Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 28 Jan 2014 13:49:41 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request Linux kernel: netfilter: nf_nat: leakage
 of uninitialized buffer in IRC NAT helper

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/28/2014 01:48 PM, Kurt Seifried wrote:
> On 01/28/2014 06:30 AM, P J P wrote:
>> Hello,
> 
>> Linux kernel built with the NetFilter Connection 
>> Tracking(NF_CONNTRACK) support for IRC protocol(NF_NAT_IRC), is 
>> vulnerable to an information leakage flaw. It could occur when 
>> communicating over direct client-to-client IRC connection(/dcc)
>> via a NAT-ed network. Kernel attempts to mangle IRC TCP packet's 
>> content, wherein an uninitialised 'buffer' object is copied to a
>>  socket buffer and sent over to the other end of a connection.
> 
>> Upstream fix: ------------- -> 
>> https://git.kernel.org/linus/2690d97ade05c5325cbf7c72b94b90d265659886
>
>>  Reference: ---------- -> 
>> https://bugzilla.redhat.com/show_bug.cgi?id=1058748
> 
> 
>> Thank you -- Prasad J Pandit / Red Hat Security Response Team
> 
> Please use CVE-2014-0025 for this issue.


Argh please reject  CVE-2014-0025 and use CVE-2014-1690 for this
issue, I got the email from Mitre after I hit send (and resynched my
email).

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJS6BflAAoJEBYNRVNeJnmTroYP/jPBxlPGs6O5N3jrz1qfGVli
cE99UxFFWh1HV6fumnNXFqXLuSCzPMO/uGj4bHMZy/b/uJZGHqkew0W/Al2CfS7R
yiJBHkgZNb0ZtfzmkU1sMcs8WrL8YD87yAxJ54zu4pmbelHhEdnMgwbUjZajhVHL
v+whW62HJxKDdUtIWOZbMj3Yl9rLopDYKGsEoYN1NCrDuzz7oZF0Nx6ybuHFTLDL
I4rltoLGzQPnWsTDxAo4WQ8b65bFrvcF4M1J7u+AUIJ8nIxdSsdhwZKc2IXuKFjh
SctPFKni7r7QU8thTCzb1QNDKTsXUza4lTXhWOuSBJRb8Unrln73rucqxeOYQMR5
dynKslbB4bIBPk6Lh3BBsm01NxAedUablI92qYjgSy+mlB7Si+LGQxEg32caeDuE
ZAxuX9bnlj4BxP21e2jgnfH6TKLRBUWUBoc4i6VSUEjdys/xh6RVw8esWlHU3jKS
ZGQX671AAYCrRukf8zq5ElDNlgqeSm9iUfoAfgrNVEgaE97D2N+cTBYKOwhjFMI7
dLLnni1McHPmJ64Vwr24CIAjoV3X3vftYVmWNedALDfF29+vCaLSc9WcwRY9Iu76
xvOm3evYCKAfphU65kuL+dww0DSNF7vLsYu6hYb6fZd5s5gUxrpxednfKsf4FSV3
SrY6piDmrOZnVOGlyjq/
=S7F3
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ