Date: Wed, 29 Jun 2011 14:00:08 +0800 From: Eugene Teo <eugeneteo@...nel.org> To: oss-security@...ts.openwall.com CC: Josh Bressers <bressers@...hat.com> Subject: Re: CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) On 06/29/2011 04:22 AM, Josh Bressers wrote: > ----- Original Message ----- >> >> It can be used to learn ssh and ftp password length. If privsep is >> enabled in openssh and vsftpd, the unprivileged process' activity very >> precisely shows password information. >> >> For vsftpd read characters count is strlen("USER username\r\n") + >> strlen("PASSWD pass\r\n") + 1, where 1 is one byte read from a pipe >> related to a privileged parent. If measure statistics between user and >> passwords commands, actual password length and username length can be >> gathered. >> >> For ssh, vice versa, networking activity is constant in packets length, >> but interprocess communications, specifically passwords, depend on user >> input. >> >> For ssh pass_len = wchars - CONST, for vsftpd pass_len = rchars - >> CONST. >> >> Another daemons with more or less constant io activity might be >> vulnerable too. PAM greatly complicates precise measurements. >> >> >> I think it needs 2 CVE, one for /proc/PID/io and another for >> taskstats. >> >> https://lkml.org/lkml/2011/6/24/88 >> > > I can't find a nice description of both issues. Can you give me one or two > sentence explanations with a few references for the CVE database? > > Once I have those I'll give it two IDs. I have assigned the CVE names for these two issues. Thanks, Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ