Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 25 Feb 2009 10:06:28 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT
 gsopt

Eugene Teo wrote:
> Steven M. Christey wrote:
>> ======================================================
>> Name: CVE-2009-0676
> [...]
>> The sock_getsockopt function in net/core/sock.c in the Linux kernel
>> before 2.6.28.6 does not initialize a certain structure member, which
>> allows local users to obtain potentially sensitive information from
>> kernel memory via an SO_BSDCOMPAT getsockopt request.
> 
> The fix for CVE-2009-0676 (upstream commit df0bca04) is incomplete. Note 
> that the same problem of leaking kernel memory will reappear if someone 
> on some architecture uses struct timeval with some internal padding (for 
> example tv_sec 64-bit and tv_usec 32-bit) --- then, you are going to 
> leak the padded bytes to userspace.
> 
> net: amend the fix for SO_BSDCOMPAT gsopt infoleak
> http://marc.info/?l=linux-kernel&m=123540732700371&w=2
> http://marc.info/?l=linux-netdev&m=123543237010175&w=2

Upstream commit: 50fee1dec5d71b8a14c1b82f2f42e16adc227f8b.

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ