Date: Mon, 25 Oct 2010 17:52:36 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com cc: "Steven M. Christey" <coley@...us.mitre.org>, Eugene Teo <eugeneteo@...nel.sg> Subject: Re: CVE request: multiple kernel stack memory disclosures All, I apologize for taking so long to handle this. Dan, thanks for being so diligent about digging up more information! That couldn't have been easy, let alone fun. - Steve ======================================================================== http://www.openwall.com/lists/oss-security/2010/10/07/1 Author: Dan Rosenberg > ipc/shm.c (shmctl), reported and fixed by Kees Cook > Affects >= 2.6.0, >= 2.4.0 > > Reference: > http://lkml.org/lkml/2010/10/6/454 CVE-2010-4072 > ipc/compat.c (compat versions of semctl, shmctl, and msgctl) > Affects >= 2.6.8 > > ipc/compat_mq (compat versions of mq_open and mq_getsetattr) > Affects >= 2.6.8 > > Reference: > http://lkml.org/lkml/2010/10/6/492 CVE-2010-4073 ======================================================================== http://www.openwall.com/lists/oss-security/2010/10/06/6 Author: Dan Rosenberg Due to the high variation in affected kernel versions, most of these are SPLIT. >TIOCGICOUNT stack leaks: (see http://lkml.org/lkml/2010/9/16/294) > usb/serial/mos*.c > Fixed in 2.6.36-rc5 > Affects >= 2.6.19 CVE-2010-4074 >drivers/serial/serial_core.c >Not fixed yet (Alan Cox's fix will be in 2.6.37) >Affects >= 2.6.0 CVE-2010-4075 >drivers/char/amiserial.c >Not fixed yet (Alan Cox's fix will be in 2.6.37) >Affects >= 2.6.0, >= 2.4.0 CVE-2010-4076 >drivers/char/nozomi.c >Not fixed yet (Alan Cox's fix will be in 2.6.37) >Affects >= 2.6.25 CVE-2010-4077 >drivers/net/usb/hso.c (CVE-2010-3298) >Fixed in 2.6.36-rc5 >Affects >= 2.6.29 Already assigned - CVE-2010-3298 >FBIOGET_VBLANK stack leaks: >drivers/video/sis/sis_main.c >Fixed in 2.6.36-rc6 >Affects >= 2.6.11 CVE-2010-4078 >drivers/video/ivtv/ivtvfb.c >Not fixed yet (patch has been queued) >Affects >= 2.6.24 CVE-2010-4079 >Miscellaneous device ioctl stack leaks: >sound/pci/rme9652/hdsp*.c >Fixed in 2.6.36-rc6 >Affects >= 2.6.0 (hdsp.c), >= 2.6.13 (hdspm.c) These are SPLIT because the affected files are in different versions. hdsp.c - CVE-2010-4080 hdspm.c - CVE-2010-4081 >drivers/video/via/ioctl.c >Fixed in 2.6.36-rc5 >Affects >= 2.6.28 CVE-2010-4082 >drivers/net/cxgb3/cxgb3_main.c (CVE-2010-3296) >Fixed in 2.6.36-rc5 >Affects >= 2.6.21 Already assigned - CVE-2010-3296 >drivers/net/eql.c (CVE-2010-3297) >Fixed in 2.6.36-rc5 >Affects >= 2.6.0, >= 2.4.0 Already assigned - CVE-2010-3297 >System call stack leak: >ipc/sem.c >Not fixed yet (patch queued) >Affects >= 2.6.0, >= 2.4.0 Presumably the lack of a current patch means this will affect a different version than CVE-2010-4072 (ipc/shm.c shmctl), see above. CVE-2010-4083 - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ