Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 04 Sep 2008 13:43:11 +0800
From: Eugene Teo <>
Subject: CVE request: kernel: sunrpc: fix possible overrun on read of /proc/sys/sunrpc/transports

Interesting bug.

This was committed in upstream kernel recently to address a regression
introduced in commit dc9a16e49dbba3dd042e6aec5d9a7929e099a89b.

proc_do_xprt() does not check for user-side buffer size. The stack can
be overwritten by reading /proc/sys/sunrpc/transports even when the
length given to read() is a small value, i.e. < 38 bytes.

Upstream commit:


It probably needs a CVE name. Agree?

Thanks, Eugene
Eugene Teo / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ