Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Thu, 20 Nov 2008 21:18:42 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: Eugene Teo <eugeneteo@...nel.sg>
cc: oss-security@...ts.openwall.com, coley@...re.org
Subject: Re: CVE request: kernel: libertas: fix buffer overrun



======================================================
Name: CVE-2008-5134
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5134
Reference: MLIST:[linux-wireless] 20081029 [PATCH] libertas: fix buffer overrun
Reference: URL:http://article.gmane.org/gmane.linux.kernel.wireless.general/23049
Reference: MLIST:[oss-security] 20081111 CVE request: kernel: libertas: fix buffer overrun
Reference: URL:http://openwall.com/lists/oss-security/2008/11/11/2
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=48735d8d8bd701b1e0cd3d49c21e5e385ddcb077
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=470761

Buffer overflow in the lbs_process_bss function in
drivers/net/wireless/libertas/scan.c in the libertas subsystem in the
Linux kernel before 2.6.27.5 allows remote attackers to have an
unknown impact via an "invalid beacon/probe response."

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ