Gentoo Archives: gentoo-hardened

From:	Rumen Yotov <rumen_yotov@×××.bg>
To:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] pciutils / lspci -vv buffer overflow
Date:	Mon, 26 Jul 2004 03:50:46
Message-Id:	`1090813837.18997.16.camel@mymach.qrypto.org`
In Reply to:	Re: [gentoo-hardened] pciutils / lspci -vv buffer overflow by Ned Ludd

1	On пн, 2004-07-26 at 06:34, Ned Ludd wrote:
2	> Rimer can you verify the fix please?
3	>
4	> On Sun, 2004-07-25 at 23:27, Rumen Yotov wrote:
5	> > On пн, 2004-07-26 at 03:56, Pascal de Bruijn wrote:
6	> > > Hi,
7	> > >
8	> > > I have investigated the lspci -vv buffer overflow... This only seemed to
9	> > > occur on certain installations, this should be on systems which have
10	> > > AGPx1 and AGPx2 and AGPx4 support.
11	> > >
12	> > > For more information:
13	> > > http://members.home.nl/keizerflipje/hacks/lspci/lspci.txt
14	> > > http://members.home.nl/keizerflipje/hacks/lspci/lspci.diff
15	> > >
16	> > > I really like to get this verified...
17	> > >
18	> > > Greets,
19	> > > Pascal de Bruijn
20	> > >
21	> > > --
22	> > > gentoo-hardened@g.o mailing list
23	> > >
24	> > Hi,
25	> > Can confirm lspci -vv buffer overflow on K7VM2 mobo with following
26	> > message:
27	> > ...CUT...
28	> > 0000:00:00.0 Host bridge: VIA Technologies, Inc. VT8375 [KM266/KL266]
29	> > Host Bridge
30	> > Subsystem: Unknown device 1849:3156
31	> > Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop-
32	> > ParErr- Stepping- SERR- FastB2B-
33	> > Status: Cap+ 66Mhz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
34	> > <TAbort- <MAbort+ >SERR- <PERR-
35	> > Latency: 8
36	> > Region 0: Memory at e0000000 (32-bit, prefetchable)
37	> > Capabilities: [a0] AGP version 2.0
38	> > Status: RQ=32 Iso- ArqSz=0 Cal=0 SBA+ ITACoh- GART64-
39	> > HTrans- 64bit- FW+ AGP3-
40	> > Rate=x1,x2,x4
41	> > Command: RQ=1 ArqSz=0 Cal=0 SBA- AGP- GART64- 64bit- FW-
42	> > Rate=<none>
43	> > lspci: stack smashing attack in function show_agp()
44	> > ................................^^^^^^^^^^^^^^^^^^^
45	> > Aborted
46	> > ...END CUT...
47	> > Rumen
48	Hi,
49	Certanly, but which is the better way to go:
50	1.ebuild ... clean, fetch, unpack, APPLY PATCH, compile, install, qmerge
51	or;
52	2.Change the ebuild to include the patch?
53	Looks rather i'll opt for 1
54	TIA
55	Rumen

Attachments

File name	MIME type
signature.asc	application/pgp-signature

Replies

Subject	Author
Re: [gentoo-hardened] pciutils / lspci -vv buffer overflow	Rumen Yotov <rumen_yotov@×××.bg>

Report Message

Find on MARC Find on Google Groups