Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Mon, 25 Oct 2010 17:52:36 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: "Steven M. Christey" <coley@...us.mitre.org>,
        Eugene Teo <eugeneteo@...nel.sg>
Subject: Re: CVE request: multiple kernel stack memory
 disclosures



All,

I apologize for taking so long to handle this.  Dan, thanks for being
so diligent about digging up more information!  That couldn't have
been easy, let alone fun.

- Steve


========================================================================

http://www.openwall.com/lists/oss-security/2010/10/07/1

Author: Dan Rosenberg


>  ipc/shm.c (shmctl), reported and fixed by Kees Cook
>  Affects >= 2.6.0, >= 2.4.0
>
>  Reference:
>  http://lkml.org/lkml/2010/10/6/454

CVE-2010-4072


>  ipc/compat.c (compat versions of semctl, shmctl, and msgctl)
>  Affects >= 2.6.8
>
>  ipc/compat_mq (compat versions of mq_open and mq_getsetattr)
>  Affects >= 2.6.8
>
>  Reference:
>  http://lkml.org/lkml/2010/10/6/492

CVE-2010-4073


========================================================================

http://www.openwall.com/lists/oss-security/2010/10/06/6

Author: Dan Rosenberg

Due to the high variation in affected kernel versions, most of these
are SPLIT.



>TIOCGICOUNT stack leaks:

(see http://lkml.org/lkml/2010/9/16/294)

>  usb/serial/mos*.c
>  Fixed in 2.6.36-rc5
>  Affects >= 2.6.19

CVE-2010-4074


>drivers/serial/serial_core.c
>Not fixed yet (Alan Cox's fix will be in 2.6.37)
>Affects >= 2.6.0


CVE-2010-4075


>drivers/char/amiserial.c
>Not fixed yet (Alan Cox's fix will be in 2.6.37)
>Affects >= 2.6.0, >= 2.4.0


CVE-2010-4076

>drivers/char/nozomi.c
>Not fixed yet (Alan Cox's fix will be in 2.6.37)
>Affects >= 2.6.25

CVE-2010-4077


>drivers/net/usb/hso.c (CVE-2010-3298)
>Fixed in 2.6.36-rc5
>Affects >= 2.6.29

Already assigned - CVE-2010-3298


>FBIOGET_VBLANK stack leaks:


>drivers/video/sis/sis_main.c
>Fixed in 2.6.36-rc6
>Affects >= 2.6.11

CVE-2010-4078


>drivers/video/ivtv/ivtvfb.c
>Not fixed yet (patch has been queued)
>Affects >= 2.6.24

CVE-2010-4079


>Miscellaneous device ioctl stack leaks:

>sound/pci/rme9652/hdsp*.c
>Fixed in 2.6.36-rc6
>Affects >= 2.6.0 (hdsp.c), >= 2.6.13 (hdspm.c)

These are SPLIT because the affected files are in different versions.

hdsp.c - CVE-2010-4080

hdspm.c - CVE-2010-4081


>drivers/video/via/ioctl.c
>Fixed in 2.6.36-rc5
>Affects >= 2.6.28

CVE-2010-4082


>drivers/net/cxgb3/cxgb3_main.c (CVE-2010-3296)
>Fixed in 2.6.36-rc5
>Affects >= 2.6.21


Already assigned - CVE-2010-3296


>drivers/net/eql.c (CVE-2010-3297)
>Fixed in 2.6.36-rc5
>Affects >= 2.6.0, >= 2.4.0


Already assigned - CVE-2010-3297


>System call stack leak:

>ipc/sem.c
>Not fixed yet (patch queued)
>Affects >= 2.6.0, >= 2.4.0

Presumably the lack of a current patch means this will affect a
different version than CVE-2010-4072 (ipc/shm.c shmctl), see above.

CVE-2010-4083


- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ