Date: Thu, 09 Dec 2010 13:38:28 +0800 From: Eugene Teo <eugene@...hat.com> To: oss-security@...ts.openwall.com CC: Nelson Elhage <nelhage@...lice.com> Subject: Re: CVE request: kernel: NULL pointer dereference in AF_ECONET On 12/09/2010 11:27 AM, Nelson Elhage wrote: > The Linux implementation of ACORN networking over UDP does not > properly look up the device an incoming packet was received on, > potentially resulting in a denial of service (NULL pointer > dereference). > > This is remotely triggerable if the econet module is loaded, but > realistically the only reason is likely to have it loaded is because > they're trying to run an exploit. > > Reference: > http://marc.info/?l=linux-netdev&m=129185496013580&w=2 Proposed patch: http://marc.info/?l=linux-netdev&m=129186011218615&w=2 Please use CVE-2010-4342. Thanks, Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ