Date: Sat, 14 Feb 2015 09:40:56 -0800 From: Kees Cook <keescook@...omium.org> To: oss-security@...ts.openwall.com Cc: Hector Marco-Gisbert <hecmargi@....es> Subject: Re: CVE-Request -- Linux ASLR integer overflow On Fri, Feb 13, 2015 at 02:56:55PM +0100, Hector Marco wrote: > Hi, > > It worth metion that the patch was already sent: > > https://lkml.org/lkml/2015/1/7/811 I've sent this patch again, after cleaning it up further: https://lkml.org/lkml/2015/2/14/61 Thanks for working on this! -Kees > > > Hector Marco. > http://hmarco.org > > > El 13/02/15 a las 13:26, Hector Marco escribió: > >Hi, > > > >A bug in Linux ASLR implementation for versions prior to 3.19-rc3 has > >been found. The issue is that the stack for processes is not properly > >randomized on some 64 bit architectures due to an integer overflow. > > > >Affected systems have reduced the stack entropy of the processes by four. > > > > > >Details at: > >http://hmarco.org/bugs/linux-ASLR-integer-overflow.html > > > > > > > >Could you please assign a CVE-ID for this? > > > > > > > >Hector Marco. > >http://hmarco.org > > > >Cyber-security researcher at > >http://cybersecurity.upv.es/ -- Kees Cook
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ