Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 26 Aug 2008 23:00:40 +0800
From: Eugene Teo <eteo@...hat.com>
To: oss-security@...ts.openwall.com
CC: coley@...re.org
Subject: Re: CVE request: kernel: sctp: fix potential panics
 in the SCTP-AUTH API

Hi Steve,

Steven M. Christey wrote:
> On Mon, 25 Aug 2008, Eugene Teo wrote:
> 
>> "[PATCH] sctp: fix potential panics in the SCTP-AUTH API.
>>
>> All of the SCTP-AUTH socket options could cause a panic if the extension
>> is disabled and the API is envoked.
> 
> Use CVE-2008-3792, to be filled in later.
> 
>> Additionally, there were some additional assumptions that certain
>> pointers would always be valid which may not always be the case."
> 
> Use CVE-2008-3793, to be filled in later.  I'm assuming that when
> SCTP-AUTH is enabled, that these APIs are reachable from unprivileged
> users?

One CVE name is sufficient for this. So, we will just use CVE-2008-3792?

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ