Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 09 Dec 2010 13:38:28 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: Nelson Elhage <nelhage@...lice.com>
Subject: Re: CVE request: kernel: NULL pointer dereference
 in AF_ECONET

On 12/09/2010 11:27 AM, Nelson Elhage wrote:
> The Linux implementation of ACORN networking over UDP does not
> properly look up the device an incoming packet was received on,
> potentially resulting in a denial of service (NULL pointer
> dereference).
>
> This is remotely triggerable if the econet module is loaded, but
> realistically the only reason is likely to have it loaded is because
> they're trying to run an exploit.
>
> Reference:
> http://marc.info/?l=linux-netdev&m=129185496013580&w=2

Proposed patch: http://marc.info/?l=linux-netdev&m=129186011218615&w=2

Please use CVE-2010-4342.

Thanks, Eugene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.