Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Linux kernel security hardening Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Thu, 12 Feb 2009 20:05:27 +0000 (GMT)
From: Mark J Cox <mjc@...hat.com>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: Re: http://www.securityfocus.com/bid/33672/info kernel
 issue

> http://www.securityfocus.com/bid/33672/ seems to be this commit:
> http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.28.y.git;a=commit;h=8255fc826e58c0a59711029e01db9fcdc06ba211
> Not sure if its exploitable though.

BTW that BID list of affected kernels isn't correct; the multibyte stuff 
wasn't in <=2.6.18 at least.

I didn't check exactly where since it doesn't affect RHEL and didn't look 
into the issue any further -- but on first glance it seemed like you'd 
have to be a console user and display/select some carefully chosen 
characters in order to do the overflow; so it's probably a 'local attacker 
at keyboard' flaw?

Cheers, Mark

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ