Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 9 Jul 2013 12:03:40 -0700
From: Tyler Hicks <tyhicks@...onical.com>
To: oss-security@...ts.openwall.com
Cc: Chanam Park <chanam.park@...co.kr>
Subject: Linux kernel libceph NULL function pointer dereference
 (CVE-2013-1059)

Chanam Park discovered that a crafted auth_reply message could cause a
NULL function pointer dereference in the libceph auth_none handler. A
remote attacker could use this flaw to cause a denial of service.

If a malicious Ceph monitor sends an auth_reply message with the value
of -EAGAIN in the result field, ceph_build_auth_request() will call the
ceph_auth_client_ops->build_request() function pointer without checking
to see if the build_request() pointer is NULL. The auth_none handler
does not initialize its build_request() pointer.

See http://hkpco.kr/advisory/CVE-2013-1059.txt for more information.

The fix can be found in the upstream ceph-client.git tree:

https://git.kernel.org/cgit/linux/kernel/git/sage/ceph-client.git/commit/?id=2cb33cac622afde897aa02d3dcd9fbba8bae839e

Tyler


Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.