Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 19 Feb 2013 17:44:36 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com, Kurt Seifried <kseifrie@...hat.com>
Subject: Re: CVE request -- Linux kernel: net: CIPSO_V4_TAG_LOCAL
 tag NULL pointer dereference

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/19/2013 05:41 PM, Petr Matousek wrote:
> The skb argument to cipso_v4_validate() is NULL when called via
> the setsockopt() syscall. An local user able to set CIPSO IP
> options on the socket could use this flaw to crash the system.
> 
> Upstream fix: 
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89d7ae34cdda4195809a5a987f697a517a2a3177
>
>  References: https://bugzilla.redhat.com/show_bug.cgi?id=912900
> 
> Thanks,
> 

Please use CVE-2013-0310 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRJBx0AAoJEBYNRVNeJnmTiBwQAJlmqgsWghKYK01u84yZ62HL
wkMK0AXgZdQnv6teM9+33P/VEArPa2oIrZj7JtvLgn8ajM7hL7z+BphJSviZsYl3
lMx/tZRah+XSAxnksDm9q7ZN7BI05tzSMIDaeoKk9x+6WX7xHVc2VfhcUIUOnh/G
FbhSyEIw4LU9Ogj086KAepXqwHht9Ez/LvelP4yXEwd6vKIJgdC3zJ1ff+2GT3M7
tQaWT9OhWlFlxLIEh8X2t7qRbBNjmrNZDRWCnmHfKmN6+SDeWJkhsw9NBaFLscX2
Q5Ti2E1uRGW5XXuphhBQbOhMiOkj9glwu3pqVm+ci4TbWSjNOxThQgEEZa5XIrdJ
uMaW6ENMQT9GqF393R9cM0mU93WK2qTWq879o7hvgERxboboYYcP1MdLho0qORUL
rTR3sjkw1GlALHJ8iqMCo2NF2XF1bWl6X4Dh/J8d5bNMWHRhK7nlfL+weN/7BtLz
h+mfUholnRJQ/aokIsYS2IPK0xOqn0bTKsOwBxAo9v5qU9MZWrODLp1L14uYht9E
mrmLaeXDRbpzCADUBKCzlHo5CmUPNxBceTBKQLZNvzcH9aAmAeJZ+tZLocz2Q87l
AahSKmmNdJd3SVorjcbU1jBp8GE6CQ4+bE+ElsGdplEYrabUKXMQoIouyG3e/s4w
aejzDsAENgdsjYW68f81
=f/iD
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ