Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 5 Nov 2010 15:50:18 -0400 (EDT)
From: Josh Bressers <>
Cc: coley <>
Subject: Re: CVE request: kernel: logic error in INET_DIAG
 bytecode auditing

----- "Nelson Elhage" <> wrote:

> INET_DIAG is inconsistent about how it looks up the bytecode contained
> in a
> netlink message, making it possible for a user to cause the kernel to
> execute
> unaudited INET_DIAG bytecode.
> This can be abused to make the kernel enter an infinite loop, and
> possibly other
> consequences, although I haven't thought of anything else
> interesting.
> Reference:

Please use CVE-2010-3880.



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ