Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Jan 2014 13:48:10 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request Linux kernel: netfilter: nf_nat: leakage
 of uninitialized buffer in IRC NAT helper

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/28/2014 06:30 AM, P J P wrote:
> Hello,
> 
> Linux kernel built with the NetFilter Connection
> Tracking(NF_CONNTRACK) support for IRC protocol(NF_NAT_IRC), is
> vulnerable to an information leakage flaw. It could occur when
> communicating over direct client-to-client IRC connection(/dcc) via
> a NAT-ed network. Kernel attempts to mangle IRC TCP packet's
> content, wherein an uninitialised 'buffer' object is copied to a 
> socket buffer and sent over to the other end of a connection.
> 
> Upstream fix: ------------- ->
> https://git.kernel.org/linus/2690d97ade05c5325cbf7c72b94b90d265659886
>
>  Reference: ---------- ->
> https://bugzilla.redhat.com/show_bug.cgi?id=1058748
> 
> 
> Thank you -- Prasad J Pandit / Red Hat Security Response Team

Please use CVE-2014-0025 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJS6BeJAAoJEBYNRVNeJnmTDLMP/2y+jDme/VhuTwR5niOBIIkd
pSssyobeNdxFYBNMf9CfRMOsA1qm1HwPn0V7zE6I6+RKb+pxB6ywnZE/1EkqvHCv
7LU02JZAEGXe1d1uoZ+KaXlCuRk6ppDITJ+aPix3aqJBLlE5varGjzzZcPNpgFLv
OJQLyy6WMZu/nMMY0pxcztkgs35ym+y59II9X8pvIXHmQMID1ACd61lYeGyyo5ZW
r5dQB8lddFLU8XOQVkIYN6J/A5aZO0V30XaNur0yJSwyGLp/7McgPt7GL6fY/lHJ
AzmYpNMjJCkE9AqaSuUFfLuxbCg/wXijSF0kuvqFYaimt7Whsul4WaUt1w3kWVQH
Z+kdQ0uTxCrTT/gOC29oJUWwX5HxW0w7PIkSXin42EZeaMPcmvGKOjwsvOgalN+V
e68TgkGQQTT/qRmujvuzwMt103HP1klO2Zl8wfNZIPzy5ZaVUc7AYRUiVqbjC83p
GGqYy87JX8veuoz8zetHV1PZ7bcy8fEBVDlQIylT+kVtXXa8POg7WnkuV+ktkbKR
c3Mly+c9q7GIZD3wxK9xL1K61DdT2TgLlFt5bCuV9tQZH/iwVqCALlyK007MK9Zq
I29oxI6+z64gx3r+rwd844hmr+5AEyJTyQGi4DSA/a9wDBqcOpmTTnmDW86sPb1p
kOqiN5h6K8fuJhP+Pdkn
=R2KD
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ