Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 4 Jan 2011 15:31:31 -0800
From: Greg KH <greg@...ah.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE-2010-4526 kernel: sctp: a race between ICMP
 protocol unreachable and connect()

On Tue, Jan 04, 2011 at 02:33:04PM +0800, Eugene Teo wrote:
> http://git.kernel.org/linus/50b5d6ad63821cea324a5a7a19854d4de1a0a819
> https://bugzilla.redhat.com/CVE-2010-4526
> 
> commit 50b5d6ad63821cea324a5a7a19854d4de1a0a819
> Author: Vlad Yasevich <vladislav.yasevich@...com>
> Date:   Thu May 6 00:56:07 2010 -0700
> 
> sctp: Fix a race between ICMP protocol unreachable and connect()
> 
>     ICMP protocol unreachable handling completely disregarded
>     the fact that the user may have locked the socket.  It proceeded
>     to destroy the association, even though the user may have
>     held the lock and had a ref on the association.
> [...]
>     This was because the sctp_wait_for_connect() would aqcure the socket
>     lock and then proceed to release the last reference count on the
>     association, thus cause the fully destruction path to finish freeing
>     the socket.
> 
> This affects kernels v2.6.11-rc2 and above.

Not all, it was fixed in the 2.6.34 kernel, which was released back in
May of 2010.

thanks,

greg k-h

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.