Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 14 Feb 2015 09:40:56 -0800
From: Kees Cook <keescook@...omium.org>
To: oss-security@...ts.openwall.com
Cc: Hector Marco-Gisbert <hecmargi@....es>
Subject: Re: CVE-Request -- Linux ASLR integer overflow

On Fri, Feb 13, 2015 at 02:56:55PM +0100, Hector Marco wrote:
> Hi,
> 
> It worth metion that the patch was already sent:
> 
> https://lkml.org/lkml/2015/1/7/811

I've sent this patch again, after cleaning it up further:
https://lkml.org/lkml/2015/2/14/61

Thanks for working on this!

-Kees

> 
> 
> Hector Marco.
> http://hmarco.org
> 
> 
> El 13/02/15 a las 13:26, Hector Marco escribió:
> >Hi,
> >
> >A bug in Linux ASLR implementation for versions prior to 3.19-rc3 has
> >been found. The issue is that the stack for processes is not properly
> >randomized on some 64 bit architectures due to an integer overflow.
> >
> >Affected systems have reduced the stack entropy of the processes by four.
> >
> >
> >Details at:
> >http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
> >
> >
> >
> >Could you please assign a CVE-ID for this?
> >
> >
> >
> >Hector Marco.
> >http://hmarco.org
> >
> >Cyber-security researcher at
> >http://cybersecurity.upv.es/
-- 
Kees Cook

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ