Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 04 Jan 2011 14:33:04 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable
 and connect()

http://git.kernel.org/linus/50b5d6ad63821cea324a5a7a19854d4de1a0a819
https://bugzilla.redhat.com/CVE-2010-4526

commit 50b5d6ad63821cea324a5a7a19854d4de1a0a819
Author: Vlad Yasevich <vladislav.yasevich@...com>
Date:   Thu May 6 00:56:07 2010 -0700

sctp: Fix a race between ICMP protocol unreachable and connect()

     ICMP protocol unreachable handling completely disregarded
     the fact that the user may have locked the socket.  It proceeded
     to destroy the association, even though the user may have
     held the lock and had a ref on the association.
[...]
     This was because the sctp_wait_for_connect() would aqcure the socket
     lock and then proceed to release the last reference count on the
     association, thus cause the fully destruction path to finish freeing
     the socket.

This affects kernels v2.6.11-rc2 and above.

Thanks, Eugene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ