Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 13 Feb 2015 14:56:55 +0100
From: Hector Marco <hecmargi@....es>
To: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE-Request -- Linux ASLR integer overflow

Hi,

It worth metion that the patch was already sent:

https://lkml.org/lkml/2015/1/7/811


Hector Marco.
http://hmarco.org


El 13/02/15 a las 13:26, Hector Marco escribió:
> Hi,
>
> A bug in Linux ASLR implementation for versions prior to 3.19-rc3 has
> been found. The issue is that the stack for processes is not properly
> randomized on some 64 bit architectures due to an integer overflow.
>
> Affected systems have reduced the stack entropy of the processes by four.
>
>
> Details at:
> http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
>
>
>
> Could you please assign a CVE-ID for this?
>
>
>
> Hector Marco.
> http://hmarco.org
>
> Cyber-security researcher at
> http://cybersecurity.upv.es/

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ