Date: Mon, 27 Jun 2011 11:22:36 +0800 From: Eugene Teo <eugene@...hat.com> To: oss-security@...ts.openwall.com CC: Dan Rosenberg <dan.j.rosenberg@...il.com> Subject: Re: CVE request: kernel: remote buffer overflow in bluetooth On 06/25/2011 07:15 AM, Dan Rosenberg wrote: > A remote user can provide a small value for the command size field in > the command header of an l2cap configuration request, resulting in an > integer underflow when subtracting the size of the configuration request > header. This results in copying a very large amount of data via > memcpy() and destroying the kernel heap.  > > -Dan > >  http://marc.info/?l=linux-kernel&m=130891911909436&w=2 Please use CVE-2011-2497. Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ