Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 26 Jul 2012 10:54:10 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request -- kernel: recv{from,msg}() on an
 rds socket can leak kernel memory

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/26/2012 09:25 AM, Petr Matousek wrote:
> Two similar issues:
> 
> 1) Reported by Jay Fenlason and Doug Ledford: recvfrom() on an RDS
> socket can disclose sizeof(struct sockaddr_storage)-sizeof(struct
> sockaddr_in) bytes of kernel stack to userspace when receiving a
> datagram.
> 
> 2) Reported by Jay Fenlason: recv{from,msg}() on an RDS socket can
> disclose sizeof(struct sockaddr_storage) bytes of kernel stack to
> userspace when other code paths are taken.
> 
> Both issues end in rds_recvmsg() so one CVE is sufficient.
> 
> Upstream commit: 
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=06b6a1cf6e776426766298d055bb3991957d90a7
>
>  Thanks,
> 

Please use CVE-2012-3430 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQEXYvAAoJEBYNRVNeJnmT2xgP/3/+IXnN0/M36uR/5AtDq/Ds
4EW7tgQ6jCa/VxElIM33SaDhvavgSCVEihmlf59NfhcQkpxZpS2WhXLSJt42rcwc
Sd++3P9M99G2dEWbkxZ58A6JoM8svWUN2s6eVHFRCIjrkBLB3ZUqaQ3IGISOPwNo
fxG2aIIF3g6ELfYgwPaiSBQ1GB5dIy88yPIUgziW+fpILkjUpcLIwGu04+il+Tq7
TLEC7jLXPR4lk3g/ZW1Hhl8Ra4Udc+y9Qw9xNcC0A/ev+R35OofqSNl6GqNUQ6iQ
VYBBDuq+BGZHBSj/3HMcg2szoINipBxkRkwYLYFyiLjtMS0lbNSUIFYelIGO6mac
lQW/B9lm9yqbgMRMCZ27P1BDtRmfJfApYRycGSsJHFZ87j3SMpy2CsLxw9Y3CH2E
38/sYVM3DBsz4a0Di3ci2TFW0+PcT9rpOgBfnLybH8AmNFqM76diIgcd9Er32Mbv
V+EuKLEr2dqigj05FnCuwaB++RUYUytxNwKnKSKzqIwVhNOKxBgQwsMPgCjYamxl
iLCptjcXJZ1qZD1NRvNSjrkJVHEZYr8+4AFhltb977UNXsNCjmCiPDmzekGhK6JH
IrqFjLFVaT1FeSqjxVStj/kMRqTFb0rt2RD7LE615N/ml5XAx8NWSJ7qJuLYK4uL
SEea9Kji1W98/iUIznjm
=5tH+
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ