019]  [<c114b204>] ? find_filesystem+0x44/0x50
[  527.391026]  [<c114b3e3>] ? get_fs_type+0x33/0xb0
[  527.391059]  [<c124f7b8>] ? tomoyo_fill_path_info+0x18/0xe0
[  527.391068]  [<c124df8c>] tomoyo_mount_acl+0x1bc/0x240
[  527.391075]  [<c113c829>] ? path_init_rcu+0x169/0x220
[  527.391083]  [<c124e16d>] tomoyo_mount_permission+0xdd/0x110
[  527.391091]  [<c124ea0e>] tomoyo_sb_mount+0x1e/0x30
[  527.391106]  [<c1227022>] security_sb_mount+0x22/0x30
[  527.391115]  [<c114e1fd>] do_mount+0x9d/0x1e0
[  527.391123]  [<c114e6ab>] sys_mount+0x6b/0xa0
[  527.391248]  [<c100ab5f>] sysenter_do_call+0x12/0x28
[  527.391255] Code: 08 3e 8d 74 26 00 8b 5d 08 83 c9 40 c7 43 2c 01 00 00 00 
89 4b 24 c7 43 30 00 00 00 00 c7 43 14 00 00 00 00 c7 43 1c 00 00 00 00 <80> 3a 
2f 0f 84 1c 01 00 00 83 f8 9c 74 47 8d 55 f0 bf f7 ff ff
[  527.391301] EIP: [<c113c6f3>] path_init_rcu+0x33/0x220 SS:ESP 0068:f69e1de8
[  527.391311] CR2: 0000000000000000
[  527.391468] ---[ end trace d8948656a5d83a06 ]---


--- Source code for a.out ---
#include <sys/mount.h>
#include <unistd.h>

int main(int argc, char *argv[])
{
        mount(NULL, NULL, NULL, 0, NULL);
        mount(NULL, NULL, "ext3", 0, NULL);
        mount(NULL, "/", NULL, 0, NULL);
        mount(NULL, "/", "ext3", 0, NULL);
        mount("/", NULL, NULL, 0, NULL);
        mount("/", NULL, "ext3", 0, NULL);
        mount("/", "/", NULL, 0, NULL);
        mount("/", "/", "ext3", 0, NULL);
        mount(NULL, NULL, NULL, 0, NULL);
        mount(NULL, NULL, "tmpfs", 0, NULL);
        mount(NULL, "/", NULL, 0, NULL);
        mount(NULL, "/", "tmpfs", 0, NULL);
        mount("/", NULL, NULL, 0, NULL);
        mount("/", NULL, "tmpfs", 0, NULL);
        mount("/", "/", NULL, 0, NULL);
        mount("/", "/", "tmpfs", 0, NULL);
        return 0;
}
---

Regards.


** Changed in: linux (Ubuntu)
       Status: Incomplete => Confirmed

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2518

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/830298

Title:
  TOMOYO bugfix patches

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/830298/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to