Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [month] [year] [list] 
Date: Fri, 3 Apr 2009 09:46:09 +0000 (UTC)
From: security curmudgeon <jericho@...rition.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request -- Linux kernel irda driver buffer


Previous discussion: 
http://marc.info/?l=oss-security&w=2&r=1&s=irda+driver&q=b

Mark Cox ruled "doesn't seem to have any security implications". Since 
then, 3rd party analysis suggests it still may in a different manner:

http://xorl.wordpress.com/2009/03/11/linux-kernel-irda-sigmatel-stir421x-off-by-one/

[..]

This could lead to information leak if request_firmware() gives some kind 
of output but I havent checked this.

[..]


Comments?

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux