Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Wed, 8 Apr 2009 10:04:47 +0200
From: Willy Tarreau <w@....eu>
To: Eugene Teo <eugene@...hat.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size

Hi Eugene,

On Wed, Apr 08, 2009 at 03:58:55PM +0800, Eugene Teo wrote:
> {nr,rose,x25}_sendmsg() functions need to have sanity checks on the
> packet size, otherwise the sizes can wrap and end up sending garbage.
> 
> http://bugzilla.kernel.org/show_bug.cgi?id=10423
> http://git.kernel.org/linus/83e0bbcbe2145f160fbaa109b0439dae7f4a38a9
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1265
> 
> This affects both 2.4.x and 2.6.x if CONFIG_{NETROM,ROSE,X25} are enabled.

I already have it in my queue, just did not have time to merge it yet.
Thanks for the reminder anyway, I really appreciate it ;-)

Willy

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux