Date: Wed, 8 Dec 2010 22:27:07 -0500 From: Nelson Elhage <nelhage@...lice.com> To: oss-security@...ts.openwall.com Subject: CVE request: kernel: NULL pointer dereference in AF_ECONET The Linux implementation of ACORN networking over UDP does not properly look up the device an incoming packet was received on, potentially resulting in a denial of service (NULL pointer dereference). This is remotely triggerable if the econet module is loaded, but realistically the only reason is likely to have it loaded is because they're trying to run an exploit. Reference: http://marc.info/?l=linux-netdev&m=129185496013580&w=2
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ