Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 31 Aug 2012 11:49:44 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request -- kernel: net: slab corruption due
 to improper synchronization around inet->opt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/31/2012 10:11 AM, Petr Matousek wrote:
> Description of the problem: Lack proper synchronization to
> manipulate inet->opt ip_options can lead to system crash.
> 
> Problem is that ip_make_skb() calls ip_setup_cork() and
> ip_setup_cork() possibly makes a copy of ipc->opt (struct
> ip_options), without any protection against another thread
> manipulating inet->opt. Another thread can change inet->opt pointer
> and free old one under us.
> 
> Given right server application (setting socket options and
> processing traffic over the same socket at the same time), remote
> attacker could use this flaw to crash the system. More likely
> though, local unprivileged user could use this flaw to crash the
> system.
> 
> Upstream fix: 
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f6d8bd051c391c1c0458a30b2a7abcd939329259
>
>  Thanks,

Please use CVE-2012-3552 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQQPk3AAoJEBYNRVNeJnmTr4MQAN43Jo7Nzj0XlElHltuXQLip
jLGxHN+TuetYh93t6Uw1l2x6uH87a69BRrWoBe8uiihmp0QdGiVfzVeFLEtD7wQW
ScoXrghc9ru1fz+eZVkmB/f5/jMc4B+Yl/leqVGp+Eab8BLavdrUibQTAXOs7nmD
vAMN95nCgEoTTiKQnf0HnSxYY67cv29duTvWpDE9N5Qr+Vf2x+0uyuXhpyPhp/ZE
94n7cOHiimJ7hEEXafPKAjcohxvU3WhzvpbHtZ7gNNaTQfq3LRrt7E64NZKXsner
Y3F7Q6yvN8t+96fTYqTJeRG6MJwCDLs/m2d1v1ynO+CMjsQTKLM3d+9AeBOY/RBC
uhFtKVJe/CCokPs3+c08659ecvC+Usf+XooBiHP2tr2IKby/suBdKJXqiF9str7j
RIpuUVS7QDKiz+73R4XXQF3K0bB2FXP7sGnFvmyWkYoyqtZUxEf2IE+svNHDPEyD
350n6A5QHwloL1adkQ36eSX8vLLHs1Q9zYNOBhkGMHjahz+MQuUUzlDjJJq7ysNl
+QwKbdtyoTBD0P8VfbQHrt9uw86DxaJTJMJnuEy0Xz3utPy2ysC+ogo6tvn3/nTR
pOL4Qeov82jci72oicw7Wna5mrLB4x3j3sxXbZ3Nv88J0CxRmSd3exhe0qZoDNoX
C3TaxTH3xMFkEExW/aW5
=OvkL
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ