Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri,  3 Jun 2016 11:10:04 -0400 (EDT)
From: cve-assign@...re.org
To: kangjielu@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, taesoo@...ech.edu, csong84@...ech.edu
Subject: Re: CVE Request: tipc: an infoleak in tipc_nl_compat_link_dump

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> In function tipc_nl_compat_link_dump of file net/tipc/netlink_compat.c,
> link_info.str is a char array of size 60. Memory after the NULL
> byte is not initialized. Sending the whole object out can cause
> a leak of sensitive info in kernel stack.
> 
> https://patchwork.ozlabs.org/patch/629100/
> https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=5d2be1422e02ccd697ccfcd45c85b4a26e6178e2

Use CVE-2016-5243.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXUZw5AAoJEHb/MwWLVhi2+IoP/22pu8mdKyqH4/UuIFtGLmfl
ymJ+oHCNz6O/3cy9YbBSkkmNMDvwng1UW6+Gtyn4GjaJqFdhYDNCRZuwdXg+u/eP
WoF2maZ8jo882luNajmzoaQAkjxjlsB/OqJZP47yKpoGwbgqvjdr5xfg0qvP6RIV
vw0qZYfqZZan4rtr9dE3MolpIHP0AEXPTuNHZeCrtuyfTagJjCOD+dr1UuRKIXll
zfvbSH1074IHgGExx4USTVx5/oAkfATy5wxqWtq/fRxvJno/5+I154bOknRI5mj5
GmhY0BIpWACUiOaoyN1aM34usXMNvtWuYqJo0s+mZgOkTn5c0W6O7bSswyJcLpjE
F0b8xkWs3PlpajNMZBbpzw00NTadviVhBroF/Ef4oDV5IaCab83A368MESS3RJHF
W0WFDhlnTMpUqZeiWN55seh25vwEp0zff98a0cpaToj8b+OOwHD0qGhRQ9LPNydw
18CndQnJk+upioqEgmWvwRT9UPfoN4MCVyW6zeMP0IO4nCJjlZ8QW980u1zz2Wx4
2raWb9cMh2ipURwb+k5OfTAVM97TMarppWIBb+WIMrzKDGpv/OUGU/Hn8ZpxZsGF
vesvNFDSl3ydlZdBuL0lkvXC4HiW/Bc121bovocuUYecpo8ZRn1/fViCHfir/d4S
ZL3a1PZlbuY02U3vHp3o
=uadr
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ