Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 09 Dec 2010 13:38:28 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: Nelson Elhage <nelhage@...lice.com>
Subject: Re: CVE request: kernel: NULL pointer dereference
 in AF_ECONET

On 12/09/2010 11:27 AM, Nelson Elhage wrote:
> The Linux implementation of ACORN networking over UDP does not
> properly look up the device an incoming packet was received on,
> potentially resulting in a denial of service (NULL pointer
> dereference).
>
> This is remotely triggerable if the econet module is loaded, but
> realistically the only reason is likely to have it loaded is because
> they're trying to run an exploit.
>
> Reference:
> http://marc.info/?l=linux-netdev&m=129185496013580&w=2

Proposed patch: http://marc.info/?l=linux-netdev&m=129186011218615&w=2

Please use CVE-2010-4342.

Thanks, Eugene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ