Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 27 Jun 2011 11:22:36 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: Dan Rosenberg <dan.j.rosenberg@...il.com>
Subject: Re: CVE request: kernel: remote buffer overflow in
 bluetooth

On 06/25/2011 07:15 AM, Dan Rosenberg wrote:
> A remote user can provide a small value for the command size field in
> the command header of an l2cap configuration request, resulting in an
> integer underflow when subtracting the size of the configuration request
> header.  This results in copying a very large amount of data via
> memcpy() and destroying the kernel heap. [1]
> 
> -Dan
> 
> [1] http://marc.info/?l=linux-kernel&m=130891911909436&w=2

Please use CVE-2011-2497.

Eugene

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ