Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Linux kernel security hardening Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Thu, 20 Nov 2008 20:59:24 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: kernel: V4L/DVB (9621): Avoid writing
 outside shadow.bytes[] array


On Wed, 19 Nov 2008, Eugene Teo wrote:

> If the write operation fails, the device won't be able to decode audio
> signals properly, so on further analysis, we probably don't need a CVE
> name for this. Take note.

Does this mean, roughly, that this write only occurs into a different
portion of a larger contiguous buffer, so it affects audio processing
(e.g. throwing an error) or parsing, but otherwise can't be used to affect
other memory locations outside that buffer?

Hope that made sense.

- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ