Linux Kernel Broadcom 5820 Cryptonet Driver Integer Overflow Vulnerability
TITLE: Linux Kernel Broadcom 5820 Cryptonet Driver Integer Overflow Vulnerability
CLASS: Boundary Condition Error
CVE: CAN-2004-0619
REMOTE: No
LOCAL: Yes
PUBLISHED: Jun 23 2004 12:00AM
UPDATE: Jun 23 2004 12:00AM
CREDIT: Credit for discovery of this vulerability goes to infamous41md@hotpop.com
VULNERABLE:
RedHat Linux 8.0 i686
RedHat Linux 8.0 i386
RedHat Linux 8.0
RedHat kernel-source-2.4.20-8.i386.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-smp-2.4.20-8.i686.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-smp-2.4.20-8.i586.rpm
RedHat kernel-smp-2.4.20-8.athlon.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.20-8.i686.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.20-8.i586.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.20-8.i386.rpm
RedHat kernel-2.4.20-8.athlon.rpm
+ RedHat Linux 9.0 i386
RedHat Fedora Core1
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 2.1 IA64
RedHat Enterprise Linux AS 2.1
RedHat Desktop 3.0
NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
It is reported that the bcm5820 Linux kernel driver contains an integer overflow vulnerability.
The driver contains a function ubsec_ioctl() which is used to setup operating parameters for the driver. This function takes user-supplied data and copies it into kernel-space. When copying this data, a user-supplied length value is used in a calculation. This calculation could cause an integer overflow when allocating buffer space.
This vulnerability could lead to a system crash, or possible code execution in the context of the kernel.
This driver is not present in the vanilla Linux kernel, nor is it standard in most distributions of Linux. Redhat 8, with Linux kernel 2.4.20 is confirmed to include the vulnerable driver, but others are also potentially vulnerable.
Exploit
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.
Solution
Solution:
Redhat has released advisory FEDORA-2004-206 for Fedora Core 1 addressing this issue. Please see the referenced advisory for further information.
RedHat Linux has released advisory RHSA-2004:549-10 to address this, and other issues in RedHat Enterprise Linux operating systems. Please see the referenced advisories for further information.
Red Hat released advisory RHSA-2005:283-15 as well as fixes to address this and other issues on Red Hat Linux Enterprise 2.1 platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisories for additional information.
RedHat Fedora Core1
References
References:
Keywords for this page:
download kernel-2 4 20-8 i386 rpm (from google) first seen: 2007-08-23 12:12:03
kernel-2 4 20-8 i386 rpm (from google) first seen: 2007-08-29 07:39:38 hit: 3
broadcom ush (from google) first seen: 2007-09-25 18:27:27 hit: 537
http://www google com/ (from google) first seen: 2007-11-14 22:19:32
ush broadcom (from google) first seen: 2007-11-18 13:50:03 hit: 21
kernel-2 4 20-8-i386 download (from google) first seen: 2007-12-07 09:56:32
kernel-2 4 i386 rpm red hat fedora (from google) first seen: 2008-02-05 10:58:18
t (from google) first seen: 2008-02-22 16:55:59 hit: 88
kernel-2 4 20-8 i686 rpm dowloand (from google) first seen: 2008-03-19 20:16:04
download broadcom driver for red hat enterprise linux (from google) first seen: 2008-03-22 22:00:35
broadcom driver for redhat enterprises linux es release 4 (from google) first seen: 2008-03-28 05:55:22
f (from google) first seen: 2008-04-03 10:18:34 hit: 223
kernel-2 4 20-8 i386 download (from google) first seen: 2008-04-03 13:49:18
red hat 9 0 kernel source 2 4 20-8 download (from google) first seen: 2008-04-05 07:25:42
red hat linux ws download (from google) first seen: 2008-04-08 10:59:13
redhat linux 9 0 (from google) first seen: 2008-04-09 20:14:15
broadcom kernel (from google) first seen: 2008-04-14 07:19:34
download kernel-source-2 4 20-8 i386 rpm (from google) first seen: 2008-04-23 05:24:57
broadcom driver for linux as 2 1 (from google) first seen: 2008-04-29 12:14:25
linux download (from google) first seen: 2008-04-29 22:46:50
kernel-source-2 4 20-8 download (from google) first seen: 2008-05-02 15:31:52
kernel-source-2 4 20-8 i386 rpm download (from google) first seen: 2008-05-04 15:09:56 hit: 2
kernel 2 4 rpm fedora core (from google) first seen: 2008-05-10 15:10:16
linux redhat 9 2-4-20-8 (from google) first seen: 2008-05-12 14:37:29 hit: 2
linux redhat 9 kernel 2-4-20-8 (from google) first seen: 2008-05-12 14:43:21
download kernel-source 2 4 20-8 i686 (from google) first seen: 2008-05-14 10:31:21
as3 redhat kernel download (from google) first seen: 2008-05-20 08:40:47
broadcom linux core driver (from google) first seen: 2008-05-22 10:33:33
kernel-source-2 4 20-8 i386 rpm (from google) first seen: 2008-05-22 14:13:17
redhat 9 0 linux i686 broadcom driver (from google) first seen: 2008-05-23 11:17:15
kernel vulnérable 2 4 20-8 (from google) first seen: 2008-05-23 18:32:15
redhat 9 broadcom i686 driver 2 4 20 (from google) first seen: 2008-05-26 04:25:44
broadcom redhat (from google) first seen: 2008-05-30 13:39:53
broadcom ush api (from google) first seen: 2008-06-06 17:17:49
redhat 9 broadcom (from google) first seen: 2008-06-09 22:06:34
bcm5820 linux driver (from google) first seen: 2008-06-14 11:12:14
redhat broadcom not present (from google) first seen: 2008-06-16 09:54:45
linux kernel-2 4 20-8 i586 rpm (from google) first seen: 2008-06-18 16:22:24
redhat 9 broadcom rpm (from google) first seen: 2008-06-18 17:09:33
broadcom cryptonet bcm5820 driver for linux (from google) first seen: 2008-06-22 13:58:00
kernel-2 4 20-8 i386 rpm rpm (from google) first seen: 2008-06-25 22:39:55
broadcom rpm download (from google) first seen: 2008-06-26 08:08:08
download linux es 2 1 (from google) first seen: 2008-06-29 12:27:01
broadcom 57xx drivers for rhl 9 (from google) first seen: 2008-07-03 09:39:56
broadcom ush (from google) first seen: 2008-07-05 01:31:49 hit: 3
downlooad update for kernal source red hat 9 0 linux (from google) first seen: 2008-07-08 10:56:13 hit: 3
broadcom kernel 2 4 (from google) first seen: 2008-07-08 11:38:39
ush broadcom ic (from google) first seen: 2008-07-17 01:08:40
broadcom ush tpm (from google) first seen: 2008-07-17 17:46:55
bcm5820 linux (from google) first seen: 2008-07-20 12:01:54
broadcom bcm5820 linux driver (from google) first seen: 2008-07-21 03:37:05
broadcom 57xx driver for fedora (from google) first seen: 2008-07-24 10:12:38
broadcom rpm (from google) first seen: 2008-07-29 11:20:55 hit: 2
download broadcom wireless driver for red hat 9 (from google) first seen: 2008-08-10 22:53:55
upgrade red hat el 3 linux kernel source (from google) first seen: 2008-08-13 18:18:59
broadcom ush solution (from google) first seen: 2008-08-17 11:07:21
linux kernel drivers rpms (from google) first seen: 2008-08-23 07:38:41
download broadcom drivers for fedora 8 (from google) first seen: 2008-08-23 09:34:37
broadcom linux rpm (from google) first seen: 2008-08-23 18:11:04
redhat linux wireless drivers broadcom (from google) first seen: 2008-08-25 09:30:49
what is broadcom ush (from google) first seen: 2008-08-28 20:41:11 hit: 20
e6500 broadcom ush (from google) first seen: 2008-09-01 07:08:18 hit: 7
broadcom ush driver (from google) first seen: 2008-09-02 12:21:24 hit: 63
kernel-source-2 fedora (from google) first seen: 2008-09-02 14:19:03
driver broadcom ush (from google) first seen: 2008-09-03 16:11:04 hit: 5
broadcom ush drivers (from google) first seen: 2008-09-03 19:31:45 hit: 11
kernel-smp-2 4 20-8 i686 rpm download (from google) first seen: 2008-09-03 21:05:49
ush broadcom driver (from google) first seen: 2008-09-03 22:21:49
broadcom ush vista (from google) first seen: 2008-09-04 11:39:44 hit: 3
broadcom ush cv (from google) first seen: 2008-09-05 18:44:51 hit: 14
5 (from google) first seen: 2008-09-05 20:33:19
download driver broadcom 57xx for redhat (from google) first seen: 2008-09-07 14:48:59
rpm phplog (from google) first seen: 2008-09-07 21:06:54
broadcom ush? (from google) first seen: 2008-09-08 12:46:47
broadcom ush questionmark (from google) first seen: 2008-09-08 12:55:57
broadcom ush e6500 (from google) first seen: 2008-09-08 23:47:36 hit: 7
what is the broadcom ush driver (from google) first seen: 2008-09-09 09:52:15
broadcom 57xx nic card driver for red hat 9 (from google) first seen: 2008-09-09 16:38:52
1 (from google) first seen: 2008-09-09 19:17:56 hit: 3
broadcom ush dell (from google) first seen: 2008-09-10 10:23:40 hit: 9
broadcom ush 5800 (from google) first seen: 2008-09-10 18:36:57 hit: 3
broadcom ush showing code 28 (from google) first seen: 2008-09-10 19:05:18
what is broadcom ush? (from google) first seen: 2008-09-10 19:10:31 hit: 2
e6400 broadcom ush (from google) first seen: 2008-09-10 19:54:44 hit: 10
ush broadcom drivers (from google) first seen: 2008-09-12 20:43:56
driver for broadcom ush (from google) first seen: 2008-09-13 19:29:49 hit: 2
broadcom ush for vista (from google) first seen: 2008-09-15 00:58:22
ush driver (from google) first seen: 2008-09-15 03:24:30
dell e6400 broadcom ush drivers (from google) first seen: 2008-09-15 03:28:44
dell e6400 broadcom ush (from google) first seen: 2008-09-15 04:40:42 hit: 7
dell broadcom ush (from google) first seen: 2008-09-15 07:16:48 hit: 13
broadcom ush dell e6400 (from google) first seen: 2008-09-15 18:27:55 hit: 3
broadcom ush drivers (from google) first seen: 2008-09-15 20:23:09
ush drivers (from google) first seen: 2008-09-15 20:23:12
broadcom ush vista e6400 (from google) first seen: 2008-09-15 21:06:40
dell e6500 broadcom ush (from google) first seen: 2008-09-15 22:39:48 hit: 3
ush broadcom dell (from google) first seen: 2008-09-16 06:31:26
ush dell (from google) first seen: 2008-09-16 08:23:35
broadcom ush e6400 (from google) first seen: 2008-09-16 11:39:25 hit: 12
broadcom ush dell driver (from google) first seen: 2008-09-16 12:46:36 hit: 4
e6500 broadcom ush driver (from google) first seen: 2008-09-16 13:42:23 hit: 4
e6400 broadcom (from google) first seen: 2008-09-16 14:06:44 hit: 2
what is broadcom ush driver? (from google) first seen: 2008-09-16 15:37:37
broadcom ush what is it (from google) first seen: 2008-09-16 16:28:38 hit: 2
what is broadcom ush in dell e6500 (from google) first seen: 2008-09-16 18:34:27
broadcom 5800 driver (from google) first seen: 2008-09-16 21:46:51
broadcom ush driver for dell e6400 (from google) first seen: 2008-09-17 00:25:19
broadom ush cv (from google) first seen: 2008-09-17 00:51:56
ush cv broadcom (from google) first seen: 2008-09-17 01:21:22
broadcom ush cv driver only (from google) first seen: 2008-09-17 04:09:06
dell e6400 broadcom ush vista (from google) first seen: 2008-09-17 12:27:03
device broadcom ush (from google) first seen: 2008-09-17 13:28:56
broadcom ush windows driver dell e6400 (from google) first seen: 2008-09-17 21:38:52
ush broadcom dell e6400 (from google) first seen: 2008-09-17 22:00:09
broadcom ush dell e6500 (from google) first seen: 2008-09-17 22:43:58 hit: 3
broadcom ush driver dell e6400 (from google) first seen: 2008-09-17 23:06:53 hit: 2
broadcom 57xx wifi linux drivers (from google) first seen: 2008-09-18 09:03:27
broadcom ush download (from google) first seen: 2008-09-18 10:00:12 hit: 5
broadcom ush cv driver (from google) first seen: 2008-09-18 14:38:18 hit: 2
dell e6500 broadcom ush driver (from google) first seen: 2008-09-18 15:24:14
install driver broadcom ush (from google) first seen: 2008-09-18 19:50:23
dell broadcom ush driver (from google) first seen: 2008-09-18 20:27:38
download driver for broadcom ush (from google) first seen: 2008-09-18 21:55:30
vista ush broadcom (from google) first seen: 2008-09-19 06:54:42
e6400 broadcom ush driver (from google) first seen: 2008-09-19 19:46:02
broadcom ush driver dell (from google) first seen: 2008-09-19 20:20:41
e6500 broadcom (from google) first seen: 2008-09-19 20:53:01
broadcomm ush (from google) first seen: 2008-09-19 21:06:33
m4400 broadcom ush (from google) first seen: 2008-09-20 11:47:44 hit: 2
broadcom linux (from google) first seen: 2008-09-20 11:54:00
broadcom ush driver for e6400 (from google) first seen: 2008-09-22 03:08:24
what is broadcom ush driver (from google) first seen: 2008-09-22 03:51:56
redhat 9 i686 (from google) first seen: 2008-09-22 06:09:22
broadcom ush driver for dell e6500 (from google) first seen: 2008-09-22 08:09:07
download driver broadcom ush dell (from google) first seen: 2008-09-22 14:06:58
broadcom e6500 dell (from google) first seen: 2008-09-22 17:36:23
broadcom ush driver e6500 download (from google) first seen: 2008-09-23 15:37:55
broadcom ush driver download (from google) first seen: 2008-09-23 23:22:31
broadcom redhat (from google) first seen: 2008-09-24 04:36:28
broadcom rpm for redhat 5 (from google) first seen: 2008-09-24 11:29:22
broadcom ush and e6400 (from google) first seen: 2008-09-24 15:31:11
broadcom ush drive (from google) first seen: 2008-09-24 20:02:50
download broadcom security ush (from google) first seen: 2008-09-24 22:28:58
dell what is broadom ush (from google) first seen: 2008-09-25 14:50:11
dell m4400 broadcom ush (from google) first seen: 2008-09-25 17:15:52
broadcom ush driver other device (from google) first seen: 2008-09-25 20:27:58
m4400 broadcom ush driver (from google) first seen: 2008-09-25 22:57:12
dell m4400 broadcom ush driver (from google) first seen: 2008-09-26 07:01:24
e6400 ush (from google) first seen: 2008-09-26 10:35:19
broadcom ush dell e6400 driver (from google) first seen: 2008-09-26 13:30:07
broadcom ush sensor (from google) first seen: 2008-09-26 15:30:18 hit: 4
broadcom ush driver e6400 (from google) first seen: 2008-09-26 18:57:03
broadcom ush device (from google) first seen: 2008-09-27 05:26:52
driver broadcom ush e6500 (from google) first seen: 2008-09-27 10:19:13
“broadcom ush” (from google) first seen: 2008-09-28 18:54:32
broadcomm ush cv (from google) first seen: 2008-09-28 20:57:17
broadcom ush on dell e6400 (from google) first seen: 2008-09-29 07:06:37
broadcom usb driver e6500 (from google) first seen: 2008-09-29 08:39:29
broadcom ush driver e6500 (from google) first seen: 2008-09-29 08:44:03
dell broadcom ush cv (from google) first seen: 2008-09-29 10:57:47
driver dell e6400 broadcom ush (from google) first seen: 2008-09-29 11:08:52
broadcom ush driver dell download (from google) first seen: 2008-09-29 11:32:40
broadcom 5800 -acer (from google) first seen: 2008-09-29 14:09:27
del broadcom ush (from google) first seen: 2008-09-29 15:02:22
broadcom ush dell driver download (from google) first seen: 2008-09-29 17:02:19
broadcom ush/cv driver (from google) first seen: 2008-09-29 18:50:06
broadcom ush m4400 (from google) first seen: 2008-09-30 09:59:09 hit: 3
dell driver broadcom ush (from google) first seen: 2008-09-30 13:47:58
broadcom ush driver m4400 (from google) first seen: 2008-09-30 14:13:37
broadcom ush 5800 driver (from google) first seen: 2008-09-30 14:17:19
broadcom ush swip (from google) first seen: 2008-09-30 21:13:58
broadcom ush sv (from google) first seen: 2008-10-01 12:25:30
treiber broadcom ush (from google) first seen: 2008-10-01 12:32:12
broadcom ush swipe (from google) first seen: 2008-10-02 17:12:28
5500 broadcom ush (from google) first seen: 2008-10-02 22:49:27
broadcom ush fingerprint (from google) first seen: 2008-10-06 17:56:13
broadcom ush intials (from google) first seen: 2008-10-10 22:04:37
broadcom ush w (from google) first seen: 2008-10-15 11:22:42
ush broadcom cv (from google) first seen: 2008-10-18 00:20:11
broadcom ush 0a5c (from google) first seen: 2008-10-20 19:21:03
m6400 broadcom ush (from google) first seen: 2008-10-21 17:56:32
undetected broadcom ush (from google) first seen: 2008-10-22 07:43:42
5800 broadcom ush (from google) first seen: 2008-10-23 14:30:58
broadcome ush (from google) first seen: 2008-10-27 13:38:51
broadcom ush m6400 (from google) first seen: 2008-10-27 20:21:01 hit: 2
broadcom ush secure (from google) first seen: 2008-10-28 01:03:44
broadcom ush 6400 (from google) first seen: 2008-10-29 18:15:15 hit: 2
broadcom-ush 2003 (from google) first seen: 2008-10-31 21:40:42
broadcom ush gerätemanager (from google) first seen: 2008-11-02 11:15:03
broadcom ush e4300 (from google) first seen: 2008-11-03 11:44:28
broadcom ush m2400 (from google) first seen: 2008-11-05 14:00:12
e4300 broadcon ush (from google) first seen: 2008-11-05 18:17:57
broadcom fingerprint ush (from google) first seen: 2008-11-10 20:37:23
broadcom ush for sms (from google) first seen: 2008-11-10 23:15:47
e4300 br (from google) first seen: 2008-11-11 19:59:27
authentec broadcom ush (from google) first seen: 2008-11-11 23:05:55
broadcom ush cv fingerprint (from yahoo) first seen: 2008-11-11 23:35:43
mss (from yahoo) first seen: 2008-11-12 23:56:17
what does broadcom ush do (from google) first seen: 2008-11-13 23:37:23
broadcom ush explain (from google) first seen: 2008-11-19 03:47:39
mifare ush broadcom (from google) first seen: 2008-11-20 04:21:15
broadcom 5880 ush (from google) first seen: 2008-11-20 16:26:03
broadcom 5800 ush (from google) first seen: 2008-11-20 16:38:39
broadcom us (from google) first seen: 2008-11-21 12:56:15
broadcom ush nlite (from google) first seen: 2008-11-21 23:29:18
ovladač broadcom ush (from google) first seen: 2008-11-21 23:33:55
broadcom ush 4200 (from google) first seen: 2008-11-21 23:50:53
what is broadcom ush e4200 (from google) first seen: 2008-11-22 10:23:33
GoogleBot visited this page on: 2008-11-21 20:53:00