Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.51.0812031225441.15404@faron.mitre.org>
Date: Wed, 3 Dec 2008 12:26:19 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: kernel: Unix sockets kernel panic


current writeup for CVE-2008-5300:

======================================================
Name: CVE-2008-5300
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5300
Reference: MLIST:[linux-netdev] 20081120 soft lockups/OOM after unix socket fixes
Reference: URL:http://marc.info/?l=linux-netdev&m=122721862313564&w=2
Reference: MLIST:[linux-netdev] 20081125 [PATCH] Fix soft lockups/OOM issues w/ unix garbage collector
Reference: URL:http://marc.info/?l=linux-netdev&m=122765505415944&w=2
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=470201

Linux kernel 2.6.28 allows local users to cause a denial of service
("soft lockup" and process loss) via a large number of sendmsg
function calls, which does not block during AF_UNIX garbage collection
and triggers an OOM condition, a different vulnerability than
CVE-2008-5029.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.