Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 15 Dec 2015 13:15:07 -0500 (EST)
From: cve-assign@...re.org
To: meissner@...e.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: Linux Kernel: information leak from getsockname

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> http://twitter.com/grsecurity/statuses/676744240802750464
> https://lkml.org/lkml/2015/12/14/252
> http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1

(not yet available at
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/drivers/net/ppp/pptp.c)

> getsockname() for some socket families did not check the length of the passed sockaddr,
> copying out more kernel memory than required, leaking information from the kernel stack,
> including kernel addresses. This can be used for KASLR bypass or other information leaks.

Use CVE-2015-8569 for both the pptp_bind issue and the pptp_connect
issue. (We don't know whether the pptp_connect issue would've been
exploitable if only the pptp_bind issue were fixed.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWcFbvAAoJEL54rhJi8gl5ipsQALG7+8zUMjL85EDHbBd6N5CC
sLcprIeZvir4u9alc/ElVojU3QYChlJumkHRB0BAxhVmUkrGbn6P0BEilbEff5vm
L5VHhBkFhNSxcJtx1cehUOQOuxyQ0phiol5JojOjXAhXwTZbhMyVCuiw7qdP3OJj
ltdLTon3a0Ctt5MPZSGCHJzDCCheUd9cVdpbzM1ynPIZPiRookaSt34SRDit8ADg
9pybsyev7KV0eanVPB1iaxej5HEu4B2KUYwzA/5Y2g1Qx51R9GpwcPqw7OKXjoMe
gu0JKbHmbVxj3oHl+GcMZaNEhsO5lRJ5qJ5ulq+MtAQ2rFpAaYlP/uFmm0A3J6Gz
r0BqKs4R2zc1fo4/aB5ieTKBeVHjj5xIXyGOhjHqyBkpVKwS7dOAoDq9jT6f6an4
Ibavbs0vk4imUOg6dfU3tvstvN++j2iEgK7OPuI68YQvu47PiaEYGm+uuZeFtASs
ZDWekpHPfHAsrUADaSx6aO8s7k1/fSzKSf+KnI3Sf9DPjiCA7mMEM5xo/epiEqZk
nMlwju5T2iChN7/q61LLnJPoilfdkpwruayM0xNs/SVmfkvKXmQt6R7ykfhLe1eu
Byg1HcyTZV5jiQOqUI2nWTuTiqTDRUKS0qjHmO7bfnA/7lzId8ilCZfyt6IwciV4
YccJUdQEqfUy1+I5unzr
=bV38
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ