Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 30 May 2017 12:41:38 +0100
From: Simon McVittie <smcv@...ian.org>
To: oss-security@...ts.openwall.com
Cc: Roee Hay <roeehay@...il.com>
Subject: Re: Linux kernel: stack buffer overflow with
 controlled payload in get_options() function

On Tue, 30 May 2017 at 08:17:54 +0400, Ilya Matveychikov wrote:
> When using get_options() it's possible to specify a range of numbers,
> like 1-100500. The problem is that it doesn't track array size while
> calling internally to get_range() which iterates over the range and
> fills the memory with numbers.

Is there a realistic way in which an attacker can provide Linux kernel
command-line arguments, without being able to achieve arbitrary code
execution via those command-line arguments?

In other words, is this a security vulnerability, or just a bug?

(If the attacker can already achieve arbitrary code execution then
this bug does not give them any capability they do not already have.)

    S

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ