[<prev] [next>] [<thread-prev] [month] [year] [list]
Date: Mon, 29 Sep 2008 22:28:37 +0800
From: Eugene Teo <eteo@...hat.com>
To: oss-security@...ts.openwall.com
CC: coley@...re.org
Subject: Re: CVE-2008-4113 update: kernel: sctp: fix random
memory dereference with SCTP_HMAC_IDENT option
Hi Steve,
Eugene Teo wrote:
> Steven M. Christey wrote:
>> On Thu, 25 Sep 2008, Eugene Teo wrote:
>>> The first three references to CVE-2008-4113[1] are incorrect. Please
>>> update the CVE with the following references:
>>>
>>> http://marc.info/?l=linux-sctp&m=121986743009093&w=2
>>> http://marc.info/?l=linux-sctp&m=121986743209110&w=2
>>>
>>> [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4113
>> This was in reference to the TKADV2008-007 advisory.
>>
>> I guess the question becomes - TKADV2008-007 talks about separate issues,
>> one involving crashes by calling the API functions when SCTP-AUTH is
>> disabled (CVE-2008-3792), and another involving SCTP_HMAC_IDENT and a
>> length value for sctp_getsockopt_hmac_ident.
>
> I see what the confusion is now.
>
> TKADV2008-007[1] mentioned two separate, but related issues. The second
> issue that the advisory mentioned is an example of a function that may
> have two possible consequences, and it all depends on whether SCTP
> authentication is enabled or not.
>
> The patch[2] that addressed these issues mentioned only one of them in
> the changelog description, even though it appears to be fixing possibly
> more than two issues.
>
> Should this be assigned with just one CVE name instead of two?
I re-read it over again, and I agree that assigning two CVE names for
this makes sense. Sorry for the confusion.
Thanks, Eugene
--
Eugene Teo / Red Hat Security Response Team
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux