Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 17 Sep 2009 10:28:23 +0200
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: kernel: perf_counter: Fix buffer overflow in perf_copy_attr()

On Wed, Sep 16, 2009 at 09:32:26PM -0400, Steven M. Christey wrote:
> 
> ======================================================
> Name: CVE-2009-3234
> Status: Candidate
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3234
> Reference: MLIST:[linux-kernel] 20090916 [patch 15/45] perf_counter: Fix buffer overflow in perf_copy_attr()
> Reference: URL:http://article.gmane.org/gmane.linux.kernel/890654
> Reference: MLIST:[oss-security] 20090916 CVE request: kernel: perf_counter: Fix buffer overflow in perf_copy_attr()
> Reference: URL:http://www.openwall.com/lists/oss-security/2009/09/16/1
> Reference: BID:36423
> Reference: URL:http://www.securityfocus.com/bid/36423
> 
> Buffer overflow in the perf_copy_attr function in
> kernel/perf_counter.c in the Linux kernel 2.6.31-rc1 allows local
> users to cause a denial of service (crash) via a "big size data" to
> the perf_counter_open system call.

I think Brad Spengler has succeeded in exploiting this for code execution,
see his twitter timeline from yesterday http://twitter.com/spendergrsec

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.