Date: Tue, 30 May 2017 12:41:38 +0100 From: Simon McVittie <smcv@...ian.org> To: oss-security@...ts.openwall.com Cc: Roee Hay <roeehay@...il.com> Subject: Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function On Tue, 30 May 2017 at 08:17:54 +0400, Ilya Matveychikov wrote: > When using get_options() it's possible to specify a range of numbers, > like 1-100500. The problem is that it doesn't track array size while > calling internally to get_range() which iterates over the range and > fills the memory with numbers. Is there a realistic way in which an attacker can provide Linux kernel command-line arguments, without being able to achieve arbitrary code execution via those command-line arguments? In other words, is this a security vulnerability, or just a bug? (If the attacker can already achieve arbitrary code execution then this bug does not give them any capability they do not already have.) S
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ