Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 08 Apr 2009 15:58:55 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: Willy Tarreau <w@....eu>
Subject: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user
 frame size

{nr,rose,x25}_sendmsg() functions need to have sanity checks on the
packet size, otherwise the sizes can wrap and end up sending garbage.

http://bugzilla.kernel.org/show_bug.cgi?id=10423
http://git.kernel.org/linus/83e0bbcbe2145f160fbaa109b0439dae7f4a38a9
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1265

This affects both 2.4.x and 2.6.x if CONFIG_{NETROM,ROSE,X25} are enabled.

Thanks, Eugene
-- 
Eugene Teo, RHCA, RHCSS / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.