Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Tue, 18 Aug 2009 16:54:43 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request - kernel: information leak in
 sigaltstack


On Tue, 4 Aug 2009, Eugene Teo wrote:

> do_sigaltstack: avoid copying 'stack_t' as a structure to user space


======================================================
Name: CVE-2009-2847
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847
Reference: MILW0RM:9352
Reference: URL:http://www.milw0rm.com/exploits/9352
Reference: MLIST:[oss-security] 20090804 CVE request - kernel: information leak in sigaltstack
Reference: URL:http://www.openwall.com/lists/oss-security/2009/08/04/1
Reference: MLIST:[oss-security] 20090805 Re: CVE request - kernel: information leak in sigaltstack
Reference: URL:http://www.openwall.com/lists/oss-security/2009/08/05/1
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0083fc2c50e6c5127c2802ad323adf8143ab7856
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=515392

The do_sigaltstack function in kernel/signal.c in Linux kernel 2.6
before 2.6.31-rc5, when running on 64-bit systems, does not clear
certain padding bytes from a structure, which allows local users to
obtain sensitive information from the kernel stack via the sigaltstack
function.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ