Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 3 Jul 2013 18:35:33 +0200
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: Re: CVE Request: Earlier AF_KEY in
	key_notify_policy_flush

On Wed, Jul 03, 2013 at 11:02:13AM +0200, Marcus Meissner wrote:
> Hi,
> 
> Michal Hocko identified an earlier patch for an AF_KEY information leak,
> in nearly the same place as CVE-2013-2234.

URL:
https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40
 
> Due to different time of fix and different researcher probably
> needs a new CVE.
> 
> Ciao, Marcus
> 
> commit 85dfb745ee40232876663ae206cba35f24ab2a40
> Author: Nicolas Dichtel <nicolas.dichtel@...nd.com>
> Date:   Mon Feb 18 16:24:20 2013 +0100
> 
>     af_key: initialize satype in key_notify_policy_flush()
>     
>     This field was left uninitialized. Some user daemons perform check against this
>     field.
>     
>     Signed-off-by: Nicolas Dichtel <nicolas.dichtel@...nd.com>
>     Signed-off-by: Steffen Klassert <steffen.klassert@...unet.com>
> 

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ