Date: Thu, 04 Sep 2008 13:43:11 +0800 From: Eugene Teo <eteo@...hat.com> To: oss-security@...ts.openwall.com CC: coley@...re.org Subject: CVE request: kernel: sunrpc: fix possible overrun on read of /proc/sys/sunrpc/transports Interesting bug. This was committed in upstream kernel recently to address a regression introduced in commit dc9a16e49dbba3dd042e6aec5d9a7929e099a89b. Summary: proc_do_xprt() does not check for user-side buffer size. The stack can be overwritten by reading /proc/sys/sunrpc/transports even when the length given to read() is a small value, i.e. < 38 bytes. Upstream commit: 27df6f25ff218072e0e879a96beeb398a79cdbc8 References/Reproducer: http://lkml.org/lkml/2008/8/30/140 http://lkml.org/lkml/2008/8/30/184 It probably needs a CVE name. Agree? Thanks, Eugene -- Eugene Teo / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ