Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 27 Aug 2009 12:49:26 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: kernel: AF_LLC getsockname 5-Byte
 Stack Disclosure

Eugene Teo wrote:
> sllc_arphrd member of sockaddr_llc might not be changed. Zero sllc 
> before copying to the above layer's structure.
> 
> Note that LLC sockets are restricted to root since v2.6.25-rc9 (see 
> commit 3480c63b).
> 
> Upstream commit:
> http://git.kernel.org/linus/28e9fc592cb8c7a43e4d3147b38be6032a0e81bc
> 
> Reproducer:
> http://jon.oberheide.org/files/llc-getsockname-leak.c
> 
> Reference:
> https://bugzilla.redhat.com/show_bug.cgi?id=519305

There are some more fixes that addressed similar infoleaks:

e84b90ae5eb3c112d1f208964df1d8156a538289
     can: Fix raw_getname() leak
09384dfc76e526c3993c09c42e016372dc9dd22c
     irda: Fix irda_getname() leak
3d392475c873c10c10d6d96b94d092a34ebd4791
     appletalk: fix atalk_getname() leak
f6b97b29513950bfbf621a83d85b6f86b39ec8db
     netrom: Fix nr_getname() leak
80922bbb12a105f858a8f0abb879cb4302d0ecaa
     econet: Fix econet_getname() leak
17ac2e9c58b69a1e25460a568eae1b0dc0188c25
     rose: Fix rose_getname() leak

It would make sense to address these with the same CVE name as this one.

Thanks, Eugene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ