|
Message-ID: <51395BB3.8090602@redhat.com> Date: Thu, 07 Mar 2013 20:32:03 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com, spender@...ecurity.net, Kurt Seifried <kseifrie@...hat.com> Subject: Re: CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS stack overflow -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/07/2013 08:23 PM, Petr Matousek wrote: > A local user could use the missing size check in > sctp_getsockopt_assoc_stats() function to escalate their > privileges. On x86 this might be mitigated by destination object > size check as the destination size is known at compile time. > > Upstream fix: > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=726bc6b0 > > Introduced by: > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=196d6759 > > Introduced in: v3.8-rc1 > > References: > https://twitter.com/grsecurity/status/309805924749541376 > http://grsecurity.net/~spender/sctp.c > > Thanks, Please use CVE-2013-1828 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJROVuzAAoJEBYNRVNeJnmTgrEP/1t7nexDh1neyWVu91vPpLSa Y4yTteT4upyPE5icg6zobUW6FV/gOxsleduj427zn+uq7IcwspAc3QH3QAjgeaIj 0vlYlD7PBwk9HnIMjH03+ttbJolP7JGdU/Qh43LH+wDoxDI5OfmGNoN3+znpMXKn vplIYvFtqBsVrk3ead6f4MTPrdvv5+v/kSiXaXBD6GHL0uQP1+RR2XfnkUTiuJhQ ggd35oUz5IUMGVgwEoLCh93n/KdTq1f80gNZSQU9exjHwS45TQ7iS1bdm5adS4eq U6QNX9BHTZNGGq3edajHsmdmr/DKsYrul8bzTOWnfjCpdmCLzYQ9GKemvzlTM4+J E+53TTAFDAkhDzbzNo6TX9jN71Iv4CYHITu3N0qa7PL3Q/B5He/1NRK2Tx5bKJIv YsJRiojwTg/6hcv+tQEEnrnWeNj0BZeQ8B4RI/Y8uZavuKffG0rZx2/iRtLty/TE vzMWLuyZgNaIZ6xMF0lTveHUaNYggoCtkLR7crY+s4qeltao1WdARYAWWRM2/2mv kZBWApR3sQbsNbJtxj4RmEegKaK+Hyoq+SRN/YIGlIzhsAIpuzNUOEj8MCbyZ7T8 E7uQdR9z/BL8wDlmwgcKSGVnLqy9RkoKFGOrPLvTD2RumtwqfcWUQ2T9z/+NT+LP LxHxLq9KgHOCIxSEfZN6 =Mtxy -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.