Date: Wed, 29 Jun 2011 21:35:19 +0400 From: Vasiliy Kulikov <segoon@...nwall.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Andrew Morton <akpm@...ux-foundation.org>, oss-security@...ts.openwall.com, security@...nel.org Subject: Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) On Wed, Jun 29, 2011 at 10:32 -0700, Linus Torvalds wrote: > On Wed, Jun 29, 2011 at 10:21 AM, Vasiliy Kulikov <segoon@...nwall.com> wrote: > > > > So, with rounded read_characters value it's possible to learn privkey > > length. > > Umm. You can trivially figure that out from the public key lenth > already, can't you? No, the attacker here have no information about the key at all. It tries to authorize with a random key and a random password. -- Vasiliy Kulikov http://www.openwall.com - bringing security into open computing environments
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ