Date: Mon, 20 Dec 2010 13:36:34 -0500 (EST) From: Petr Matousek <pmatouse@...hat.com> To: oss-security@...ts.openwall.com Cc: coley@...us.mitre.org, dan.j.rosenberg@...il.com Subject: CVE request: kernel: CAN information leak, 2nd attempt "The CAN protocol uses the address of a kernel heap object as a proc filename, revealing information that could be useful during exploitation." Reference: https://bugzilla.redhat.com/show_bug.cgi?id=664544 http://seclists.org/oss-sec/2010/q4/103 Credit: Dan Rosenberg ------------ Please note that there has been one attempt to request CVE for this issue already . The problem is that vendors (Red Hat more or less included) used the assigned CVE for the potential heap overflow issue [2, 3] whereas reporter used it for information leak .  http://seclists.org/oss-sec/2010/q4/107  http://lists.opensuse.org/opensuse-updates/2010-12/msg00026.html  http://www.debian.org/security/2010/dsa-2126  http://www.cs.brown.edu/people/drosenbe/research.html I'd suggest to keep the CVE-2010-3874 id for the heap overflow which has some (although very limited) security potential and assign a new id for the information leak. Thanks, -- Petr Matousek / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ