|
Message-ID: <Pine.GSO.4.51.0811101307030.6724@faron.mitre.org> Date: Mon, 10 Nov 2008 13:07:16 -0500 (EST) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE request: kernel: Unix sockets kernel panic ====================================================== Name: CVE-2008-5029 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5029 Reference: MLIST:[linux-netdev] 20081106 UNIX sockets kernel panic Reference: URL:http://marc.info/?l=linux-netdev&m=122593044330973&w=2 Reference: MLIST:[oss-security] 20081106 CVE request: kernel: Unix sockets kernel panic Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/06/1 Reference: MISC:http://darkircop.org/unix.c Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=470201 Reference: BID:32154 Reference: URL:http://www.securityfocus.com/bid/32154 The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.