Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 5 Nov 2010 15:50:18 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: kernel: logic error in INET_DIAG
 bytecode auditing


----- "Nelson Elhage" <nelhage@...lice.com> wrote:

> INET_DIAG is inconsistent about how it looks up the bytecode contained
> in a
> netlink message, making it possible for a user to cause the kernel to
> execute
> unaudited INET_DIAG bytecode.
> 
> This can be abused to make the kernel enter an infinite loop, and
> possibly other
> consequences, although I haven't thought of anything else
> interesting.
> 
> Reference:
> http://www.spinics.net/lists/netdev/msg145899.html
> 

Please use CVE-2010-3880.

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ