Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 27 Dec 2011 22:36:41 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Eugene Teo <eteo@...hat.com>, Moritz Muehlenhoff <jmm@...ian.org>,
        Vasiliy Kulikov <segoon@...nwall.com>
Subject: Re: Status of two Linux kernel issues w/o CVE assignments

On 12/24/2011 02:53 PM, Eugene Teo wrote:
>>> 2: /proc/$PID/{sched,schedstat} information leak
>>> Vasiliy Kulikov of OpenWall posted a demo exploit.
>>> http://openwall.com/lists/oss-security/2011/11/05/3
>>>
>>> AFAICS no CVE ID was assigned to this?
>> I believe we are not assigning CVE's for these types of proc related
>> issues, some discussion was had:
>>
>> https://lkml.org/lkml/2011/2/7/368
>>
>> http://www.google.com/custom?domains=lkml.org&q=%2Fproc%2F+leaks
>>
>> but I'm not sure what the outcome is. CC'ing Eugene Teo.
===========
> IIRC, it's an issue but there's no resolution as existing code may break.
>
> There are also,
> /proc/{interrupts, stat}
> https://lkml.org/lkml/2011/11/7/340
Please use CVE-2011-4915 for this issue.
>
> /dev/pts/, /dev/tty*
> https://lkml.org/lkml/2011/11/7/355
Please use CVE-2011-4916 for this issue.


>
> I have not checked the status of these issues. Vasiliy, kindly shed some
> light.
>
> Happy holidays.
>
> Eugene


-- 

-Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.